Chapter 21: Take Back Your Data and Privacy in Thirty Minutes
In February 2024, a woman in Pittsburgh opened a letter from her health insurance company and felt the floor drop out from under her. The letter informed her that Change Healthcare, the company processing her medical claims, had suffered a data breach. Her name, her Social Security number, her diagnoses, her prescription history, her bank account information for direct deposits, all of it now sat in the hands of criminals. She called the number on the letter. She sat on hold for forty five minutes. When she finally reached a representative, the person on the other end offered her two years of free credit monitoring. Two years of watching to see if someone destroyed her financial life, in exchange for the permanent loss of her most personal medical information.
She was one of 192.7 million Americans affected by that single breach. Two out of every three people in this country. And here is the part that should make your blood boil. The hackers got in through a remote access portal that did not require multi factor authentication. A door without a deadbolt. A company trusted with the health records of nearly two hundred million people left the digital equivalent of a sticky note on the lock that said "come on in."
If you have read all of the chapters of this book, you now understand how deep this problem runs. You know that your phone tracks your location with one meter accuracy, that data brokers sell your personal dossier for pennies, that your car reports your driving habits to your insurance company, that your DNA sits in a database that could outlive the company storing it, and that the United States still does not have a single federal law protecting your privacy. You understand the system. Now you need to do something about it.
This chapter is your action plan. Every step is specific. Every tool is named. Every website address and phone number is included. You do not need a law degree. You do not need to be a technologist. You need thirty minutes and the decision to stop waiting for someone else to protect what belongs to you.
Your Phone in Thirty Minutes: The Privacy Audit That Changes Everything
Your smartphone is the single greatest surveillance device ever invented, and you carry it everywhere you go. A 2024 study of the fifty most popular Android apps found that each one requests an average of eleven dangerous permissions, including access to your camera, your microphone, your contacts, and your precise location. Research from NordVPN found that eighty seven percent of Android apps and sixty percent of iPhone apps request permissions they do not need to perform their basic function. Your weather app does not need to know your exact GPS coordinates. Your shopping app does not need access to your microphone. Your news app does not need your contact list.
The first thing to do on your iPhone is turn off app tracking. Go to Settings, then Privacy and Security, then Tracking, and switch off "Allow Apps to Request to Track." This single toggle prevents apps from following your activity across other companies' apps and websites. When Apple first introduced this feature, consent rates for tracking dropped to roughly twenty five percent. The advertising industry lost billions. Meta's stock dropped an estimated thirty percent. That tells you everything you need to know about how much your data is worth.
Next, open Safety Check. Go to Settings, then Privacy and Security, then Safety Check. Apple originally designed this tool for domestic abuse survivors, and it remains one of the most powerful privacy features on any phone. Safety Check walks you through a five step review of who you share information with, which apps have access to your data, and how your device security is configured. If you are in a situation where you need to cut off access immediately, its Emergency Reset mode revokes all sharing, resets your Apple ID password, and disables Find My sharing instantly. A Quick Exit button returns you to the Home Screen if someone walks in while you are using it.
After Safety Check, turn on Advanced Data Protection for iCloud to enable end to end encryption. Turn off Personalized Ads under Settings, Privacy and Security, Apple Advertising. Enable Stolen Device Protection under Settings, Face ID and Passcode. Review the App Privacy Report under Settings, Privacy and Security, App Privacy Report, which shows you exactly which apps accessed your camera, microphone, and location over the past seven days. Those green and orange dots that occasionally appear in your status bar are telling you something. Green means your camera is active. Orange means your microphone is active. Pay attention to them.
On Android, the Privacy Dashboard gives you similar power. Go to Settings, then Security and Privacy, then Privacy Dashboard. You will see a pie chart showing which apps accessed sensitive permissions over the past twenty four hours, expandable to seven days on Android 15 and later. Quick Settings toggles let you disable camera and microphone access for all apps with a single tap. Android also automatically revokes permissions from apps you have not used in several months.
On both platforms, the single most consequential permission to change is precise location. When an app has precise location access, it knows where you are within roughly one meter. Approximate location narrows it to only two to ten kilometers. Navigation and ride sharing apps genuinely need precise location. Weather apps, social media, shopping apps, and news apps do not. Go through your apps right now and switch every one of them to approximate location unless you have a specific reason not to.
Your Browser Is Leaking: Fix It Today
Your browser choice matters more than most people realize. After years of promising to phase out third party tracking cookies, Google announced in April 2025 that Chrome would not even roll out a consent prompt. Cookies remain enabled by default. Every website you visit on Chrome drops tracking files that follow you across the internet, building a profile of your interests, your habits, your purchases, and your health concerns.
Safari and Firefox have blocked third party cookies by default for years. Brave blocks ads, trackers, and fingerprinting the moment you install it. If you do one thing after reading this section, switch your default browser to Firefox or Brave. In Firefox, set Enhanced Tracking Protection to Strict and enable Global Privacy Control. In Safari, enable Hide IP Address from Trackers. If you insist on staying with Chrome, manually block third party cookies in settings and know that Chrome's Manifest V3 framework limits the effectiveness of ad blockers.
Freeze Your Credit: The Five Minute Step That Stops Identity Theft Cold
A credit freeze is the single most protective action most Americans skip. It has been free by federal law since September 2018. It takes roughly five minutes per bureau. It has zero impact on your credit score. And as of right now, only an estimated ten to twenty percent of Americans have done it. Credit card fraud was the largest category of identity theft in 2024, with 449,076 reports to the FTC. Total identity theft reports hit 1.135 million that year, up nearly ten percent from the year before, with losses reaching 12.5 billion dollars. Every one of those numbers represents a real person whose life was disrupted because a criminal opened an account in their name.
A credit freeze stops that from happening. It prevents lenders from accessing your credit report, which means no one, including a criminal with your Social Security number, gets approved for new credit in your name.
You need to freeze at all three major bureaus. At Equifax, visit equifax.com/personal/credit-report-services/credit-freeze or call 888-298-0045, create a myEquifax account, and select Place a Security Freeze. At Experian, visit experian.com/help/credit-freeze or call 888-397-3742, and toggle the Frozen button after creating an account. At TransUnion, visit transunion.com/credit-freeze or call 888-909-8872 and click Add Freeze in the TransUnion Service Center.
When you need to apply for credit, ask the lender which bureau they pull from and temporarily thaw only that bureau. Federal law requires thaws to take effect within one hour online or by phone. Set a date range so the freeze automatically restores itself.
The Bureaus Most Americans Forget
Freezing only the big three leaves significant gaps that criminals regularly exploit. ChexSystems, at chexsystems.com or 800-887-7652, tracks checking and savings account history and is used by eighty percent of banks and credit unions. Without this freeze, someone can open bank accounts in your name. NCTUE, at nctue.com or 866-349-5355, tracks telecom and utility accounts. Without this freeze, someone can open phone or utility service under your identity. Innovis, at innovis.com or 800-540-2505, is the fourth credit bureau consulted when the other three are unavailable. LexisNexis, at consumer.risk.lexisnexis.com/freeze or 800-456-1244, maintains extensive public records, insurance claims, and background data. Freezing LexisNexis now also covers SageStream reports. All of these freezes are free.
One more distinction matters here. A credit freeze is federally regulated under the Fair Credit Reporting Act, always free, and protected by law. A credit lock is a private product governed by terms of service that a company writes and controls. Experian charges 24.99 dollars per month for its CreditLock product. The Consumer Financial Protection Bureau confirmed in September 2025 that credit locks are no more effective than credit freezes. The freeze is what you want. Do not pay for what the law already gives you for free.
Take Your Data Back from the Brokers Who Stole It
The data broker industry is worth roughly 294 billion dollars. At least 750 known brokers operate in the United States, and the real number is likely in the thousands. Acxiom alone claims files on 2.5 billion people with more than 3,000 data points per person. These companies know your income, your religion, your health conditions, your daily habits, and your home address. They sell that information to advertisers, insurance companies, employers, scammers, and government agencies.
You have the right to see what they have on you and to demand they delete it. For your LexisNexis consumer disclosure report, visit consumer.risk.lexisnexis.com/request or call 888-497-0011. This report contains real estate records, liens, judgments, bankruptcy records, professional licenses, historical addresses, and insurance claims history. For your insurance claims history specifically, request a CLUE report through LexisNexis, which covers seven years of auto and home insurance claims and is used by ninety five percent of insurance companies. For a separate property loss database, request your A-PLUS report from Verisk at fcra.verisk.com or call 800-627-3487. Both are free annually under federal law.
For people search sites, manual opt outs work roughly seventy percent of the time according to a 2024 Consumer Reports study. At Spokeo, visit spokeo.com/optout, search for your listing, paste the URL, and verify via email. Removal happens within 24 to 72 hours. At Whitepages, visit whitepages.com/suppression-requests and verify via phone call. At BeenVerified, visit beenverified.com/f/optout/search and verify via email. At Radaris, visit radaris.com/control/privacy and complete CAPTCHA and email verification. The critical thing to understand is that these opt outs are generally not permanent. Brokers re scrape public records and rebuild your profile. You need to repeat the process or use an automated service.
Automated removal services handle this maintenance for you. The Consumer Reports 2024 study found Optery led with a sixty eight percent removal rate, starting at 3.99 dollars per month. EasyOptOuts, the Wirecutter budget pick, covers roughly one hundred sites for 19.99 dollars per year. Incogni by Surfshark covers more than 420 brokers for 7.99 dollars per month. DeleteMe costs 10.75 dollars per month with human reviewed quarterly reports. Each service has different strengths, and any of them provides dramatically more protection than doing nothing.
California's DROP Platform: One Click Deletion from 500 Brokers
On January 1, 2026, California launched the most aggressive privacy tool in American history. The Delete Request and Opt Out Platform, known as DROP, is the first government operated system allowing consumers to submit a single deletion request that reaches every registered data broker simultaneously. If you are a California resident, this tool was built for you. And if you are not, it shows where the rest of the country needs to go.
To use DROP, visit privacy.ca.gov/drop and authenticate through the California Identity Gateway or Login.gov. Submit your personal identifiers, including your name, date of birth, phone number, email, and optionally your mobile advertising IDs. That single request automatically goes to all 545 registered data brokers in California. Starting August 1, 2026, brokers must retrieve and process these requests every 45 days, complete their determinations within 90 days, and continue deleting any newly collected data about you indefinitely. If a broker fails to comply, the penalty is 200 dollars per consumer per day.
The California Privacy Protection Agency created a Data Broker Enforcement Strike Force in November 2025 and immediately started using it. Background Alert was ordered to shut down through 2028. ROR Partners was fined 56,600 dollars for building profiles on 262 million Americans without registering. Rickenbacher Data was fined for selling data on millions of people living with Alzheimer's and drug addiction. This agency has teeth, and it is biting.
As of early 2026, nineteen to twenty states have consumer privacy laws with data deletion rights. California, Maryland, Minnesota, and Oregon have the strongest protections. Twelve states now require businesses to honor Universal Opt Out Mechanisms like Global Privacy Control. No other state has built a centralized deletion platform like DROP. If your state representative has not heard about what California is doing, tell them.
Stop Using Text Messages for Security: Hardware Keys and Passkeys
If you still receive security codes by text message, you are using a system built on a protocol designed in 1975 that contains no security mechanisms. The SS7 signaling protocol that carries your text messages allows sophisticated attackers to intercept them at the network level. And that is the sophisticated version. The simple version is SIM swapping, where a criminal convinces your phone carrier to transfer your number to their device. The FBI documented 982 SIM swap complaints with nearly 26 million dollars in losses in 2024 alone. In March 2025, a California arbitrator ordered T-Mobile to pay 33 million dollars after a single SIM swap enabled the theft of 38 million dollars in cryptocurrency. In January 2024, a 26 year old used a fake ID at an AT&T store to SIM swap access to the Securities and Exchange Commission's official social media account. He posted a false announcement about Bitcoin that caused 230 million dollars in market liquidations.
The solution exists and it works. When Google required all 85,000 of its employees to use physical security keys in early 2017, the company experienced zero successful phishing attacks on employee accounts. Not one. The best entry level hardware key is the Yubico Security Key C NFC at 29 dollars or the Google Titan USB C with NFC at 35 dollars. Always buy two, one to use daily and one as a backup stored somewhere safe. Your total investment is 58 to 70 dollars for the strongest account protection available anywhere.
If hardware keys feel like too much, passkeys are the next best option and they are spreading fast. Over one billion people have activated at least one passkey, and 15 billion online accounts support them. Google reports 800 million accounts using passkeys. Amazon has 175 million passkey enabled customers. Each passkey is cryptographically bound to a specific website, which means a fake site will never match. You physically cannot be phished. NIST officially recognized synced passkeys in its July 2025 digital identity guidelines update and made phishing resistant authentication the new baseline.
For accounts that do not support hardware keys or passkeys, use an authenticator app. Google Authenticator is free and now offers cloud backup. Bitwarden and 1Password integrate time based codes directly into your password vault. The hierarchy from strongest to weakest is hardware security keys, then passkeys, then authenticator apps, then text message codes, then password alone. Move up the ladder as far as you reasonably can on every account that matters to you.
Privacy Tools That Actually Work: Search, Email, Messaging, and More
You do not need to become a technologist to protect your digital life. The ecosystem of privacy respecting tools has matured to the point where switching is painless and the products are genuinely good.
For search, Brave Search is the best free option, powered by its own web crawler with zero tracking. DuckDuckGo remains the easiest no fuss default. Kagi costs ten dollars per month for unlimited searches and is funded entirely by subscribers, with no advertising or tracking whatsoever.
For email, Proton Mail, based in Switzerland, offers end to end encryption with an architecture that prevents even Proton from reading your messages under legal compulsion. The free tier includes one gigabyte of storage. Proton Unlimited at 9.99 dollars per month bundles VPN, cloud storage, calendar, and a password manager. Tuta, based in Germany, encrypts more data than any competitor, including subject lines and address books, and now offers post quantum encryption by default starting at 3.60 euros per month.
For messaging, Signal is the gold standard. End to end encrypted by default for all communications, collecting virtually no metadata, and fully open source. When U.S. defense officials were found using Signal for sensitive communications in 2025, the headlines focused on the impropriety of using any messaging app for classified material. The underlying point was clear. Signal's encryption is trusted at the highest levels. Get more tips about how to setup and use Signal in "Everybody Has Something To Hide" by Guy Kawasaki and Madisun Nuismer (I was a consulting expert on the book).
WhatsApp uses the same Signal Protocol for message content, and Meta, which owns WhatsApp, collects extensive metadata including your contacts, timestamps, device information, and IP addresses, all shared across Meta's advertising ecosystem. Telegram does not encrypt regular chats or group chats at all. After CEO Pavel Durov's arrest in France in August 2024, Telegram began sharing user IP addresses and phone numbers with authorities.
For passwords, use a dedicated password manager. 1Password costs 4.99 dollars per month for families of five and includes a Travel Mode for border crossings. Bitwarden is fully open source with unlimited passwords and cross device sync on its free tier, and its premium tier costs just ten dollars per year. Avoid LastPass. The 2022 breach resulted in stolen encrypted vaults that criminals are still cracking. Five million dollars in cryptocurrency was stolen from LastPass users in December 2024 alone.
For your VPN, Mullvad costs 5.50 dollars per month, requires no email address to sign up, and accepts cash payment for maximum anonymity. Proton VPN provides the best free tier with unlimited bandwidth. A VPN protects your traffic from your internet service provider and on public Wi Fi. It does not prevent tracking through cookies, fingerprinting, or logged in accounts.
Teach Your Family: Every Generation Needs This Conversation
Privacy is a family project. Ninety five percent of teens have smartphone access, with nearly half online almost constantly. At the other end, FTC data shows fraud losses for adults over sixty reached 2.4 billion dollars in 2024, a fourfold increase since 2020, with real losses estimated between 10.1 and 81.5 billion dollars because of massive underreporting.
For elementary age children, five to ten years old, the American Academy of Pediatrics recommends shared family devices, co watching, and introducing the concept of private information, meaning name, address, and school. At this age, children generally perceive parental monitoring as a safety measure and respond well to simple rules.
For middle schoolers, eleven to thirteen, the conversation shifts to social media privacy settings, the permanence of anything posted online, and recognizing impersonation. Ask your kids directly whether they have reviewed the privacy settings on their accounts. Ask if they know how to block someone who makes them uncomfortable. Sit with them and look at the settings together.
For high schoolers, fourteen to eighteen, the conversation goes deeper into data collection, algorithmic targeting, and how a digital footprint affects college admissions and future employment.
Research strongly favors transparency over covert surveillance when it comes to monitoring your kids. A Digital Wellness Lab study found that children's reviews of parental control apps were seventy six percent one star ratings, with the negative reviews focused on privacy invasion. A University of Wisconsin study found teens who had a voice in setting digital rules reported higher trust and better mental health outcomes. The best approach is scaffolding, meaning tighter controls for younger children and progressively more freedom for teens, with monitoring framed as temporary training wheels.
For elderly family members, start with the basics. Help them set up strong, unique passwords. AARP found that sixty four percent of Americans do not use distinct passwords across their accounts. Enable two factor authentication on their email and banking. Teach them one rule that will prevent the majority of scams. If anyone contacts them out of the blue with urgency, demanding immediate action or money, the contact is almost certainly fraudulent. AARP's Fraud Watch Network Helpline at 877-908-3360 fielded nearly 100,000 reports in 2025. AI powered voice cloning scams, where criminals replicate a loved one's voice to demand emergency money, are surging. Social media became the top contact method for scammers targeting seniors by dollar amount, with 561 million dollars in losses.
When the Breach Letter Arrives: Your Response Plan
If you have not received a data breach notification letter in the past year, you are in the minority. A 2025 poll found eighty percent of consumers received at least one breach notice, with forty percent receiving three to five. The record 3,322 data compromises in 2025 generated approximately 278.8 million victim notices. Nearly half of the people who received those notices did nothing. Forty eight percent cited breach fatigue. Thirty six percent did not trust the notice was real.
Do not ignore breach letters. Read them carefully. A legitimate breach notification should tell you what happened, what data was exposed, what the company is offering, and what steps you should take. Be aware that only thirty percent of 2025 breach notifications disclosed how the attack happened, down from nearly one hundred percent in 2020. Companies increasingly use vague language like "potentially subject to unauthorized access" when your data was actually stolen and posted on the dark web.
Your response depends on what was exposed. If your Social Security number was compromised, and it was involved in two thirds of 2025 breach reports, immediately freeze your credit at all three bureaus, place a fraud alert, create a my Social Security account at ssa.gov, file IRS Form 14039 to prevent tax fraud, and accept any free monitoring offered. If health data was breached, request your medical records and check for inaccuracies. Medical identity theft is dangerous because wrong information in your file affects your treatment. Health records sell for more than 250 dollars each on the dark web, compared to five to ten dollars for credit card numbers. If passwords were exposed, change them everywhere you reused them, enable two factor authentication, and check haveibeenpwned.com. If biometric data was compromised, the damage is permanent. You cannot change your fingerprints or your face.
File your complaints where they count. Visit IdentityTheft.gov to generate a personalized recovery plan and an official FTC Identity Theft Report, which is a legal document useful for disputing fraudulent accounts. Report fraud at ReportFraud.ftc.gov, where your report enters the Consumer Sentinel Network accessible by more than 3,000 law enforcement agencies. File with your state Attorney General. File with the Consumer Financial Protection Bureau at consumerfinance.gov for financial data issues. Individual complaints rarely yield direct payouts for you personally, and they drive enforcement priorities, fund investigations, and build class action cases.
Stay Informed: Privacy Law Is Moving Fast
Twenty state privacy laws are now on the books. New regulations take effect every few months. No federal privacy law exists. Staying current requires intentional effort, and several organizations make it straightforward.
The Electronic Frontier Foundation at eff.org provides the most accessible consumer resources, including the free Surveillance Self Defense guide and the Privacy Badger browser extension. The Electronic Privacy Information Center at epic.org produces rigorous policy analysis and graded all nineteen state privacy laws in January 2025, finding nearly half received failing grades. The ACLU's Speech, Privacy, and Technology Project drives landmark litigation on warrantless searches and facial recognition bans. Access Now operates a 24/7 Digital Security Helpline for at risk individuals. The Future of Privacy Forum publishes essential state law analyses and tracks AI legislation across all fifty states.
For ongoing news, subscribe to the IAPP Daily Dashboard, a free daily email that is the gold standard for privacy news. Follow Krebs on Security at krebsonsecurity.com for investigative cybercrime reporting. Follow The Markup at themarkup.org for data driven tech accountability journalism. For tracking state legislation, the IAPP US State Privacy Legislation Tracker is indispensable.
In 2026, the pace is accelerating. Three new state privacy laws took effect January 1 in Indiana, Kentucky, and Rhode Island. California's automated decision making technology regulations are now effective. Connecticut's age appropriate design code takes effect mid 2026. Oregon now bans the sale of data on consumers under sixteen and bans the sale of precise geolocation data. Internationally, the EU AI Act's major provisions for high risk AI systems, including AI used in hiring and financial decisions, take effect August 2, 2026, with reach that extends to U.S. companies serving European markets.
Privacy Is Not About Having Something to Hide
Every conversation about privacy eventually runs into the same objection. I have nothing to hide. As if privacy existed only to shelter secrets. As if the only people who need curtains are the ones doing something wrong behind them.
Privacy scholar Daniel Solove dismantled this argument methodically. The "nothing to hide" claim works only by narrowing privacy to concealing wrongdoing. It ignores the real harms, which include aggregation, exclusion, secondary use, distortion, and bureaucratic indifference. Solove invoked Kafka, not Orwell, to describe the true danger. The threat is not a visible tyrant watching your every move. The threat is a suffocating powerlessness created by institutions using your personal data while excluding you from any knowledge of or participation in the process.
Arguing that you do not care about privacy because you have nothing to hide is no different from saying you do not care about free speech because you have nothing to say. If you tell surveillance advocates to email you all their passwords, not a single person will take you up on that offer.
Real people who had nothing to hide have been destroyed by the misuse of their data. At least seven confirmed wrongful arrests based on facial recognition have been documented in this country, virtually all of them involving Black Americans. Robert Williams of Detroit was detained for thirty hours over a blurry surveillance image matched to his expired driver's license photo. Porcha Woodruff, eight months pregnant, was arrested at home in front of her children for a carjacking she did not commit, based on an eight year old mugshot. Angela Lipps, a fifty year old Tennessee grandmother, was arrested at gunpoint while babysitting and jailed for six months based on a facial recognition match, despite bank records confirming she was 1,200 miles away at the time. NIST research shows that African American and Asian faces are up to one hundred times more likely to be misidentified by these systems.
The chilling effect is not theoretical. Jon Penney's landmark study found a twenty percent decline in Wikipedia page views of terrorism related articles after the Snowden revelations, and that decline was not temporary. PEN America surveyed more than 520 American writers and found one in six avoided writing or speaking on topics they believed would trigger surveillance. Self censorship in the land of the First Amendment was approaching levels found in authoritarian countries. Elizabeth Stoycheff's research demonstrated that surveillance knowledge causes people who hold minority viewpoints to silence themselves, homogenizing public discourse and creating the illusion of consensus.
Eighty one percent of Americans are concerned about how companies use their data. Seventy three percent believe they have little or no control over what happens to it. Seventy two percent want more government regulation, and that number is bipartisan. Only three percent of Americans say they understand how current privacy laws actually work. That gap between caring and acting is not hypocrisy. Privacy policies are not written to inform you. They are written to wear you down until you click agree.
Privacy is not a luxury. Article 12 of the United Nations Universal Declaration of Human Rights enshrines it as fundamental. The Supreme Court's 2018 decision in Carpenter v. United States recognized that aggregated digital data transforms formerly innocent information into categorically sensitive surveillance. Cardinal Richelieu said centuries ago that if given six lines written by the most honest man, he would find something in them to have him hanged. Bruce Schneier observed that if marijuana laws and anti homosexuality statutes had been perfectly enforced through surveillance, society would never have reached the point of reconsidering them. Privacy is the precondition for the social change that makes societies safer, freer, and more just. It protects the space where people think freely, disagree openly, make mistakes privately, and grow into who they are meant to become.
The Tools Exist. The Gap Is You.
Everything in this chapter is something you can do today. A thirty minute phone audit. A credit freeze across seven bureaus. A passkey setup. A DROP submission if you live in California. A browser switch. A password manager installation. A conversation with your kids about what they share online and a conversation with your parents about the phone call that sounds urgent and is almost certainly a scam.
The protective tools available to everyday Americans have never been more accessible. Credit freezes are free and take minutes. Passkeys have been adopted by a billion people. Hardware security keys costing 29 dollars eliminated phishing at the largest technology company on Earth. California's DROP platform enables one click deletion from more than 500 data brokers. The question is no longer whether the tools exist.
The question is whether you will use them before the next breach letter shows up in your mailbox. Before someone opens a credit card in your child's name. Before a data broker sells your location history to a company you have never heard of for a purpose you would never approve.
Privacy is not a spectator sport. Nobody is going to protect your data for you. The companies collecting it have no financial incentive to stop. Congress has failed to act for decades. The only person who will lock your front door is you.
Start now. Pick one section of this chapter, any section, and do it before you put this book down. Freeze your credit. Audit your phone. Switch your browser. Set up a passkey. Tell someone you love what you learned. Then come back tomorrow and do the next one.
Your privacy is worth fighting for. Not because you have something to hide. Because you have everything to protect.