Target Hardening
February 2, 2026
Every app on your phone shipped with default settings. Those defaults weren’t chosen randomly. They were chosen by companies whose business model depends on collecting data about you.
This isn’t conspiracy thinking. It’s just business. The more a company knows about your habits, location, interests, and relationships, the more valuable you are to advertisers. Default settings reflect that priority.
The good news: most of these settings can be changed. The challenge is knowing which ones actually matter.
Not all privacy settings are created equal. Some protect you from meaningful data collection. Others are mostly theater—they make you feel better without changing much. Let’s focus on the ones that actually matter.
Location Services — This is the big one. Your phone tracks where you go, and apps request access to that data constantly. Most don’t need it.
Go to Settings → Privacy & Security → Location Services. You’ll see every app that has requested location access. For each one, ask yourself: does this app actually need to know where I am? Your weather app needs your general location. Your flashlight app does not.
Set apps to “While Using” instead of “Always” wherever possible. For apps that don’t need location at all, turn it off entirely.
App Tracking Transparency — This is the setting that lets apps track your activity across other apps and websites. When you see “Ask App Not to Track,” say yes.
Go to Settings → Privacy & Security → Tracking. Turn off “Allow Apps to Request to Track.” This prevents apps from even asking.
Advertising Settings — Apple collects data to serve you personalized ads. You can limit this.
Go to Settings → Privacy & Security → Apple Advertising. Turn off “Personalized Ads.”
Siri & Search Suggestions — Siri learns from your behavior to make suggestions. That learning requires data collection.
Go to Settings → Siri & Search. Review which apps can show content in search and suggestions. Turn off any you don’t actively want Siri learning from.
Significant Locations — Your phone keeps a history of places you’ve been. This data is stored locally but can be accessed if your phone is compromised.
Go to Settings → Privacy & Security → Location Services → System Services → Significant Locations. Review the list, then clear it and turn the feature off if you don’t need it.
Facebook’s privacy settings are buried, changed frequently, and designed to be confusing. Here’s what matters.
Privacy Checkup — Facebook actually provides a guided walkthrough. Go to Settings & Privacy → Privacy Checkup. Walk through each section. It covers who can see your posts, how people can find you, and your data settings.
Profile and Tagging — Control who can post on your timeline and who can see posts you’re tagged in.
Go to Settings → Profile and Tagging. Set “Who can post on your profile?” to “Only Me” or “Friends.” Enable the setting to review tags before they appear on your profile.
Search Engine Indexing — By default, your Facebook profile may be findable via Google.
Go to Settings → Privacy → How People Find and Contact You. Turn off “Do you want search engines outside of Facebook to link to your profile?”
Off-Facebook Activity — This is how Facebook tracks what you do on other websites and apps.
Go to Settings → Your Facebook Information → Off-Facebook Activity. Review the list (it’s often surprising), then click “Clear History” and turn off “Future Off-Facebook Activity.”
If you use an Android phone or any Google services, your Google account settings matter more than your phone settings.
Activity Controls — Google tracks your web and app activity, location history, and YouTube history by default.
Go to myaccount.google.com → Data & Privacy → Activity Controls. Review each category and pause the ones you don’t want tracked.
Ad Personalization — Google builds a profile about you for ad targeting.
Go to myaccount.google.com → Data & Privacy → Ad Personalization. Turn it off or review and remove specific interests.
Security Checkup — While you’re there, run Google’s Security Checkup to review which devices and apps have access to your account.
Some privacy advice is more ritual than protection.
Clearing your browser history constantly — This removes local records but doesn’t stop websites from tracking you. Your ISP still sees your traffic. Websites still log your visits. Clearing history is about local privacy (someone using your computer), not online tracking.
Using incognito mode for everything — Incognito prevents your browser from saving local history and cookies. It doesn’t make you anonymous online. Websites still see your IP address. Your ISP still sees your traffic.
Obsessing over cookies — Cookies are one tracking mechanism among many. Fingerprinting, IP logging, and account-based tracking all work without cookies. Blocking all cookies often breaks websites without providing meaningful protection.
VPNs as a privacy cure-all — A VPN hides your traffic from your ISP and changes your apparent location. It doesn’t make you anonymous. The VPN provider can see your traffic instead of your ISP. If you’re logged into accounts, you’re still identifiable.
You don’t need to spend hours on this. Here’s a focused checklist:
iPhone (5 minutes):
Facebook (5 minutes):
Google (5 minutes):
That’s it. Fifteen minutes, and you’ve addressed the settings that actually move the needle.
Settings change. Apps update. New features get added with new defaults that favor data collection. Make a calendar reminder to review these settings quarterly. It doesn’t take long once you know where to look.
The goal isn’t to disappear. It’s to make informed choices about what you share, rather than accepting whatever defaults a company decided would maximize their data collection.
Next in the Target Hardening series: “The Password Problem” — why using the same password everywhere is like giving a stranger a master key to your life.