Note: If I’m preaching to the choir and you just want to seedelete your info on Google, skip to the section marked “Let’s get started!”

Over the last year I’ve been seeing more and more people getting hacked and doxxed with their personal information being spilled all over the internet. Even if your own security is nearly perfect, that won’t matter if the companies protecting your data do a bad job of it. It’s easy to screw with someone’s life if you have enough information on them, and it’s not always obvious what information you’re actually broadcasting when you use services online.

These days, the only reason virtually any app or service is free is because your data is being sold to other companies, usually for advertising purposes. You’re using apps designed to harvest as much of your personal data as possible without you being conscious of it, then packaging it up for sale. And Google is currently the best in the world at it, with Facebook being a close second. They’re extremely large centralized sources of information, and they’re great targets for people you don’t want to have it to go get it.

The focus of this guide isn’t on arguing the morality of this, or about the nature of corporations, or even how intelligence services can use this data. I’m not an expert, and much smarter people than me have already written volumes about that. This guide answers one simple question: “If someone that didn’t like me hacked my Google account, what could they find there to hurt me?” The best answer to that question is “very little, if they can make it that far.” So I’ll show you how to lock it all down and keep your Google account safer.

That being said, it’s not as simple as just quitting Google entirely and deleting everything. Most of us have to use Google products or services for one reason or another, and the cost of giving it up is very high. I’m no exception, so I need to find out what Google knows about me, decide for myself how much of that I’m comfortable with Google knowing, and then deleting what they don’t need to know about me. That way I can still benefit from the great products Google offers, but on the terms I prefer.

Let’s get started!

Ask yourself: How much does Google really need to know about me?

I’ll begin by showing you what information Google has on you, and then how to remove it.

First, click here to view the Google Takeout dashboard, which is the complete list of all of your data Google stores across all its services. You have the option to download most of it, but you can’t delete it here. More on that soon.

Here’s what information it had on me:

• GMail: 10+ years of all my email correspondence and everyone I’d ever communicated with. It also saves all my GChatHangouts chats with all of my friends, family, coworkers, and exes.
• Google Calendar: Every appointment, event, and note I’ve had for 10+ years. House parties, doctor’s appointments, hotel and travel info, everything.
• Google Contacts: Everyone I’ve ever communicated with in Gmail or through Google Voice, which I use to manage my phone numbers, text messages, and voicemail.
• Google Drive: All of the personal and work documents I’ve ever uploaded, edited, written, shared, or had shared with me.
• Google Voice: A complete record of the time, date, and duration of every phone call I’ve sent or received for the 5+ years, as well as all of my text messages and voicemail in convenient downloadable form.
• YouTube: A complete history of everything I have ever watched, Liked, Favorited, searched for, commented on, subscribed to, shared, and added to playlists.
• Google Hangouts: The complete chat history and contact list of virtually everyone I know.
• Picasa Web Albums Google Photos: All the photos I take with my camera are uploaded here automatically. It shows the time, date, camera, camera settings, and my exact physical location for each photograph I took. This ties into Google+ and Google Photos now, so you may not realize that many Android phones back up all the photographs you take online. You have to opt into it but they make it easy to do accidentally.
• Blogger: All the blog posts I’ve made through their service, my drafts, as well as traffic and visitor stats of the people that visited and read my blog.
• Google Play Books: All the books I read, when I read them, and how far I’ve read them, if at all.
• Location History: A complete record of every place I’ve been since I started using Android phones. This happens automatically, and you have to opt out if you don’t want it.

That’s a hell of a lot of information, but I’d like to raise a huge red warning flag at the Location History tracking. If you use an Android phone, Google has been keeping an online record of every place you have ever physically visited, neatly illustrated with time and date stamps. I’ll show you. Click here: https://maps.google.com/locationhistory/b/0

Let’s say that someone steals your phone or laptop. If it’s not secured with a passcode or password, the thief has a complete record of where you live, work, hang out, and when. That’s more than enough information to know when you go to work to break into your home while you’re not there. Or simply to know which path you take to work, or home, or the most likely bar or restaurant you’ll be on certain nights. I cannot emphasize enough how irresponsible Google is to track all this automatically and making it this easy to find.

Ask yourself: Does Google really need to know every place I’ve ever been or will go, all the time? Do they really need to save it all forever? Who are they selling it to?

If the answer is no, then here’s how to fix that in ten seconds:

How to stop Google’s creepy always-on phone tracking

• Click here: https://www.google.com/settings/accounthistory
• Click “Manage history” next to “Places you’ve been.”
• Delete all history.
• Click the “Pause” button to disable tracking location history.

Keeping that same question in mind — “does Google really need to know this about me and save it forever?” — consider whether to delete and disable your Google Search History, your Youtube searches, and your Youtube watch history. Your Google search results’ quality may go down if you disable these, which is a small downside. You can’t undo deleting the history, but you can re-enable it at any time to start developing that search history anew. But this is the difference: You now have a choice about what information to give Google, and this is where you can make it at any time.

Start at the Google account settings dashboard and work your way down the list, opening each section you want to clean up in a new window: https://www.google.com/settings/dashboard

This tells you exactly which services you use and how much data it has on you, with convenient links to each page to change your privacy settings and delete your data. Keep this page open in one tab and keep going back to it as you work down the list to decide what to keep and what to remove.

Your list will be different than mine, so the steps below are showing what I did. You can decide for yourself which settings to use.

Google security setup (IMPORTANT!)

• Go to your Account Security settings: https://www.google.com/settings/security
• Choose or automatically generate a very strong password and store it in a password manager like LastPass, KeePass, or 1Password. If you use the internet without a password manager like this to create and store safe passwords, you’re making a serious mistake and are putting yourself at risk. See my #GamerGate Survival Guide for how to lock down your internet security in an evening. It’s very simple, you’ll only have to do most of it once, and you won’t have to remember or do much different than you already are now. And you’ll be safer.
• Set up 2-step verification. This will make your account vastly more secure against hackers. They’d need to physically possess your phone to log in if you enable this. Remember the celebrity nude leaks? That would never have happened if the celebs used 2-step verification.
• Use App Passwords for apps that connect to Google. This creates unique, custom passwords for your Google-connected apps. That will make it more difficult for apps you trust to suddenly turn malicious and mess with your primary Google account by making one-time-only random passwords. Remember the recent Dropbox hack? Same thing. Click “Manage App Passwords” and review which passwords and apps are currently being used, and Revoke any that you haven’t used in the last month.
• Set a Recovery phone number and backup email address. Hope you never need it, but be prepared.
• Under “App Permissions,” review the apps you’ve connected to Google. If you haven’t used any in the last month, Revoke it. Check this every three months. It’s smart to keep this tidy. Again, remember the Dropbox hack. It was a third-party service connected to Dropbox that leaked the Dropbox passwords.

Google and Youtube search history

• Go here: https://www.google.com/settings/accounthistory
• Click “Manage history” next to “Things you search for.”
• Delete all history.
• Click the “Pause” button to disable search history.
• If you want to disable YouTube Watch history and YouTube Search history, repeat the steps above for “Your YouTube searches” and “Things you’ve watched on YouTube.”
• Click “Edit Settings” next to Search Settings.
  • Disable Instant Search by clicking “Never show Instant results.” It seems handy, but it’s literally recording everything you type as you type it and sending it to Google to be saved, presumably forever. Even if you make a typo and correct it, change your mind as you type, or abort the search entirely.
  • Do not use Private Results. This searches your contacts, email, and Google+ page for information from your friends and companies you follow, and puts that in your Google Search results. For me that’s less of a security consideration than it is never having thought “I hope my friends’ Comic-Con photos start showing up when I search for stuff!”
• Click “Edit Settings” next to Ads Settings.
  • Have you ever searched for something on Google or Amazon, then had it show up in an ad on another site? That is not an accident. These ads literally follow you everywhere you go. Through a variety of means, Google and Facebook track virtually every site you visit across the internet — on desktop and mobile now! — and they take what they know about you and where you’ve been to make “better” ads for you. This is not hyperbole or exaggeration. Fortunately, this is easy to disable! Check these boxes:
    • Opt out of Interest-Based ads on Google.
    • Opt out of Interest-Based ads across the web.

Google+ profile removal

• Click here for info on deleting your Google+ profile: https://support.google.com/plus/answer/1044503?hl=en

Google Chrome Sync history

• Click here to delete the Google Chrome browser sync data stored on Google’s servers: https://www.google.com/settings/chrome/sync
  This includes bookmarks, saved passwords, apps, extensions, browser history, search history, and more.

YouTube

• Go to this page: https://www.youtube.com/account_privacy
• Check the two boxes for “Keep all my liked videos and saved playlists private” and “Keep all my subscriptions private.”
• If you don’t want to broadcast your activity on Youtube to social networks go to the Connected Accounts page and disconnect them: https://www.youtube.com/account_sharing
• Delete your Toutube watch history and pause it recording your history: https://www.youtube.com/feed/history

Picasa Web Albums (Google Photos)

• Remove your geotag GPS location data from your Picasa Web Albums photos, because it’s enabled by default: https://picasaweb.google.com/lh/settings?hl=en#permissions
• Also make sure to check both “Hide name tags” checkboxes.
• Make sure all your albums’ privacy settings are set correctly so you’re only showing which ones you want to the public.
• If you want to delete albums (which I just did), see how using this link: https://support.google.com/picasa/answer/39493?hl=en
• If you didn’t know, Google Photos on the Android phone automatically backs up your photos to Picasa Web Albums. They’re private by default, thank goodness, but it may not be obvious that this is what’s happening. Here’s how to find out if that’s on or off: https://support.google.com/plus/answer/1647509?hl=en

Google Groups

• Go manage your Google Groups memberships here: https://groups.google.com/groups/mysubs
• If you haven’t been there in a month, consider leaving it. Under “Settings,” uncheck the boxes “Allow group managers to direct add me to their groups” and “Allow group managers to invite me to their groups.” That should be under your control, not theirs.
• Also be sure to Clear your recent viewing history and searches here. These are NOT deleted when you remove your regular Google Search History for some reason.

Google Music

• If you haven’t used Google Music lately or at all, log into the Settings page here and clean up: https://play.google.com/music/listen#/settings
• I haven’t used it in two years, and have my music backed up elsewhere, so I deleted the library. Then I deauthorized all the old devices I’ve used to play Google Music in the past, just to be clean and tidy. If I don’t own that phone or tablet any more, why should I let it access my account?

Google Sites

• If you have or used to manage a Google Site, go to the Settings page: https://sites.google.com/?hl=en
  • Then limit the site visibility or delete it entirely with these directions: https://support.google.com/sites/answer/90598?hl=en

Easy cleanup stuff to do every six months

In your account history on Google (or anywhere, really), it’s a good habit to do the following periodically:

• Delete old shippingbilling addresses.
• Delete old creditdebit cards.
• Revokedisconnect old phones, tablets, and laptops you’ve authorized to use your Google account.
• Revokedisconnect old apps and services you connected to your account.
• Make sure your accountpassword recovery email addresses and phone numbers are up to date.

Extreme option: Delete your entire Google account

If you’d rather just delete your entire Google account and be done with the whole mess — which I don’t recommend, because most people use Google in some way or another — visit this page for directions: https://support.google.com/accounts/answer/32046

Once you’re done with this entire process, you can rest easier with a better understanding of how your actions generate data about you, and how much Google and others know about you. And if you followed the directions on setting up app-specific passwords and 2-factor authentication, you’ll also have a much more secure account! Good luck out there.

This is the one and only time I’ll reference #GamerGate. People I know and care about are being targeted for harassment by both individuals and groups on both sides of the divide. That is not cool. Women in particular are being targeted, and more of them than I’d care to admit are afraid to speak or interact online for fear of harassment. Regardless of which side you’re on, no one deserves to be harassed or to live in fear, and I want to help. Here is a quick, streamlined guide on how to keep yourself safe online and make harassing you and tracking you down much more difficult.

I am by no means an expert, but these tips will still help. This guide is intended to be very simple for non-techy people, and almost all of the steps you only have to perform once. If you follow this guide from start to finish, you won’t have to remember 95% of it, and your daily routine will remain virtually unchanged. And you’ll be safer. There is no such thing as total safety and total protection, but if you can take a few preventative measures to make yourself a more difficult target, you will be safer because trying to ruin your day will be too difficult to be worth a harasser’s time.

If you think this guide is useful, please share it with people you think it will help.

1) Two-factor authentication on everything.

What it does: Makes it extremely difficult for anyone but you to log into your accounts.
How long it will take: 15 – 30 minutes, depending on how many accounts you have.
Will I ever have to do it again? No, but set it up when registering on new websites.

Go to this list and check for websites where you have accounts: https://twofactorauth.org/

Follow each link to set up two-factor authentication. If you’re not sure what that is, it’s simple: If you log into a website, it wants to make sure you are who you say you are, not just someone with your login and password. This usually means it sends your phone a text message with a random, one-time-use code to type into the box as a secondary password. People almost always have their phones with them, so this is a simple, reasonable security precaution.

It takes very little time to set up, and besides having a strong password, it is the most important thing you can do to keep yourself protected online. Remember the celebrity nude leaks? That would most likely not have happened if the celebrities enabled two-factor authentication. The hackers looked up the answers to the celebrities’ security questions and logged into their iCloud accounts that way. If they’d used two-factor authentication, the celebrities would have received a text message with a one-time-use code. They’d know someone was trying to log into their accounts, and the hackers would have been out of luck.

It’ll probably take 15 – 30 minutes to set it up across all of your accounts, but it is absolutely worth the time. And you only have to do it once. If absolutely nothing else, make sure your email, bank accounts, social media, and domain registrars have two-factor authentication set up. Hacking websites is a popular tactic, and it’s surprisingly easy to break in and wreak havoc. Protect yourself.

2) Password manager for unique, difficult passwords.

What it does: Creates impossible-to-break passwords for all your websites, and you only need to remember one.
How long it will take: 30 – 60 minutes, depending on how many accounts you have.
Will I ever have to do it again? No, but use your password manager to generate new passwords for you when registering on new websites.

Go here and install LastPass: http://www.lastpass.com

Or for MaciOS users, use 1Password: https://agilebits.com/onepassword

Use their “Security Check” to see how bad the situation is. Set aside an evening to go through and change ALL your passwords to long, complex, secure, unique passwords. All you have to remember is your primary password for LastPass, and it will remember the rest. I have over 500 unique passwords from 12 to 40 characters across every site I use.

Think of it this way: Websites get hacked constantly and they lose their entire password lists. This includes usernames and possibly email addresses. These are distributed to tens of thousands of people all over the world. Even if it’s an unimportant site, you can still get in some trouble. Imagine you made one purchase at an online retailer five years ago, and they got hacked. Let’s also imagine that you used that same password to create an account at your local Pizza Franchise.

If someone wants to screw with you, they can try your publicly-available email address with this hacked password. When they log in, they will have your full name, home address, any other address you’ve put into the system, the last four digits of your credit cards, and the expiration dates. That’s enough information to do very unpleasant things to your life with, and that’s just what Pizza Franchise knows about you. They may have the best password and data security in the world, but you reused a password.

This will take some time, but again, you only have to do it once, and you only have to remember one password. Even if the website seems unimportant, slap a big, complex password on it. You don’t have to remember it, so there’s no reason not to make it a beast of a password for someone else to crack.

Also, disable your web browser from remembering passwords. It’s not safe. You can view all saved passwords in Chrome instantly in plain text if you have the password to the computer. If you’re in an office with shared computers, everyone already has that password. When you install the LastPass browser plugin, it gives you the option to import all of your saved passwords, and then to delete them from the web browser. Say yes.

IMPORTANT NOTE: If you get the option to use backup codes or back up your authenticators, do so. Writing down the password isn’t the safest thing to do, but if you can do that and put it in a safe place, it will save you a WORLD of pain. Trust me, it sucks.

3) Install PrivacyFix.

What it does: Locks down all your privacy settings across major social networks.
How long it will take: 5 minutes.
Will I ever have to do it again? No, but it’s good to check every six months.

Go here and install PrivacyFix: http://privacyfix.com/start

This is an extremely simple wizard that will take you through the privacy and security settings of Facebook, Twitter, Google+, and LinkedIn to make sure your information stays safe and secure. It will only take five minutes, it’s very easy to do, and everyone on the internet should do it. This will keep you and your data safe and help you understand how this works.

4) Lock down old Facebook posts and adjust your privacy settings.

What it does: Locks down all your privacy settings in Facebook, and hides your old posts so people can’t dig through them.
How long it will take: 15 minutes.
Will I ever have to do it again? No, but it’s good to check every six months.

Follow every step of this excellent, comprehensive guide: http://lifehacker.com/5813990/the-always-up-to-date-guide-to-managing-your-facebook-privacy

When you post on Facebook, make sure you’re only sharing it with Friends, and not the Public. This will keep you safer. I’ve heard of people going back months to years of peoples’ Facebook posts to dig up personal information to use to harass people. You don’t have to live in fear, but if you can remember this step, it’ll make behavior like that much more difficult.

5) Domain name whois guard.

What it does: Hides your home address and phone number from your website’s public records.
How long it will take: 10 minutes.
Will I ever have to do it again? No, but it’s a small yearly recurring fee to keep it.

When you register a domain name, you generally use your real address. This is a problem, especially because swatting — the term for a jerk calling the police and reporting a hostage situation or violent crime at your address, which usually sends a SWAT team there to harass you — is becoming more popular. It’s incredibly easy to look up, and it’s also incredibly easy to secure it.

Here’s how to see what information: https://who.godaddy.com/whoisstd.aspx?domain=yourdomain.com

Replace “yourdomain.com” with your actual website name, of course.

If you’re lucky, there’s nothing personal in there. But most people don’t know this. Check with your domain registrar, because they will always offer a service called a “Whois Guard” or something like it that will hide that information. It’s about $5 a year, but it’s worth it. And you only have to do it once.

6) Delete old accounts.

What it does: Delete your old, unused accounts.
How long it will take: 15 to 30 minutes, depending on how many accounts you have.
Will I ever have to do it again? No.

If you have any old accounts or profiles online that you’re no longer using, go in and delete them. Remove all your information first and overwrite it with fake information just in case, then delete it.

Here’s an extremely helpful website that shows you precisely how to delete accounts just about anywhere: http://justdelete.me/

7) Check the internet for your personal information.

What it does: Finds out what personal information on you is available online so you can take it down.
How long it will take: 15 to 30 minutes, possibly longer if you go through the manual removal request process.
Will I ever have to do it again? Yes, about every three months or so to be safe.

Search on these sites to see what the internet knows about you:

http://www.pipl.com
http://www.zabasearch.com/

There are instructions on these sites on how to remove your personal information from their engine. Or if you’d rather pay someone to search for all these things and remove them for you on a regular basis, for $129year you can use DeleteMe: https://www.abine.com/deleteme/landing.php

8) Use a VPN.

What it does: Encrypts all of your communications online to keep you private and secure, and very easily.
How long it will take: 15 minutes to read about it and sign up.
Will I ever have to do it again? No, just use the VPN application whenever you’re online.

A Virtual Private Network, or VPN, is a way to securely connect to websites online using encryption in a way that’s virtually impossible to eavesdrop on or track. There are a wide variety of companies that offer VPN service. It’s inexpensive ($3 to 5 a month), most of them are good, and it’s extremely easy to do.

Here’s a guide to the best VPNs to choose: https://torrentfreak.com/which-vpn-services-take-your-anonymity-seriously-2014-edition-140315/

Most trolls probably won’t go this far to try to attack you, but this is a simple, forget-it’s-there way of staying private and secure online all the time. You will only be safer for using it, and the only downside to using a VPN is that sometimes (not always) they are slightly slower than an unencrypted connection, since it’s routing your traffic anonymously through another server.

Also, I do not recommend using a public VPN. You don’t know who is running them or if they are trustworthy, and they transmit your communication in the clear, which is bad. Use a private service, and pay for it. This will also protect you from a lot more than just harassment.

9) Extreme options.

What it does: Shows you how to permanently delete your online presence and social media accounts.
How long it will take: 10 to 20 minutes, depending on how many you delete.
Will I ever have to do it again? No.

If you need to delete all of your old tweets: http://www.tweetdelete.net/

Link to delete Facebook: https://www.facebook.com/help/delete_account
Link to delete Twitter: https://twitter.com/settings/account
Link to delete LinkedIn: https://www.linkedin.com/settings/?tab=account&modal=nsettings-manage-email

If you need to use social media and register for websites but don’t want to use your real name, try the Fake identity generator: http://www.fakenamegenerator.com/index.php

The final option is the total removal of all of your social media accounts and presence from the internet. This is not recommended, but here is a link with directions: http://thechangewithin.net/2014/03/10/commit-internet-suicide-disappear-web-forever/

On a final note, if you’re being harassed and start to think of something more serious than merely internet suicide, please go to http://www.suicidepreventionlifeline.org/ and get help. Internet trolls aren’t worth it.

Be safe.

Is anyone out there using BitTorrent Bleep yet? It’s a slick messaging app for mobile and desktop that’s peer-to-peer, decentralized, and encrypted. Wild! It’s still in alpha, and I’d love to test it out with people. 🙂 Check out the app here: http://buff.ly/1xBoQsu

And then add me! Here’s my public key so you can find me:
bf8d8d2e1b722a3fb5cd4a5f977f1f9ed31a6e7e387e49481ca7b1957b645b21,jonjones

BitTorrent Bleep is an app that lets you communicate freely with anyone. No limits. No cloud required.
Link to full article.