How to Shrink Your Digital Footprint (Before Someone Else Profits From It)
Every app, every site, every loyalty card is quietly building a profile on you. Here's how to stop feeding the machine — in an afternoon, with tools you already have access to.
Updated 2026-04-19
Every app is a leak
Every time you open a browser or tap an app, you leave a trail. Not just the obvious things — the login, the search, the photo you uploaded — but a long tail of metadata sitting behind it. Which sites you visited and in what order. How long you stayed. Which device you were on. Which network. Which country. Most of that gets collected by default, by companies you've never heard of, for reasons nobody ever really explained to you. Your digital footprint isn't one file on a server somewhere. It's fragments of you, scattered across hundreds of databases. Your ISP has some of it. Your browser has more. The operating system on your phone, the apps installed on it, the sites those apps talk to, the analytics scripts those sites load, the ad networks those analytics feed, and then the data brokers who buy it all and resell it.
The asymmetry nobody talks about
Every one of those companies has made money off you. Not a lot individually — a fraction of a cent here, a targeted ad there, a bulk-sold database row somewhere else — but collectively, a lot. Your data is their product. Yet if you try to ask any of them for a copy of what they've got on you, you hit a wall. Government agencies are usually required by law to produce your records on request. A private data broker? They just don't care. There's no one to phone. The contact page is a form that emails a shared inbox somewhere. Sometimes you'll get a reply six weeks later. Usually you won't. That asymmetry is the whole problem. They've turned your behaviour into revenue, and made it nearly impossible for you to even see what they have. So the best available move isn't to ask permission — it's to stop giving them the material in the first place.
Start with what your ISP can see
Your internet service provider sits between you and everything else online. In Australia, they're legally required to retain your metadata for two years. In the US, they're allowed to sell your browsing history outright. In the UK, the Investigatory Powers Act lets agencies request it. None of this needs a warrant at the metadata layer — we're talking about who you connected to and when, not necessarily what you said. The single highest-leverage change you can make is to encrypt the connection between your device and the rest of the internet, so your ISP stops being able to see which sites you're hitting. That's what a VPN does. Your traffic goes into an encrypted tunnel, and your ISP sees one thing: you're connected to a VPN. Not the sites behind it. That one change lifts a big chunk of your activity out of the log they hand to advertisers, law enforcement, or anyone with a subpoena. If you go looking, choose one based in a privacy-respecting jurisdiction — Switzerland and Panama are probably the two best — with an independently audited no-logs policy. Avoid free VPNs. If you're not paying, you're the product, which is the exact dynamic you're trying to escape. We maintain a separate site, NoSpyOnVPN, that goes through the small handful of providers that actually hold up under that kind of scrutiny — worth a look when you're ready to pick one.
Clean up your browser
Your browser is the next-biggest leak, and it's often bigger than people think. By default, most browsers allow third-party cookies, run tracking scripts without blinking, and broadcast a "fingerprint" of your system — screen size, installed fonts, plugins, time zone — that's weirdly unique. Unique enough, usually, to identify you even with cookies disabled. Three things worth doing. Switch to a privacy-focused browser. Firefox with strict tracking protection turned on, Brave, or LibreWolf are all solid picks. Chrome is basically a data collection pipeline with a browser bolted to the front, so use something else. Install uBlock Origin. It blocks ads, trackers, and most fingerprinting scripts. It's free, it's maintained by one person who's repeatedly refused to monetise it, and it's better than every paid alternative. Tell your browser to clear cookies when you close it. You'll log back in to sites more often — yes, annoying — but that's the trade. Staying logged in everywhere is what keeps the fingerprint sticky.
Stop leaking from your email
Email is the worst-kept secret in privacy. Gmail, Outlook, Yahoo — all of them scan message contents. The justification has drifted over the years (ads, then "product improvement," now AI training), but the scanning never really stopped. And every email you send to or receive from a Gmail user passes through Google's servers, even if your account is somewhere else entirely. It's one of those things that sounds fine until you think about it for ten seconds. A private email provider — based outside the Five Eyes, end-to-end encrypted by default — fixes the receiving side of this. For the sending side, use an email aliasing service. It gives you a unique disposable address for every site you sign up to. When that site gets breached (and eventually it will) or starts selling your address to spammers, you disable that one alias. Your real address is never exposed. If you want a comparison of the providers that actually hold up, NoSpyEmail covers that ground.
Audit your phone
Open Settings and go through the app permissions. Be ruthless. A weather app doesn't need your contacts. A torch app doesn't need your location. A shopping app doesn't need background access to anything, ever. On iOS: Settings → Privacy & Security, and work through each category. On Android: Settings → Privacy → Permission Manager. Revoke anything that isn't clearly justified. If something breaks, you can always grant it back — but most of the time, nothing breaks and you just notice your battery lasting longer.
See what's already out there — and fight for its removal
Once a year, search your name, your email, and your phone number. Actually do it. Data broker sites — Spokeo, BeenVerified, WhitePages, and their hundreds of clones — publish this information by default and hide the opt-out deep in their terms. Here's where the asymmetry really shows up. They didn't ask your permission to list you. They made money on you. And now you have to spend your weekend filling in their forms to get yourself off their site, one broker at a time. You can request removal from each manually. It's tedious, some of them will demand ID before they'll act (which is its own kind of joke — hand over more data to prove you're the person they shouldn't have listed in the first place), and half the time they'll republish you six months later when they buy a fresh dataset from somewhere else. Services like EasyOptOuts or Incogni will do it in bulk for a yearly fee and keep re-requesting on the monthly cycle these brokers use. Worth the money for most people — you're essentially hiring someone to fight this war of attrition on your behalf. While you're at it, under GDPR (if you're in the EU or UK) and the Privacy Act in Australia, you can file a formal data access request with any company holding your data. You probably won't get a useful response from most of them — some will ignore you, some will send a PDF of raw database dumps that's incomprehensible on purpose — but every request lodged is a small cost to them, and a reminder that someone is watching.
Where to start
None of this is dramatic on its own. Taken together though, it changes what the internet can learn about you from here on. Your ISP stops seeing your browsing. Advertisers stop fingerprinting your browser. Apps stop inventorying your life. Data brokers stop getting fresh material to sell. If you only have the energy for one thing, make it the VPN. It's the single biggest lever — the one change that rewrites what your ISP, your network, and every site you visit can learn about you. Everything else is additive. That one is foundational. The companies that have spent the last decade quietly monetising your attention have no incentive to tell you what they hold, no process to hand it back, and no intention of stopping. The only reliable leverage you have is to stop feeding the machine.
Ready to act on this?
We've reviewed the tools so you don't have to.