Shrinking your digital footprint: a checklist by Kaspersky | Kaspersky official blog

Shrinking your digital footprint: a checklist by Kaspersky | Kaspersky official blog

/in

In today’s world, having an online presence is practically unavoidable. More and more of our daily lives happen online, and unless you’re a sailor out at sea or a forest ranger, living completely offline is a rare luxury. It’s estimated that each of us generates roughly two to three gigabytes of data every hour through our smartphones, IoT devices, and online services. So, it’s no wonder that, for example, around 70% of Americans are concerned about the government collecting their data, and a staggering ~80% worry about corporations doing the same. Today, we explore where and how our everyday actions leave digital trails, and what we can do about it.

Your morning routine: how your smartphone and browser track you

You wake up, check the weather, maybe scroll through some reels, like a few posts, and check your commute to see the possible traffic jams. When it comes to social media privacy settings, it’s pretty straightforward: you tweak them so your parents and colleagues don’t get a heart attack from your edgy humor. Our Privacy Checker website can help with that. But it gets trickier with geolocation data, which seemingly everyone wants to collect. We’ve already dived deep into how smartphones build detailed profiles on you, and explained what geolocation data brokers are and what happens when their data leaks.

Just imagine: about half of popular Android apps ask for your geolocation even though they don’t need it. And by default, Chrome and Safari allow cross-domain cookie tracking. This lets advertising networks build detailed user profiles for personalized ads. Pretty much all of your smartphone’s telemetry is used to create a thorough consumer portrait — no need for customer interviews or focus groups. The best marketer is in your pocket, but it’s not working for you. What should you do?

Normal measures

  • Head to Settings → Privacy → Permission Manager. From there, disable background access to the device’s location for messaging apps, weather widgets, and any other apps that needn’t be tracking your movements in the background.
  • Go to Settings → Privacy & Security → Tracking and turn off Allow Apps to Request to Track. Also, in newer iOS versions, under Settings → Privacy & Security, you’ll find a Safety Check section. This is a great place to review and adjust app and user access to your data, and even reset all access types in an emergency.
  • You can minimize tracking by following the instructions in our post What Google Ad Topics is, and how to disable it.
  • Enable Prevent cross-site tracking in Safari’s privacy and security settings on both your mobile devices and computers. Then, in the advanced settings, turn on Use advanced tracking and fingerprinting protection for all browsing.

Paranoid measures

  • Consider getting a Google Pixel and flashing it with GrapheneOS modified firmware that has Google Play Services disabled. Alternatively, research if AOSP firmware is available for your current Android phone. AOSP gives you a bare-bones Android experience where you choose exactly which services to install.
  • Enable Lockdown Mode (found under Settings → Privacy & Security). While it significantly limits functionality, it drastically reduces your chances of being tracked or having your iPhone compromised. We’ve covered this mode in detail in our article Protection through restriction: Apple’s new Lockdown Mode.
  • Set up a local DNS filter: for example, Pi-hole can block more than 280,000 trackers. Alternatively, you can install browser extensions like Privacy Badger for Firefox, Opera, Edge, and Chrome. Many modern routers also allow you to configure DNS filters that can block most ad network traffic on websites. For more on this, check out our post Why you should set up secure DNS — and how.

Hitting the road: the dangers of connected cars

You’re ready for your commute, hop into your car, hit the ignition… The system automatically plays your favorite playlist and has your loved ones on speed dial. Convenient, right? Absolutely, but there’s a caveat. Modern vehicles can transmit a staggering 25 GB of (your!) data per hour!

This creates two categories of problems. First, connected cars are often easier to hack because automotive manufacturers generally have a less-than-stellar approach to cybersecurity. While compromising a car’s onboard systems doesn’t always lead to theft, many vulnerabilities allow attackers to track you, or even remotely control your vehicle. For instance, in November 2024, a vulnerability was discovered in the Mazda Connect onboard system that allowed attackers to execute arbitrary code with root privileges. Before that, significant vulnerabilities were found in vehicles from Kia, Tesla, Jeep, and dozens of other carmakers.

Second, car makers themselves often enthusiastically monitor owners of the vehicles they sell and resell that collected data to data brokers and insurance companies.

What to do?

Normal measures

  • Dive into your car’s smart features menu and disable any that you don’t actively use or need.
  • Install an immobilizer that breaks the data bus connection. Some vehicles come with one built-in, but if yours doesn’t, consider a third-party immobilizer.
  • Regularly update your ECU firmware through official service centers. This helps patch known vulnerabilities, though it’s worth noting that new, undiscovered vulnerabilities could emerge with updates.

Paranoid measures

  • If you’re serious about minimizing data collection, consider buying a used car with minimal data-gathering and transmission capabilities. The absence of its own cellular module (GSM/3G/4G) in the car is a reliable sign that you’re on the right track.
  • Embrace public transport or cycling!

Lunch time: the hidden dangers of delivery apps

That much-anticipated lunch break is the perfect time to unwind… and leave a few more digital footprints. Whether you’re ordering coffee through an app or checking in to your favorite bakery on social media, you’re constantly adding to your online profile. This includes your location, payment details, and even your order history from delivery apps.

Food delivery apps, in particular, are incredibly data hungry. On average, they collect 21 categories of personal data, and a staggering 95% of this information is directly linked to your identity. Much of this data doesn’t stay with the delivery service; it gets sent elsewhere. Uber Eats, for instance, shares 12 out of 21 collected data points with partner companies, including your phone number, address, and search and order histories.

What’s more, food delivery services can experience data breaches. When that happens, your personal information — everything from your name, phone number and address to your shopping list and order costs — can end up exposed.

So, it’s clear: we need to do something about this too.

Normal measures

  • Check your app’s location settings. Instead of granting always-on access, switch it to “only while using the app”. If you’re extra cautious, you can turn off location services entirely and manually enter your address.
  • Unless the app’s core features genuinely require it, don’t let delivery services access your contacts, gallery or messages.

Paranoid measures

  • Set up a burner email address and use a different name for all your food orders. Even more radically, consider a second smartphone exclusively for delivery apps and other potentially risky applications.
  • Avoid providing your exact apartment number. Meet the courier at the entrance to the building instead. This can prevent your precise living location from being linked to your spending habits in case of a data breach.
  • Opting for cash payments ensures your purchase details aren’t stored in a payment system profile.
  • For a drastically reduced digital footprint, skip electronic lunch ordering altogether. Grab some cash, leave your phone at the office, and head to a local eatery. No phone means no GPS tracking, and cash transactions leave no digital trace whatsoever. While this won’t make you completely invisible (security cameras are still a thing!), it significantly shrinks your digital footprint.

Home sweet home: what your smart devices know about you

There’s nothing quite like relaxing at home after a long day. You ask your voice assistant to turn on the lights or recommend a movie. Smart speakers, TVs, robot vacuums, and other gadgets certainly make life easier. However, they also create a host of vulnerabilities for your home network, and often have questionable privacy practices. For instance, in 2023, Amazon faced a $25 million fine for retaining children’s voice recordings and other privacy violations related to Alexa.

And it’s not just corporations misusing voice assistant capabilities. Surveillance cameras, smart plugs, and even smart kettles are frequently hacked — often being roped into botnets for DDoS attacks. There have even been unsettling cases where malicious actors gained access to home cameras, using them for surveillance or pranks like speaking through a compromised baby monitor.

Normal measures

  • Dive into your smart home management app (Google Home, Apple Home, the Alexa app, and so on) and look for sections titled Privacy or similar. Turn off options that send your voice recordings for analysis. For Alexa, this is typically Use of Voice Recordings. For Google Assistant, opt out of the quality improvement program. Enable automatic deletion of your voice history. You can also manually clear your query history. With Alexa, just say, “Alexa, delete everything I said today”. For Google Assistant, manage and delete recordings through your Google account. This significantly reduces the amount of data stored.
  • Every smart speaker has a microphone mute button. If you don’t need the assistant, especially during private conversations, hit that mute button.
  • Laptops and some smart cameras come with built-in privacy shutters or covers. Use them! It’s a simple way to prevent unwanted peeping.
  • Many smart TVs allow you to disable the collection of viewing statistics (often called ACR). It’s a good idea to turn this off to stop your TV from sending reports about every channel you flip through.
  • Modern routers often let you set up a secondary or guest Wi-Fi network. Connect all your IoT devices to that network. This prevents the gadgets from “seeing” your main computers and phones on your home network. Even if one of your smart devices gets hacked, the attacker won’t be able to access your personal data. Plus, it makes it easier to cut off internet access to IoT devices when they’re not in use.
  • Use a strong, unique password for every device. When you first set up a smart device, always change the default login and password. A reliable password manager like Kaspersky Password Manager can help you generate and store secure passwords.

Paranoid measures

  • The most drastic option is to completely abandon voice assistants and cloud-based smart home services. Flip those light switches manually, and use mechanical timers for your appliances. The fewer microphones and cameras in your home, the more peace of mind you’ll have. If you absolutely must have an assistant, consider offline alternatives. There are open-source projects like Mycroft AI that can be configured to process commands locally — without sending data to the cloud.
  • If you’re concerned about covert listening, consider purchasing a bug detector – if it’s allowed in your country. These devices help locate hidden cameras and microphones when, for example, you suspect that a smart light bulb is actually a spy cam. You can also check the four ways to find spy cameras, which we described earlier.
  • During confidential meetings, either unplug suspicious gadgets or remove them from the room entirely.
  • Look for IoT devices that can function autonomously. Examples include cameras with local storage that don’t stream to the cloud, or smart home systems built on a local server like openHAB where all your data stays right in your home.

Takeaways

In today’s digital world, your data is a valuable commodity. While it’s impossible to completely erase your digital footprint, that doesn’t mean you should give up doing what you can. By staying aware and implementing smart security measures, you can control a significant portion of your data exposure. The extra protection services found in Kaspersky Premium can further enhance your privacy and payment protection. And our Privacy Checker website offers a wealth of comprehensive guides: these cover privacy settings for smartphones, computers, social networks, apps, and even entire operating systems. Whether you’re looking for simple adjustments or more thorough security measures — we’ve got you covered.

While achieving absolute anonymity often requires an extreme, almost paranoid level of effort, while most people don’t need anonymity, adopting even the “normal” measures from our recommendations will significantly limit the ability of both cybercriminals and corporations to track you.

What other steps should you take to stay safe? Below are some examples:

Kaspersky official blog – ​Read More