Your membership has expired

The payment for your account couldn't be processed or you've canceled your account with us.

Re-activate

    The Consumer Reports 10-Minute Digital Privacy Tuneup

    Each of these steps will take just a minute or two, and they'll boost your data security and privacy

    Michael Brandon Meyers

    There's a lot you can do to protect your personal information when you go online, whether you're using a smartphone or a laptop, and whether you're at home or in a coffee shop.

    The following steps take just a few minutes to do, and each one can help make your data more secure, foiling hackers and controlling the amount of data that companies collect without your knowledge.

    To explore more ideas, consult Consumer Reports' expanded list of tips for protecting privacy and security.

    Turn on Automatic Updates

    “Software updates are like oil changes,” says Mark Surman, executive director of the Mozilla Foundation. “They can be a hassle in the moment but a lifesaver in hindsight.” According to security professionals surveyed last year by Google, the most critical step you can take to boost security is to keep your operating system and other software up to date. Hackers are always exploiting more vulnerabilities, while security pros play nonstop malware whack-a-mole. If you have old software, you’re missing the latest protections. “Most modern software will update itself if you let it,” Surman says. Make sure you have auto-updates turned on across the board.

    Use Screen Locks on Every Device

    Set a password or PIN for every laptop, smartphone, and tablet you own. Any lost device without a screen lock is an unprotected gateway for thieves, who may be able to access your email and banking and social accounts, changing passwords and taking control of your digital life. Use a screen lock that’s at least six characters long. And avoid easy-to-guess passwords, such as a birthdate or your phone number.

    Check Your Data-Breach Status

    Wondering whether your personal data has been stolen and posted for sale on the web? At haveibeenpwned.com, you can check your email addresses and user names against lists from 120 known breaches at companies including Adobe, LinkedIn, and Snapchat. (You'll need to register to check the full database.) If your name pops up, change the password for the compromised account and any other site where—tut, tut—you were using the same password. (Bonus tip: Pros pronounce “pwned” as “poned,” not “pawned.”)

    Use Temporary Email Addresses

    You’re often asked for an email address to access a website or to sign up for a loyalty card, even if you want to use the service just once. Comply and you may be in for years of marketing come-ons. “Everyone wants your email address these days,” says Nathan White, senior legislative manager at Access Now, a digital-rights organization. But you don’t have to provide a real one. White recommends 10minutemail.com, where you can get a functional email address for 10 minutes (or 20, if you need it), just long enough for you to log on to a site. When the time is up, the email address self-destructs—and 10minutemail.com doesn’t retain any personal data.


    Data security and privacy are growing in importance as consumer concerns. See where Consumer Reports stands on privacy.

    Cover Your Laptop Webcam

    Malicious actors have repeatedly proven that they can turn on a laptop’s camera without the user’s knowledge. The simplest solution? Do what Facebook CEO Mark Zuckerberg and FBI director James Comey do—put a piece of tape or a Post-it note over it. Hackers haven’t yet cracked the adhesive code.

    Use the HTTPS Everywhere Browser Extension

    When you see “https” and a green padlock alongside a URL in your browser’s address bar, it means that the data is encrypted as it travels back and forth between the website and your computer. (The “s” stands for “secure.”) Some sites that support https use it inconsistently. Add the HTTPS Everywhere browser extension, which you can download from the Electronic Frontier Foundation, and your connections will be encrypted anytime you connect to a website that supports https. It works with the Chrome, Firefox, and Opera browsers.

    Turn Off Location Tracking in Apps

    Many mobile apps can extract your whereabouts from your phone. In the case of a restaurant-recommendation service or Uber, that makes sense. But there’s no reason to share your location data with many other companies that won’t use the information to provide you with any obvious benefits. You can selectively decide whether individual apps can access that data. On iPhones, go to Settings, then Privacy, then Location Services. Now scroll down to any app to control if and when it can access your location. You can do the same on any Android phone running a recent version of the operating system (6.0 Marshmallow or later). Go to Settings, then Application Manager, and tap on the specific app you want to adjust. Next, tap on Permissions to access the location setting.

    Editor's Note: This article also appeared in the November 2016 issue of Consumer Reports magazine.