Every year we become increasingly connected online and more reliant on technology. And why wouldn’t we? Social media helps us keep in touch; Alexa and Google answer all our questions; digital maps point us in the right direction; and apps make it easy to do…just about everything.
But all that connection can come at a cost to our privacy and security. And unfortunately, you’re a target: In 2021 alone, middle-aged and older adults accounted for 60% of victims of Internet crime and lost over $4 billion to hackers and scammers, per a report from the FBI Internet Crime Complaint Center. Hackers are always finding innovative ways to sneak into our lives and steal valuable data that makes up our digital footprint, from posing as tech support people to inundating us with dangerous links.
Luckily, you don’t have to be a tech pro (or anything close) to protect yourself and your loved ones from digital disasters. Start with this guide to learn which threats should be top of mind for you and how you can build a stronger cybersecurity shield in seconds.
Is my phone listening to me?
If you’ve ever talked about something only to see an ad for it pop up on your screen a moment later, you’ve probably at least wondered whether companies could be spying on you. In fact, more than 40% of Americans who have a smartphone believe their device is recording them without their permission. But is this actually possible?
David Choffnes, Ph.D., a computer science professor and executive director of the Cyber-security and Privacy Institute of Northeastern University, says he gets this question a lot. From 2017 to 2018, he and his team analyzed more than 17,000 Android apps and did not find a single example of an app covertly activating a phone’s microphone to collect audio recordings.
While it’s theoretically possible that apps could turn on your mic, have artificial intelligence (AI) transcribe what you’re saying and convert that into data for advertisers, it would take a lot of processing power, says Choffnes. The reality is that there are far more effective ways to collect troves of data on you — and they’re much more revealing and widespread.
In fact, the Internet is virtually covered with tracking technology. As you explore, these tools may record your screen, Web searches and interests as well as what you click on, “like,” look at and buy.
We often inadvertently share data from GPS tracking on our phones with companies when we download and use apps, allowing them to log where we go and see who we spend time with in exchange for turn-by-turn directions and local deals.
So, say your friend told you she was off to Cancún and now you’re getting ads for tourism packages with images of white-sand beaches. She also might have been searching for flights to Mexico while connected to your home Wi-Fi, and now her searches are connected to you — that could lead to your having ads for a similar trip appear on your screen. (One way to prevent this is to go to myadcenter.google.com and turn off personalized ads.)
Perhaps your phone isn’t recording your voice 24/7, but Amazon’s Alexa most definitely is when you wake her up — and that intel can be used for targeted ads. “One issue here is that people may not be aware that what they say is being recorded and used for profiling and/or ad targeting,” says Choffnes. “When we think of an ‘assistant,’ we might think of a conversation with an individual trying to help us, not some system that is analyzing our voice interactions for monetization and potentially sharing this data with other parties.”
By default, voice transcripts can be collected by third parties and shared with advertising partners. But you can opt out.
The bottom line: That nagging feeling that your phone is listening to you hints at a much larger phenomenon: We are being tracked by a huge data-collection network, and companies are gathering much richer data on you than they could if they were just a fly on the wall. They’re also making billions on it.
A rapidly growing industry of gathering, storing and analyzing loads of data.
How do companies make money off my data?
Your “data” — the information available online and in apps that includes your age, health status, income, interests and more — is quickly becoming one of the most valuable assets for advertisers.
Here’s how it works: Much of the most telling data — like where you go with your phone — comes from mobile apps. With these apps, third-party companies put together as much data on you as they possibly can: your phone’s advertising ID (a code used to identify your unique device), your GPS location and any demographic or personal info you’ve shared with the app and those it’s linked with. They use these data points to assemble a digital dossier and then send that to companies hired by advertisers to target you.
In a fraction of a second, you go up for auction — and the highest bidder wins the opportunity for its ad to appear on your screen, explains Jane Hoffman, a Harvard fellow and author of Your Data, Their Billions: Unraveling and Simplifying Big Tech.
Maybe targeted ads don’t seem like a big deal. “But it matters, because your data can be used against you,” says Hoffman. Data brokers aren’t just in the advertising business — they also sell the power to mine your personal history, to find and follow you and to predict and influence behavior on a massive scale.
According to a 2021 report from Duke University’s Cyber Policy program, data brokerage activity in the U.S. is a “virtually unregulated practice.” Profile collection could be used to discriminate against people, while sensitive information like where you live and work — readily available on people-search websites — can be used by stalkers and abusers. And inaccurate data, which is hard to correct, has damaged people’s credit, blocking them from buying houses and getting jobs.
Eight in 10 people are concerned about how much data companies are collecting on us and believe the risks outweigh the benefits, per a 2019 Pew Research Center study. We deserve default settings that automatically put us in control of our data and allow us to consent meaningfully to how it’s being collected and used. But for now, it’s on us to adjust our settings and choose apps, products and browsers that block digital spies.
How to protect your privacy
Reduce the flow of personal information from your devices with these general steps.
ON YOUR PHONE
✔️ Limit location tracking.
Tell apps to stop collecting digital breadcrumbs on your every move — or to do so only when you actually need GPS.
- iPhone: Settings > Privacy > Location Services > Turn Off, or adjust by app
- Android: Settings > Location > App Location Permissions > Turn Off, or adjust by app
✔️ Tell apps to stop asking about tracking.
Give an automatic “no” to tracking requests.
- iPhone: Settings > Privacy > Tracking > Turn Off Allow Apps to Request to Track
- Android: Settings > Privacy > More Privacy Settings > Ads > Delete Advertising ID
✔️ Adopt digital minimalism.
Delete apps you don’t use, and download only new ones that score high on privacy.
- Apple App Store: Review apps’ privacy pledges with Privacy Nutrition Labels.
- Google Play: Check out apps’ Data Safety sections under their descriptions.
ON YOUR VIRTUAL ASSISTANT
✔️ Delete your voice history.
Apple Siri and Google Assistant keep audio recordings only if you opt in to improve their services, but you have to opt out to stop Alexa from keeping them.
- Apple Siri: In Home app, go to Settings > Siri History > Delete Siri History
- Google Assistant: Ask, “Hey Google, are you saving my audio data?”
- Amazon Alexa: In-app, go to Settings > Alexa Privacy > Manage Your Alexa Data > Voice Recordings > Opt in to Enable Deletion by Voice, then say “Alexa, delete everything I’ve ever said.”
ON YOUR COMPUTER AND LAPTOP
✔️ Use a pro-privacy browser or a tracker blocker. Switch to a browser like Safari or Firefox to better protect your privacy, or add a tracker blocker such as Privacy Badger or uBlock Origin to keep more of your data to yourself.
How worried should I be about data breaches?
When you get the letter or email from a company letting you know you’ve
been a victim of a data breach, you might wonder, Should I be concerned about a hacker racking up thousands on my credit card or taking out fraudulent loans? And if so, how can I stop them?
After a data breach, your info can be shared and sold on the dark Web or used for identity theft. You can find out how many breaches you’ve been involved in by searching for your email address on haveibeenpwned.com (“pwned,” pronounced “poned,” is gamer-speak for being “owned,” or controlled or coerced into doing something).
Reduce your risk by changing the passwords for compromised accounts, setting up multifactor authentication, monitoring your bank and credit card accounts closely and upgrading your digital security.
How secure is AI?
Artificial intelligence, or AI, has been in the news recently because of the rise of chatbots like OpenAI’s ChatGPT, Google’s Bard and Microsoft’s Bing AI. It can also be found in self-driving cars, smart home devices and patient portals used by the health care industry.
While these systems bring a host of benefits, there are of course concerns. And because AI is becoming more prominent and available, more individuals could be vulnerable to incorrect AI-generated information or privacy and security risks like phishing and other cyber crimes, explains Good Housekeeping Institute Chief Technologist and Executive Technical Director Rachel Rothman.
Because the technology is still developing, laws governing how AI is used are a work in progress. As is the case with any new tech, GH experts recommend being cognizant of where you input personal data and staying skeptical about AI-generated advice from chatbots.
Three easy ways to protect your most sensitive accounts
✔️ Keep your operating system and apps up to date. When a pop-up says it’s time for another security update on your device, do it! And make sure you have the most recent anti-virus software installed.
✔️ Use multifactor authentication. This creates an extra step when logging onto email, banking and social media accounts so you prove it’s really you (keeping hackers out) with a code sent via email, text or an authentication app.
- iPhone/Apple: Go to Settings > Your Name > Password & Security > Turn on Two-Factor Authentication.
- Android/Google: Go to safety.google/authentication
✔️Create stronger passwords. A password manager like 1Password can help. You need to remember only one password; the app generates passwords for all your accounts that are locked inside it. Your next best move is to strengthen passwords by using 12 or more characters and random words and numbers.
*Additional reporting by Elizabeth Berry