Note: If I’m preaching to the choir and you just want to see\delete your info on Google, skip to the section marked “Let’s get started!”
Over the last year I’ve been seeing more and more people getting hacked and doxxed with their personal information being spilled all over the internet. Even if your own security is nearly perfect, that won’t matter if the companies protecting your data do a bad job of it. It’s easy to screw with someone’s life if you have enough information on them, and it’s not always obvious what information you’re actually broadcasting when you use services online.
These days, the only reason virtually any app or service is free is because your data is being sold to other companies, usually for advertising purposes. You’re using apps designed to harvest as much of your personal data as possible without you being conscious of it, then packaging it up for sale. And Google is currently the best in the world at it, with Facebook being a close second. They’re extremely large centralized sources of information, and they’re great targets for people you don’t want to have it to go get it.
The focus of this guide isn’t on arguing the morality of this, or about the nature of corporations, or even how intelligence services can use this data. I’m not an expert, and much smarter people than me have already written volumes about that. This guide answers one simple question: “If someone that didn’t like me hacked my Google account, what could they find there to hurt me?” The best answer to that question is “very little, if they can make it that far.” So I’ll show you how to lock it all down and keep your Google account safer.
That being said, it’s not as simple as just quitting Google entirely and deleting everything. Most of us have to use Google products or services for one reason or another, and the cost of giving it up is very high. I’m no exception, so I need to find out what Google knows about me, decide for myself how much of that I’m comfortable with Google knowing, and then deleting what they don’t need to know about me. That way I can still benefit from the great products Google offers, but on the terms I prefer.
Let’s get started!
Ask yourself: How much does Google really need to know about me?
I’ll begin by showing you what information Google has on you, and then how to remove it.
First, click here to view the Google Takeout dashboard, which is the complete list of all of your data Google stores across all its services. You have the option to download most of it, but you can’t delete it here. More on that soon.
Here’s what information it had on me:
- GMail: 10+ years of all my email correspondence and everyone I’d ever communicated with. It also saves all my GChat\Hangouts chats with all of my friends, family, coworkers, and exes.
- Google Calendar: Every appointment, event, and note I’ve had for 10+ years. House parties, doctor’s appointments, hotel and travel info, everything.
- Google Contacts: Everyone I’ve ever communicated with in Gmail or through Google Voice, which I use to manage my phone numbers, text messages, and voicemail.
- Google Drive: All of the personal and work documents I’ve ever uploaded, edited, written, shared, or had shared with me.
- Google Voice: A complete record of the time, date, and duration of every phone call I’ve sent or received for the 5+ years, as well as all of my text messages and voicemail in convenient downloadable form.
- YouTube: A complete history of everything I have ever watched, Liked, Favorited, searched for, commented on, subscribed to, shared, and added to playlists.
- Google Hangouts: The complete chat history and contact list of virtually everyone I know.
- Picasa Web Albums \ Google Photos: All the photos I take with my camera are uploaded here automatically. It shows the time, date, camera, camera settings, and my exact physical location for each photograph I took. This ties into Google+ and Google Photos now, so you may not realize that many Android phones back up all the photographs you take online. You have to opt into it but they make it easy to do accidentally.
- Blogger: All the blog posts I’ve made through their service, my drafts, as well as traffic and visitor stats of the people that visited and read my blog.
- Google Play Books: All the books I read, when I read them, and how far I’ve read them, if at all.
- Location History: A complete record of every place I’ve been since I started using Android phones. This happens automatically, and you have to opt out if you don’t want it.
That’s a hell of a lot of information, but I’d like to raise a huge red warning flag at the Location History tracking. If you use an Android phone, Google has been keeping an online record of every place you have ever physically visited, neatly illustrated with time and date stamps. I’ll show you. Click here: https://maps.google.com/locationhistory/b/0
Let’s say that someone steals your phone or laptop. If it’s not secured with a passcode or password, the thief has a complete record of where you live, work, hang out, and when. That’s more than enough information to know when you go to work to break into your home while you’re not there. Or simply to know which path you take to work, or home, or the most likely bar or restaurant you’ll be on certain nights. I cannot emphasize enough how irresponsible Google is to track all this automatically and making it this easy to find.
Ask yourself: Does Google really need to know every place I’ve ever been or will go, all the time? Do they really need to save it all forever? Who are they selling it to?
If the answer is no, then here’s how to fix that in ten seconds:
How to stop Google’s creepy always-on phone tracking
Keeping that same question in mind — “does Google really need to know this about me and save it forever?” — consider whether to delete and disable your Google Search History, your Youtube searches, and your Youtube watch history. Your Google search results’ quality may go down if you disable these, which is a small downside. You can’t undo deleting the history, but you can re-enable it at any time to start developing that search history anew. But this is the difference: You now have a choice about what information to give Google, and this is where you can make it at any time.
Start at the Google account settings dashboard and work your way down the list, opening each section you want to clean up in a new window: https://www.google.com/settings/dashboard
This tells you exactly which services you use and how much data it has on you, with convenient links to each page to change your privacy settings and delete your data. Keep this page open in one tab and keep going back to it as you work down the list to decide what to keep and what to remove.
Your list will be different than mine, so the steps below are showing what I did. You can decide for yourself which settings to use.
Google security setup (IMPORTANT!)
- Go to your Account Security settings: https://www.google.com/settings/security
- Choose or automatically generate a very strong password and store it in a password manager like LastPass, KeePass, or 1Password. If you use the internet without a password manager like this to create and store safe passwords, you’re making a serious mistake and are putting yourself at risk. See my #GamerGate Survival Guide for how to lock down your internet security in an evening. It’s very simple, you’ll only have to do most of it once, and you won’t have to remember or do much different than you already are now. And you’ll be safer.
- Set up 2-step verification. This will make your account vastly more secure against hackers. They’d need to physically possess your phone to log in if you enable this. Remember the celebrity nude leaks? That would never have happened if the celebs used 2-step verification.
- Use App Passwords for apps that connect to Google. This creates unique, custom passwords for your Google-connected apps. That will make it more difficult for apps you trust to suddenly turn malicious and mess with your primary Google account by making one-time-only random passwords. Remember the recent Dropbox hack? Same thing. Click “Manage App Passwords” and review which passwords and apps are currently being used, and Revoke any that you haven’t used in the last month.
- Set a Recovery phone number and backup email address. Hope you never need it, but be prepared.
- Under “App Permissions,” review the apps you’ve connected to Google. If you haven’t used any in the last month, Revoke it. Check this every three months. It’s smart to keep this tidy. Again, remember the Dropbox hack. It was a third-party service connected to Dropbox that leaked the Dropbox passwords.
Google and Youtube search history
- Go here: https://www.google.com/settings/accounthistory
- Click “Manage history” next to “Things you search for.”
- Delete all history.
- Click the “Pause” button to disable search history.
- If you want to disable YouTube Watch history and YouTube Search history, repeat the steps above for “Your YouTube searches” and “Things you’ve watched on YouTube.”
- Click “Edit Settings” next to Search Settings.
- Disable Instant Search by clicking “Never show Instant results.” It seems handy, but it’s literally recording everything you type as you type it and sending it to Google to be saved, presumably forever. Even if you make a typo and correct it, change your mind as you type, or abort the search entirely.
- Do not use Private Results. This searches your contacts, email, and Google+ page for information from your friends and companies you follow, and puts that in your Google Search results. For me that’s less of a security consideration than it is never having thought “I hope my friends’ Comic-Con photos start showing up when I search for stuff!”
- Click “Edit Settings” next to Ads Settings.
- Have you ever searched for something on Google or Amazon, then had it show up in an ad on another site? That is not an accident. These ads literally follow you everywhere you go. Through a variety of means, Google and Facebook track virtually every site you visit across the internet — on desktop and mobile now! — and they take what they know about you and where you’ve been to make “better” ads for you. This is not hyperbole or exaggeration. Fortunately, this is easy to disable! Check these boxes:
- Opt out of Interest-Based ads on Google.
- Opt out of Interest-Based ads across the web.
Google+ profile removal
Google Chrome Sync history
- Click here to delete the Google Chrome browser sync data stored on Google’s servers: https://www.google.com/settings/chrome/sync
This includes bookmarks, saved passwords, apps, extensions, browser history, search history, and more.
Picasa Web Albums (Google Photos)
- Go manage your Google Groups memberships here: https://groups.google.com/groups/mysubs
- If you haven’t been there in a month, consider leaving it. Under “Settings,” uncheck the boxes “Allow group managers to direct add me to their groups” and “Allow group managers to invite me to their groups.” That should be under your control, not theirs.
- Also be sure to Clear your recent viewing history and searches here. These are NOT deleted when you remove your regular Google Search History for some reason.
- If you haven’t used Google Music lately or at all, log into the Settings page here and clean up: https://play.google.com/music/listen#/settings
- I haven’t used it in two years, and have my music backed up elsewhere, so I deleted the library. Then I deauthorized all the old devices I’ve used to play Google Music in the past, just to be clean and tidy. If I don’t own that phone or tablet any more, why should I let it access my account?
Easy cleanup stuff to do every six months
In your account history on Google (or anywhere, really), it’s a good habit to do the following periodically:
- Delete old shipping\billing addresses.
- Delete old credit\debit cards.
- Revoke\disconnect old phones, tablets, and laptops you’ve authorized to use your Google account.
- Revoke\disconnect old apps and services you connected to your account.
- Make sure your account\password recovery email addresses and phone numbers are up to date.
Extreme option: Delete your entire Google account
If you’d rather just delete your entire Google account and be done with the whole mess — which I don’t recommend, because most people use Google in some way or another — visit this page for directions: https://support.google.com/accounts/answer/32046
Once you’re done with this entire process, you can rest easier with a better understanding of how your actions generate data about you, and how much Google and others know about you. And if you followed the directions on setting up app-specific passwords and 2-factor authentication, you’ll also have a much more secure account! Good luck out there.