Protecting Your Privacy in the Post-Roe US

Now that the US Supreme Court has overturned the 1973 landmark decision Roe v. Wade, near-immediate abortion bans and restrictions are going into effect in at least 16 states, leaving the country with a confusing patchwork of inconsistent regulations. Being mindful of your online footprint is always important, but it's become more critical since internet searches and text messages have been used as criminal evidence against women in states that prosecute abortion seekers.  

And it's not just about your personal information. Think of digital privacy like herd immunity. Your own phone can tattle on the phones of other people without you knowing about it. This means that improving your own digital privacy protects your friends, colleagues and other contacts in your phone. With increasingly invasive digital surveillance from advertisers and law enforcement presenting a greater risk than ever, don't stop short. Changing a few settings in your phone and apps isn't enough -- the key to strong privacy for you and your network is to add a handful of encrypted apps when communicating about abortion, planning for the procedure, searching for options, or traveling to obtain one.
Read more: How Abortion Searches Online Can Be Used Against You

Securing your phone's privacy from groups like your internet service provider and law enforcement is a three-part process. First, you need to change several settings in your operating system -- that reduces your device's compliance with your apps' requests for your data. Next, you manage all your apps by deleting them, disabling them or changing their privacy settings -- that reduces your apps' collection of the data you produce.

Dozens of settings in your phone's operating system and within your apps would need to be changed before you could say you'd completed the first two steps. That's why there's a crucial final step: installing privacy-focused apps like ExpressVPN, Signal Messenger, Brave Browser, DuckDuckGo and the BitWarden password manager. This is your new set of encryption power tools, and they're about to make most of the data that comes from your phone completely useless to your ISP and any local law enforcement surveilling you.

These steps create an impressive foundation for mobile privacy, even if they do make for some minor inconveniences for an unknown portion of the advertisers that collect data. 

Use a PIN code to lock your phone -- not fingerprints or facial recognition

In most circumstances, police are supposed to have a warrant before they can take your phone from you and search it. Police are also supposed to be barred from forcing you to unlock your phone with biometric data like fingerprints and facial recognition. They're also supposed to have a warrant before they can request your internet history, texts and phone call logs from websites or your ISP or phone company. Supposed to. 

Fact: Sometimes humans simply forget the PIN code to their phone's main lock screen and then other people like police officers, for example, have a very difficult time accessing the phone's contents without extended effort. Happens all the time. Another fact: You can't say you forgot your fingerprint or face at home. 

Remember, however, that a PIN code only buys you more time until police crack your phone. In some cases, just an hour or so. 

Disable location tracking

Without a virtual private network, disabling your phone's geolocation services is pretty much useless as a way to protect your geolocation privacy from your ISP and law enforcement. Unless you're using a VPN, every single piece of data that leaves your phone will appear to be coming from the nearest cell tower or Wi-Fi router you're connected to. End of story. 

Toggling off your GPS doesn't do much. If you share a billing or service account with another person, that other person can likely track you. Some services like AT&T FamilyMap and Apple's Find My app may need to be manually disabled or uninstalled. Review the Disabling GPS tracking section of this guide for a walk-through on doing both. 

Both Android and iOS devices still have to contend with the geo-tracking of Google Sensorvault. Disabling Sensorvault stops Google from tracking your every movement across its Maps and Location History apps.

Read more: How to turn off location services on your iPhone

Turn off your mobile ad ID

If you've noticed interest-specific ads suddenly appearing in your browser or social news feeds, your mobile ad ID may be responsible. Your mobile ad ID is a type of tracking technology that follows you during your browsing and includes location information -- a privacy vulnerability. 

iPhone users can turn this off by enabling Apple's setting to limit any new apps' ability to track you. Go to Settings, then Privacy, then Advertising, and toggle off Personalized Ads. This may not cover all the apps on your phone, however, so I also recommend limiting app tracking for other apps that you've previously downloaded. 

Check your apps and accounts 

Read CNET's guide to keeping your information private online. Our guide to disappearing online is also helpful if you need Google to remove you from search results. 

Sign out of all other devices

In the privacy settings of nearly every one of your online accounts -- from your email and social media accounts to your streaming services and cross-device synced services -- you'll find an option to sign your account out of all other devices. 

While it would be impossible to walk through every possible service with you in one article, this is a vital step to securing your accounts if you suspect any other person may be able to access your location and search history from a device you can't control. Take the time to check the settings pages of your apps.

If you're a Gmail user, check out our walk-through on signing out across other devices. 

Lock down your social media 

It should go without saying, but turn off all location tagging features for all of your social media accounts, one by one. And in each of your social media accounts -- whether it's Instagram, TikTok, Twitter, or Facebook -- go through your privacy settings and disable your account being displayed in search results when people look for you. 

For help securing your Facebook account, check out our guide, or for help permanently deleting your account while still saving your photos. 

Enable 2FA

In most cases, two-factor authentication, or 2FA, will not protect your accounts if the person breaking into your accounts has your phone in their hands. That's because 2FA normally works by sending you a text message or voice call with a passcode for the account you're trying to log into. Some 2FA protections are customizable, however, and you can receive an email with a temporary passcode instead of a text message. 

Every account and service has its own process for enabling 2FA, most of which will be located in the settings menu of whichever app or account you're securing, and are often under submenus labelled account, security, privacy or advanced options. 

Google users, you can set up 2FA by going to your Google account security page and clicking 2-Step Verification. Follow the prompts until you reach a screen titled "Use your phone as a second sign-in step." 

As CNET's Jason Cipriani notes, using alerts in the Gmail app is easier, but it means you have to have your phone nearby at all times and you'll need a connection to approve the alert. So, if you're somewhere where you have no bars -- or if someone cuts off your phone service -- you'll need to be connected to Wi-Fi. 

Read more: How to enable 2FA for LinkedIn, Twitter, Microsoft, Apple and Google

Check for leaky apps

If you're using the latest version of Android, there are new privacy features aimed at making it easier to find and restrict any apps with aggressive permissions. Check our guide to Android 12 privacy features for instructions on how you can see which apps have access to your microphone and camera.

If you suspect someone may have installed malicious apps on your phone, like stalkerware, it's worth reviewing HackBlossom's DIY guide to domestic violence cybersecurity for useful ways to secure your privacy. It covers methods of disabling certain privacy vulnerabilities in ways that recognize the need to be careful when distancing yourself from an abuser.

CNET's Laura Hautala has written extensively on stalkerware and offers reliable instructions on checking your phone for tell-tale signs of malware that might be lurking in the background.

Fail-safe: Nuke your phone remotely

Many Android devices may have fewer out-of-the-box privacy and security benefits than iPhones, but if you've got an Android device you have one final kill switch. You can set up your phone so that you're able to remotely wipe its entire contents if it falls into the wrong hands. 

In our Android settings guide, scroll down to the Be prepared to lose your phone section and read the walk-through for help getting it rigged. Important: Before taking even the first step toward wiping your device, back up your phone's stored data on another device like a USB or removable hard drive. 

One final tool that may be useful to some of you is a digital dead man's switch. If your phone is taken from you and you're arrested, you could arrange a dead man's switch to email a trusted ally with login information and instructions for remotely wiping your phone.

One option is the Dead Man Tracker app, which can notify certain people in the event you don't respond. A second option that isn't an app is the Dead Man's Switch site. It sends an email to previously selected recipients. Note: I haven't personally tested these two, so read the terms and privacy policies carefully before using, and test in advance. 

The real key to privacy: Add these five apps

While changing these settings is a great start toward improving your privacy in the year ahead, they're only a half measure. To better protect yourself, install the following privacy-focused apps to protect your data from your ISP. 

Signal Private Messenger App

• Protection: Voice calls, along with multimedia text messages
• Cost: Free and open-source
• Estimated time: Under 3 minutes to install and start using

Make sure you download the app directly from its verified developer and not a copycat. Signal's desktop app is also a more private replacement for instant messaging platforms like Slack, or Facebook's Messenger and WhatsApp. Martin Shelton, of the Freedom of the Press Foundation, also has a 5-minute primer newcomers should read on getting the most out of the app. 

ExpressVPN

• Effectiveness: Widely recommended
• Cost: From $13 per month, with a 30-day refund policy. 
• Estimated Time: Approximately 10 minutes to subscribe, install, and begin using, depending on your payment type. 

Without a VPN, your ISP and mobile carrier can usually see your Google searches. Police regularly get customer records from AT&T, T-Mobile, Verizon, or any other cell provider. Police also regularly get their hands on records from Google, Bing, Yahoo and other search websites -- all of which can let police trace your searches to your phone.
ExpressVPN has passed every privacy stress test I've put it through, and is private enough to get around censorship in both Russia and China. ExpressVPN's per-month cost of $13 is the same per-month cost as our cheapest provider, Surfshark. However, ExpressVPN's annual subscriptions are more expensive than many others. 
If you only need a VPN for 30 days, and need the cheapest one, then use ExpressVPN and select the single-month option. If you need a VPN for more than 30 days, and you need the cheapest one, then choose Surfshark and select its annual plan. 
The most important part: Make sure that if you are using ExpressVPN (or any VPN) on a laptop, you also install and turn on the ExpressVPN browser plug-in. That's going to stop your browser from leaking additional geolocation information. For any other VPN, be sure to disable your laptops IPv6. 

If you live in an area with bad cell service or if your phone is older and slow, open the ExpressVPN app on your phone and go to Settings. Go to VPN Protocol and make sure it's set to Automatic. 

Brave Browser and DuckDuckGo

• Cost: Free
• Bonus: Switch your Brave settings to the most aggressively protective 

A browser that leaks information can cancel out your VPN's ability to cover your tracks, leaving your traffic exposed to your ISP, law enforcement and any sites you visit. Switch to the privacy-focused Brave Browser. Brave isn't owned by Google, but any extension you can install in Chrome -- like the extensions for Surfshark VPN, BitWarden, and DuckDuckGo -- you can install in Brave Browser. Avoid using Google as your search engine and instead switch to DuckDuckGo -- the privacy-focused search engine that keeps little to no information about the searches you use it for. 

BitWarden password manager

• Protection: Browsing and app logins
• Price: Free
• Time: Less than 2 minutes to install, but the time it takes you to add your passwords to the manager depends on how many accounts you have.

After installing BitWarden via the App Store or Google Play, also consider installing the app on any laptops you have and install BitWarden's extension in your browser.