Latest news with #NYTWirecutter
New York Times
a day ago
- General
- New York Times
My Neighbors Stared. I Cut My Lawn With a Scythe Anyway.
Finally, after months of fiddling and frustration, my scythe was actually cutting something. The massive blade on this ancient mowing tool sliced through row after row of overgrown weeds with nice, easy swings. And it was quieter and worked faster than a modern-day string trimmer. Up to this point, I'd been hacking and grunting my way around the yard. I'd heard that scything could be relaxing, even meditative, but all I'd done was curse and sweat, and repress the mild embarrassment I felt when the neighbors stared. Who would enjoy this? Maybe struggle and self-denial were the point, and inner peace would blossom from the pain of living like a medieval peasant. But social media videos from scything celebrities including Slåttergubben and Scythe Dad made it look so smooth and productive — a healthy workout, for sure, though nothing like the punishment I'd been inflicting on my back and arms. So I sank another $100 into yet another piece of gear, dedicated another hour to learning yet another ancient technique, and took one last crack at this goofy experiment. Here was the payoff. The flow state I'd been promised was finally setting in. Then an old SUV rumbled up, and the driver called out, 'Wow, a real-life grim reaper. Nice scythe, kid.' Transcendent. Your neighbors will stare, but a scythe is a beautiful, meditative tool. If used correctly, it's very effective at cutting grass or an overgrown area. $197 from Lee Valley Tools For a European-style scythe (like the one we recommend), you'll need to shape the blade's edge before you can really sharpen it. This peening jig is the easiest way to do that. Once the blade was properly sharpened, my scythe made quick work of the overgrowth. A neighbor even stopped to show his appreciation. Liam McCabe and Aubrey Patti/NYT Wirecutter My quest had been inspired by Wirecutter's guide to string trimmers, into which my colleague Doug Mahoney snuck a scythe recommendation. He called it a 'beautiful, meditative tool' for those who are 'constantly looking for a 'different way,' and don't mind being seen as a little odd.' I definitely got my neighbors' attention — some stared, others pretended not to see me, and a few seemed concerned. But there were also people who struck up friendlier conversations and shared their own scything stories. The guy in the SUV told me about the one time he'd used a scythe. Another neighbor talked about watching her Central European grandfather swing a scythe around the garden — even after the Soviet Union had dissolved and lawnmowers became easier to find. Your neighbors will stare, but a scythe is a beautiful, meditative tool. If used correctly, it's very effective at cutting grass or an overgrown area. $197 from Lee Valley Tools As far as actually cutting the grass? Occasionally I bludgeoned the tips off of some leaf blades, but mostly I huffed and puffed without much to show for it. A couple times I convinced myself that I was working more efficiently due to a small adjustment I'd made to my scything stance or the angle of the blade. But that was wishful thinking. After a few weeks, I still hadn't gotten the hang of it, and my front yard was becoming an eyesore. I didn't want to give the neighbors too much to talk about, so I went back to managing it with my mower and string trimmer. Time away from the mower gave me a renewed appreciation for how fast and neat it is to use one. A lawn mower is louder than the scythe, but my front yard sits next to a busy state road, and the traffic is louder than most yard equipment anyway. My mower also runs on batteries, so to the extent that I care about minimizing its impact on the local environment, I'm perfectly comfortable with that setup. As for the string trimmer, meh: It's slow and uncomfortable, and it makes a mess. But it does the job where the mower can't. Still, I'd already spent almost $200 on the scythe setup, and at least it was decent exercise. So I resolved not to give up entirely, and I let my backyard grow into a wild scything laboratory while I tried to figure things out. Some successful scythers suggest that the quickest way to pick up all of the necessary skills is to attend a workshop. But I couldn't find any within driving distance of my house. It was only after I turned to another primordial technology — printed books at a public library — that I finally figured out my problem: I'd never properly sharpened the blade. Scythe Dad — or Sebastian Burke, from Lancaster, Pennsylvania — told me that he'd gotten into scything about a year ago, basically the same way that I did. 'It started as sort of a joke with a friend,' he said. In Burke's viral scything TikToks (filmed and posted by his wife, Lyndsey), each smooth swing of the scythe completely clears a neat semi-circle of grass, so it almost looks like it's lying down and taking a nap. A key difference between us is that Burke spent hundreds of dollars and put in hours of research and sweat equity over several months in order to learn how to sharpen his scythe. I, on the other hand, had tried to save a few bucks. Why buy some obscure sharpening tool — useful only for scythe blades — until I figured out whether I enjoyed scything in the first place? Scythe blades come in a wide range of sizes. I chose a 30-inch blade, which is a good length for slicing light grass and thicker weeds alike. The entire kit weighs only a couple of pounds. Liam McCabe/NYT Wirecutter But that's not how it works. If you're scything, you're also sharpening. European-style blades, like the one I bought, usually need to be 'peened' first. Peening is the process of hammering the business end of the blade's malleable steel into a fine edge. So as much as I tried to hone the fresh factory edge with a whetstone (and later a bastard file), it remained hopelessly dull. For a European-style scythe (like the one we recommend), you'll need to shape the blade's edge before you can really sharpen it. This peening jig is the easiest way to do that. If you don't commit to buying a full set of peening and sharpening gear on day one, and then practice how to use it — essentially an entire hobby on its own — then scything is a waste of time. There's no dabbling. You either need to go all in or stick with your lawnmower and weed whacker. As Burke and I had to do, you'll probably need to teach yourself every aspect of scything: stance, setup, sharpening, all of it. I eventually found great video tutorials on all of those topics. But because scything is such a niche pursuit, the advice didn't land in my feeds with the sort of algorithmic serendipity I'd grown accustomed to for, say, gardening or DIY home improvement. My scythe was hopelessly dull until I hammered it out with a peening jig, which smushes the malleable steel blade into a thinner edge. Everyone I watched on YouTube had mounted the jig in a stump, so that's what I did too. Liam McCabe/NYT Wirecutter The handle, or 'snath,' that I bought wasn't very good (it's not from the kit we recommend). And I've struggled to get a good cutting angle even after some modifications. If I could do it again, I'd spend extra on a better setup. Liam McCabe/NYT Wirecutter My scythe was hopelessly dull until I hammered it out with a peening jig, which smushes the malleable steel blade into a thinner edge. Everyone I watched on YouTube had mounted the jig in a stump, so that's what I did too. Liam McCabe/NYT Wirecutter Burke said he ended up learning a lot through trial and error. He's tried out a few snaths (handles), a half-dozen blades, and other accessories. After experimenting with different peening and honing tools and techniques for a couple of months — going so far as to check the edges under a microscope — he could finally get the blades sharp enough that scything started to feel easy. 'Once I got a feel for it, then it was like, 'I can't go back,'' Burke said. 'It's even starting to dictate how I garden now.' Since a scythe is so much quieter than a lawnmower, he usually cuts the grass before his family wakes up in the morning or after they go to bed. Burke said he finds it easier to scythe the slopes of his property than to push a lawnmower up and down them. The long, neatly cut grass makes a great mulch. He's happy that he's not spraying spools' worth of nylon string trimmer shards into the ecosystem every year. And then there's the vibe: 'The meditative satisfaction is really rewarding … the texture, the feel of it, the sounds — you hear birds all around you.' I'm still chasing that bliss. Even after I bought a peening jig and hammered out the edge of the blade well enough to glide it through all of those overgrown weeds, my scythe still wasn't cutting grass very well. Should I change the angle of the blade? Do I need an even-sharper edge? I need to do more research, and there's probably more gear that I need to buy. Did I mention I like my lawnmower? This article was edited by Megan Beauchamp and Maxine Builder. Clean up your lawn's ragged edges, awkward corners, and steep slopes with a string trimmer. Keep your lawn looking great with these low-hassle, high-performing mowers. A version of Ego's powerful, efficient, cordless lawn mower has been our top pick since 2019.
New York Times
a day ago
- New York Times
Fujifilm's Medium-Format Point-and-Shoot Costs More Than a Used Car. We Took It to Mexico City.
Photos look great right out of the camera. Strange as it may sound to seasoned photo nerds, I went into my trip with the GFX100RF with the intention of shooting JPEGs — essentially using this $5,000 camera the way my parents documented family vacations with their film point-and-shoots. And guess what? It worked spectacularly well. As with all the images in this article, this one is straight out of the camera, with no editing. The colors, tonality, and sharpness are what you can expect from using this camera as a true point-and-shoot. Ben Keough/NYT Wirecutter The GFX100RF excels as an everyday-carry camera, perfect for capturing unexpected moments and compositions that catch your eye as you walk past. Ben Keough/NYT Wirecutter The camera's default 4:3 aspect ratio is the same as what you get from the iPhone and other high-end smartphones, but it's taller than what most photographers are used to from 35mm film and most digital cameras. Ben Keough/NYT Wirecutter As with all the images in this article, this one is straight out of the camera, with no editing. The colors, tonality, and sharpness are what you can expect from using this camera as a true point-and-shoot. Ben Keough/NYT Wirecutter This shouldn't be a surprise to anyone who has used Fujifilm's X-series cameras, since JPEG shooting is what they're all about. The company leverages its film history with what it calls 'film simulations,' JPEG presets that provide the vibe, if not the exact look, of legacy film stock such as Provia, Astia, and Velvia. On my trip, I made liberal use of Classic Chrome, which produced a slightly sun-kissed, desaturated look that meshed well with the yellows, browns, and greens of the Mexican landscape. But I also turned to the GFX100RF's Acros black-and-white modes for dramatic interiors. And I made use of a wide range of 'recipes' by third-party creators, some of which are intended to re-create the look of film my parents might have used, such as Kodachrome 64 and Portra 400. The aspect-ratio dial got constant use. This control — unique to the GFX100RF — can switch between common ratios such as the camera's native 4:3 and the more-common 3:2, as well as more niche compositions like 65:24 (known as the Xpan crop) and vertical orientations such as 7:6. The GFX100RF's unique aspect-ratio dial got a lot of use during my testing. Michael Hession/NYT Wirecutter Like many pundits, I thought I would never touch it, and it would just take up space. But much to my surprise, I quickly found that I loved composing in the ultra-wide Xpan format. It's true that I never used most of the dial's settings, but I still found myself turning it nearly every time I picked up the camera. The so-called Xpan crop does a great job of cutting out extraneous foreground and sky in this composition of the Pyramid of the Sun at Teotihuacán. Ben Keough/NYT Wirecutter Here, it neatly frames a row of poolside recliners at Hotel Hércules in Santiago de Querétaro, Mexico. Ben Keough/NYT Wirecutter It can also help produce a cinematic look in landscape shots like this one. Ben Keough/NYT Wirecutter The so-called Xpan crop does a great job of cutting out extraneous foreground and sky in this composition of the Pyramid of the Sun at Teotihuacán. Ben Keough/NYT Wirecutter My only wish: That the order of the aspect ratios was customizable. Its massive megapixel count gives you a lot of flexibility. The staggeringly high-res 102-megapixel sensor doesn't come without downsides: Because the files are huge (around 60 megabytes for JPEGs and 210 megabytes for raw files), they may slow your photo-editing software to a crawl, and you can't share them on social media without first resizing them. But the detail! It's really something to behold. This shot of my dog's foot doesn't look like anything special, especially when resized for web viewing like this… Ben Keough/NYT Wirecutter …but cropping it to show its full detail reveals how much information the 102-megapixel medium-format sensor collects. Ben Keough/NYT Wirecutter This shot of my dog's foot doesn't look like anything special, especially when resized for web viewing like this… Ben Keough/NYT Wirecutter That massive resolution also allows you to do things like crop ultrawide and still end up with a reasonably large, printable image (an Xpan crop at the native focal length still nets you 50 megapixels). You can also keep the native 4:3 aspect ratio and punch in to crops replicating the field of view of a 45mm, 63mm, or 80mm lens. The narrowest still yields 19.5-megapixel images. True, you could do all of that in post-processing if you wanted to, but composing in-camera with the framing you have in mind is a more natural, joyful experience. The lens is sharp enough. The GFX100RF's 28mm-equivalent lens is very sharp in the center right from f/4, though the corners need some stopping down to reach their full potential. The lens can also focus quite close — 20 centimeters (or a bit under 8 inches) from the sensor. You need to use that close-focusing capability to get much bokeh out of the wide-angle lens, but when you manage to do so, it looks quite nice. For street photography, the 28mm focal length is nearly ideal. Ben Keough/NYT Wirecutter While perfectionist landscape photographers may be annoyed by the lens's slightly softer corners, that ultra-sharp center is all that most people are likely to need for everyday subjects, especially when shooting at f/4, where the corners are more likely to melt away into depth-of-field-induced blur. Despite its retro design, it handles well. One downside of virtually all 'retro' digital cameras is their lack of a DSLR-style front grip. As the owner of both a Fujifilm X-T5 and a Nikon Z f, I'm very familiar with this phenomenon. Like most Fujifilm cameras, the GFX100RF is encrusted with manual control dials for shutter speed, aperture, ISO, and exposure compensation. You can use them to shoot fully manually, or you can automate as many functions as you like. Michael Hession/NYT Wirecutter The GFX100RF has a body design similar to those cameras, but its slightly larger body size overall makes its subtle grip proportionally chunkier. Even with my large hands, I was never annoyed while carrying it. Paired with a gentle contour, the textured leatherette on this grip provides just enough purchase in almost any situation. The GFX100RF's screen tilts up 90 degrees and down 45 degrees, similar to the one on the Fujifilm X-T5. Michael Hession/NYT Wirecutter Of course, if it isn't enough grip for you, Smallrig and other accessory makers sell add-ons. It feels like a premium product. Fujifilm's X100-series cameras have always felt well made, and the GFX100RF, being more or less a big X100 camera, continues that tradition. The body is milled from a single block of aluminum, and the top and bottom plates are also machined aluminum. The power button and all of the dials have a reassuring, heavy tactility. The GFX100RF's build quality is solid, with an all-metal exterior and buttons and dials that provide pleasing tactility. Michael Hession/NYT Wirecutter
New York Times
7 days ago
- New York Times
Our Privacy Expert Tried, and Failed, to Disappear From the Internet
Published June 25, 2025 By Max Eddy Max Eddy is a writer who has covered privacy and security—including password managers, VPNs, security keys, and more—for over a decade. A b o u t a d e c a d e a g o , I s t o p p e d h e a r i n g f r o m a n o l d f r i e n d o f m i n e . T h e y h a d a h a b i t o f d i s a p p e a r i n g . I ' d b e c o m e u s e d t o t h e i r d r o p p i n g o f f t h e m a p , s o m e t i m e s f o r y e a r s . T h e y ' d a l w a y s p o p u p a g a i n w i t h a n e w e m a i l a d d r e s s o r u s e r n a m e a f t e r a w h i l e . B u t n o t t h i s t i m e . Explore all articles Miguel Porlan for NYT Wirecutter I had long known that they were a deeply private person, but their desire for privacy never seemed to affect our friendship. We'd catch up over direct messages or meet for coffee as if no time had passed. But this time, their disappearing act seemed to have stuck. I tried to track them down by using search engines and combing social networks, and I figured something would turn up. But I was wrong. They had ceased to exist — online at least. Disappearing is a tough trick when almost anyone who knows your name and a few identifying facts can potentially find your home address, cell phone number, family members, and other personal details — a reality that is at the very least disquieting, if not dangerous. Not to mention other sources of personal information, like photos that appear on company websites for jobs you've long left, class pictures from schools you graduated from decades ago, or snapshots from a family reunion posted by a distant relative. Taking those down might require some rather awkward conversations. O n c e y o u r i n f o r m a t i o n i s o n t h e i n t e r n e t , r e m o v i n g i t c o m p l e t e l y i s a l m o s t i m p o s s i b l e . But, in part because I was inspired by and curious about my disappearing friend, I decided to try. As a privacy journalist, I have given all manner of advice for how to secure and obscure an online life, but I'd never undertaken a project that extends the idea of privacy to its logical conclusion: by disappearing completely. So I set out to erase my online life. I failed. Finding myself (online) The most obvious way to see what everyone else can easily learn about you is by Googling yourself. Type in your name, followed by 'address' or 'phone number,' and you'll likely find websites that list your personal details for anyone to see. Google offers a tool to take down some search results containing your personal information, but doing this only prevents the information from appearing in a search — the original sites still have your information. Many of these websites are owned by data brokers, which compile files about individuals from a variety of sources and then sell that information to whoever wants it. Getting data brokers to take your personal information down is possible, but you have to navigate through each broker's process manually. Or you can use a data-removal service, such as our top pick, DeleteMe, which automates the process for you (for a fee). Miguel Porlan for NYT Wirecutter Looking at data broker sites, I was shocked to see my old email addresses, current and former home addresses, and phone numbers up for sale. But the information wasn't always accurate. I found several Max Eddys who lived at an address that was close to, but not exactly, where I grew up in Michigan. I also came across Max Eddys who were older or younger than me but were linked to my parents, siblings, and cousins on these websites. Perhaps these people do exist, or perhaps they were invented as a result of errors and mismatched data. In the eyes of data brokers, we're all interchangeable. The Best Data Removal Services I tested nine data-removal services and used them to remove my personal information from data broker websites. So far, much of my information has been taken down, with only a few crumbs of correct information and old photos that persist on some data broker sites. But after spending hundreds of dollars and weeks of my life on this effort, I still haven't fully succeeded. Some sites might never take the information down, and DeleteMe's co-founder Rob Shavell told me that some data brokers may start selling my information again in the future. Miguel Porlan for NYT Wirecutter With nearly a dozen data-removal services hard at work removing me from data broker sites, I next tackled online accounts that I had created for myself. These included the obvious ones, such as Facebook and Instagram, but also all the others I'd created over the years that I'd completely forgotten about. Deleting them was obviously the easiest option, and it would have gone a long way toward actually removing myself from the internet. But I believed that keeping my online accounts alive and inactive, but with less personal information, might actually be preferable, as doing so would make it much harder for someone to fill the void created by my deletions by impersonating me. Let me explain. I came up with a plan to create what experts call 'synthetic data,' or made-up information about myself. If I were to continue to use the same information between accounts — username, email address, contact info, real name — it would be easier for companies and snoops to connect the dots back to the real me. Instead, I would use a text generator to come up with unique names and screen names and generate random bitmap images to replace profile photos so that my online accounts couldn't easily be connected back to me. I consulted Bill Budington, a senior staff technologist at the Electronic Frontier Foundation, who suggested that opting for even a slight variation on a name makes it harder for people to find you. Most online accounts require a functional email address, so I decided to replace my real email address on each site with a unique masked one to make myself harder to find. Here's how it works: If you have my email address (say, you can probably deduce who I am across a constellation of websites by looking for it. But if I change the one I use for X to aer2ao7vs@ and my address on Instagram to t1aes76r3@ and so forth across all my accounts, it becomes much harder for other parties to draw connections. You can create masked email addresses with a service like Apple's Hide My Email or the Firefox Relay tool, both of which create burner email addresses that forward messages to a personal email account. Gmail allows you to make small changes to your email address, such as adding '+' followed by any phrase, but I found masked emails easier to manage. For each account, I planned to remove as much personal content as I could, including photos, comments, and posts. I didn't want to leave up any information that a snoop could use to find me, my family, or my friends. But I was also eager to shed the baggage of 25 years of living my life online. I'm certainly not the same person who tweeted about trying out a new music service called Pandora for the first time in 2007. Your Data Appeared in a Leak. Now What? I am a security journalist, so perhaps unsurprisingly, I've been using a password manager for close to 15 years. I combed through Bitwarden, Wirecutter's budget-pick password manager and my personal favorite, to see how many accounts I had signed up for. The answer was a staggering 356. I needed to trim that list to something more manageable, so I turned to Have I Been Pwned, which lets you search data breaches for your personal information. I prioritized the accounts that I knew had been exposed to data breaches (about two dozen), and then I added about 30 more that I thought were likely to have personal information such as my address, date of birth, and financial details. 'Starting with where your accounts are and where they've been compromised is like hygiene that most people don't do, but should be doing,' Shavell told me. Confronting the past With my plan in place, I started scrubbing my accounts from websites I barely remembered using. Patreon? Gone. Gravatar? Sure, why not. Kickstarter? Kicked to the curb. An ancient WordPress blog I don't remember creating? Scrubbed clean, hopefully before anyone noticed that it existed in the first place. Other sites I had completely forgotten about, such as the beer-rating app Untappd, or had never actually used, like Nextdoor — the latter of which I did actually just delete. Erasing my online social life proved to be more challenging than I'd expected in about every way; even just getting into the accounts was challenging. Photo-album site Flickr was once a photographic repository of my life, but the website wouldn't let me log in. When its password-recovery process failed, I found an option to submit different versions of photos I had stored in Flickr to prove I was the owner. I was able to get back in, but other people might not be so lucky. Then it was time to delete LiveJournal. I hadn't recalled posting or interacting much on the online-diary website, so I was gobsmacked to discover that I had written hundreds of entries. I decided to keep those mementos of past me, even the ones that had aged like milk, but downloading them to save them offline wasn't easy. I found an option to export the entries as a spreadsheet, an almost avant-garde choice for storing prose, but I could download only one month's worth of data at a time. Share this article with a friend. Downloading the posts was exceptionally tedious — and then I had to manually delete each post. It took over three hours to delete two years of my life. Tackling X, formerly known as Twitter, proved to be another taxing task. I'd made my first tweets by text message, patiently pushing the keys of a flip phone to find the right letters. I had 103,000 tweets, 40,000 retweets, and 130,000 likes that I needed to remove. Deleting the account would have taken mere seconds, but I wanted to keep the account alive but inactive to ensure that no one would try to impersonate me in the future. Preparing to delete my data from X, I was reminded of my friend who had vanished from the web. Even in the early 2000s, they were careful about their online presence. They used Twitter, but they deleted their tweets and changed accounts regularly. If I posted something about them, a picture or even just a passing reference, they called — on the telephone — and politely asked me to take it down. I thought it was odd at the time, and I sometimes resented it a little. Now, facing down the task of deleting over 100,000 tweets, I think they were on to something. There was no way that I could possibly remove that many posts on my own. So I enlisted the help of Cyd. An open-source tool, Cyd (which stands for 'claw back your data') automatically deletes X posts, interactions, bookmarks, and direct messages. Based on my experience, Cyd can clear out 70,000 tweets in about three and a half hours. You can find other tools for deleting old tweets, such as TweetDelete, but I opted for Cyd because I'd had a good experience using it to clean up a personal Twitter account. I also liked that Cyd didn't need to store any of my personal information; the entire process is managed in an application on my computer, not a service on the cloud. Smart TVs, Cameras, Speakers and More Are Fishing Nets for Your Data. What Are They Catching? Watching Cyd work was mesmerizing. My posts flashed by almost too fast to read; it was like watching my life pass before my eyes. It was fun to revisit my posts at warp speed, but painful, too, because each time something appeared on the screen, it was also being deleted. Photo from my wedding? Gone. Photo of my pet rat, Pepper? Gone. The process made me choke up a bit. On to Meta. I had seen scammers impersonate my family members on Facebook before, so retaining control of my Facebook and Instagram accounts was critically important. Meta does provide the option to temporarily 'deactivate' Facebook and Instagram accounts instead of deleting them. That might be a good option for anyone who might return to using these platforms, but I preferred keeping my accounts alive but empty. Miguel Porlan for NYT Wirecutter Watching Cyd delete my tweets was painful, but watching the contents of my Instagram account disappear was excruciating. Cyd doesn't work on Instagram or Facebook (though the latter will be supported soon, the Cyd documentation says), so I used a macOS app called Automator to record and repeat mouse movements and clicks. I recorded myself deleting one Instagram photo and then put it on a loop to take care of the rest. (The downside: I couldn't use my computer while it ran.) The automation was still running that evening when some friends came by for dinner, and I showed it off. They were initially impressed, but it started to feel awkward. 'Oh,' said one. 'This is going to start deleting pictures of me soon, isn't it?' They quickly went back to the kitchen. Taking on Facebook was by far the most difficult aspect of this project, and where I had the least success. Deleting or temporarily deactivating Facebook wasn't a good choice for me because, like many people, my relatives use the social network to stay in touch, and those options would have prevented family from finding me on the platform. I tried to apply what I had learned so far, but I discovered that Facebook's settings are a nightmare to work through. Powerful options are available, but the process of finding them and using them, amidst pages and pages of settings and educational material, is byzantine — Kafkaesque, even. I discovered that you can retroactively limit who can see your posts, as well as prevent search engine and image search of your content. You can also pull up a log of your interactions on the platform, which lets you delete comments that have become problematic with age. I frequently struggled to trace my own steps to figure out how I took some actions. Even now I'm not sure. When I changed my Facebook profile photo, I selected one that shows my face but is also warped to be bizarre and off-putting. I felt clever, like I'd outsmarted the social graph, but within minutes it got several likes and comments. I forgot that Facebook promotes every change you make to your friends. I had blundered into feeding it more content. Share this article with a friend. I then came across hundreds of photos and copies of all my Instagram pictures in my Facebook account. I tried to automate deleting them, but that didn't work. In the end I spent several hours rhythmically clicking — and I understood all too well why most people don't attempt to do this. Finally, after days of combing through Facebook, I succeeded in removing most of my information. The only remaining photos on my Facebook page were those I was tagged in by family and friends. Here, I struggled. What would they think if I removed the tags? I asked my spouse for their thoughts: 'I untagged myself from every picture years ago,' they told me. 'Tags are stupid anyway.' But even if I were to remove the photo tags, the photos would still be on Facebook. The only way to actually get rid of them would be to ask my family members to delete them. I dreaded this, and I worried that they would feel like I was rejecting them. And so I posed the question as a hypothetical to two relatives: Would they be upset? Miguel Porlan for NYT Wirecutter To my surprise, both told me they would have absolutely no problem removing the pictures. Both said they had dramatically changed how they used social media in recent years. One had already removed most of their old posts and doesn't add anything new, except to private family groups. The other still posts but made all their old and new posts private. Both expressed a deep distrust in sharing their lives publicly these days. Taking down a photo upon my request wouldn't be hurtful, they said, because the picture lives offline — they can look at it whenever they want. This project had me concerned about other people's feelings — what would my loved ones, friends, and even acquaintances think if I asked them to remove artifacts of me? How would they respond? I n t h e e n d , o n l y o n e p e r s o n — m e — s e e m e d t o m i n d . One enormous repository of my social life escaped relatively unscathed from my efforts to delete myself. Foursquare, a social network where people voluntarily checked in to locations like shops, restaurants, and airports, was once a favorite app of mine. Nowadays, companies are more likely to siphon this information quietly from your phone with far greater geographic accuracy, but Foursquare gamified and socialized the experience when it launched in 2009, and I was a frequent user. Stripping it of information linked to me was easy, so it's unlikely to be found in a simple Google search, but short of deleting my account I couldn't find a way to hide or remove my hundreds of check-ins. But I also discovered that I didn't want to. Browsing the list, I could see all the Tuesdays I spent at the Burp Castle, the bar where I briefly held the 'mayorship' on the Foursquare leaderboard. Little icons on my check-ins showed that friends had joined me, including the person I would eventually marry. My mayorship might be long gone, but simply erasing this running record of years of my life didn't sit right with me. So I didn't. The information you can't scrub clean The experts I spoke with, and my years of reading on the subject, had all suggested that public records were the upstream sources for the reams of personal information found on data broker websites. I was able to find my information in public records, and much of it was worryingly comprehensive, but it wasn't as accessible as I expected it to be. It also wasn't easy to remove. I own my home, so I was able to pull up my property records using some surprisingly user-friendly tools on my local government's website. Depending on where you are registered to vote, your voter record can include personal details, such as your current address. But I could access property and voter records only one at a time, and I needed to know a lot about a specific person to access those records. The largest trove of personal information I found was in records for political contributions. Using the Federal Election Commission's search tools, I pulled a list of people who contributed to presidential campaigns from the past 16 years. I easily found records that showed a name, employer, and contributions. But when I downloaded the data, I found that the document included full addresses, as well. Miguel Porlan for NYT Wirecutter Budington and other experts I spoke with recommend visiting your municipal records office to ask what information is publicly available on you, and to see if there is any option to have it removed or limited. A friend of mine said that they had some success removing some minor information from their voter record in their relatively small town, but I had less luck in my city. I consulted my local municipal records bureau website, which instructed me to first reach out electronically before scheduling an appointment. The records bureau responded quickly but said that because my request pertained to records of property, by law it could be only corrected for errors, not removed. The agency that manages local elections told me that it is possible for a voter file to be made private, but only in the event of domestic violence. Share this article with a friend. The FEC told me that there was no option to have my data removed once it had been reported, but I was also told that the data cannot be used 'for the purpose of soliciting contributions or for any commercial purpose,' although there are instances where the data can be used. However, the FEC said that 'individual contributors [don't have] to divulge personal information if they choose not to do so.' The downside of disappearing Googling my name is less terrifying than it used to be. The data brokers with the top Google results no longer list me, and the ones that do might eventually give in to my data-removal requests. And I ceded the top Google result for my name — Max Eddy — to a comedian named Maxx Eddy. (Congratulations, Maxx.) I still have work to do. Searching for my usernames still pulls up accounts I have yet to remove. You can still see my photo and byline on old employers' websites, which I'll likely leave alone since it helps prove that those stories were written by Max Eddy the security journalist, not someone else. But there's less information about me out there that I don't control, and I have a framework for clearing out old accounts and creating new ones that aren't troves of identifiable information. 'Ultimately it's not futile,' said Peter Dolanjski, director of product at the privacy-focused search engine DuckDuckGo. 'Taking some steps to protect yourself is better than doing nothing.' Deleting my digital history was painful. I felt like I was both erasing myself and also preventing people I care about from reaching out to me to reconnect. I couldn't bring myself to sever the potential of future contact, as my vanished friend did. Miguel Porlan for NYT Wirecutter A few months ago, I tried to find them again. I called every phone number, searched every username, and emailed every address I could find, but nothing worked. I reached out to mutual friends — even to strangers who had been cc'd on the same emails — and came up with nothing. This person clearly doesn't want to be contacted. I looked for my friend one last time while writing this article, and I found a photo of them from middle school posted on a school-district website. After all of our efforts to disappear, traces of my friend — and of me — still exist online. Making it harder to find yourself is clearly effective — even if you don't vanish entirely, scrubbing your internet trail makes it more difficult for data brokers, strangers, and malicious actors to find your information. Some digital artifacts will always remain beyond your control and could pop up in surprising ways. But maybe you don't need to completely erase yourself from the internet to disappear. Sometimes people get the message. This article was edited by Caitlin McGarry and Jason Chen.
New York Times
7 days ago
- Business
- New York Times
Yes, Your TV Is Probably Spying on You. Your Fridge, Too. Here's What They Know.
Miguel Porlan for NYT Wirecutter By Rachel Cericola, Jon Chase and Lee Neikirk Published June 25, 2025 This is not a conspiracy theory: Many of the devices living in your home are quietly collecting towering heaps of information about you. Your TV, your doorbell, your security system, your thermostat, even your earbuds — all of them are involved. Some of that data may be shared, analyzed, and then sold to the highest bidder, hundreds of times a day, by organizations you've never heard of. To be fair, some of the information is what you voluntarily provide when you decide to use a smart device or sign up for a service. And some of it, you almost certainly agreed to share, accidentally, by clicking through boilerplate terms-of-service pages. Still, more than a thousand so-called data brokers have access to — and profit from — personal data, through a largely invisible marketplace. As Peter Dolanjski, senior director of products at privacy-software company DuckDuckGo, characterized the amount of data collected: 'It would blow the average person's mind.' Explore all articles The story of smart-home devices and your personal data is merely one chapter in a much larger tale, that of the immense, and largely hidden, data industry. More than a thousand companies in the U.S. alone, including companies that make or sell many of the products in your home, are devoted to gathering your personal data. These companies collect and sift through as much data as they can scrounge in order to create a unique profile of every consumer. They package those profiles and sell them, to advertisers and research firms, to banks and credit card companies, to home and health and car insurance companies, to landlords, to government agencies, to law enforcement — essentially almost anyone willing to pay. According to a 2021 report by the Duke Sanford Cyber Policy Program, which examined the collection and sale of sensitive personal data by 10 major brokers, all of them 'openly and explicitly advertise data on millions of U.S. individuals, oftentimes advertising thousands or tens of thousands of sub-attributes on each of those individuals, ranging from demographic information to personal activities and life preferences (e.g., politics, travel, banking, healthcare, consumer goods and services).' The report also lists a number of other collected data types, ranging from individuals' political interests and activities to profiles of current and former military personnel to the current location of people's smartphones. One of the foremost companies, Experian, boasts that its databases hold 'insights on over 250 million US consumers and 126 million US households … and bring in 4 billion devices and 1 trillion device signals to definitively connect offline records to online identifiers.' These personal profiles are also used in what is called real-time bidding (RTB), yet another largely invisible technological layer that everyone unwittingly interacts with hundreds of times a day. Smart devices, such as voice-controlled speakers, Wi-Fi security cameras, TVs, even modern kitchen appliances like smart refrigerators, generate and collect a range of data types, including sometimes very personal information. And because these devices typically connect directly to the internet and require you to manage them using a smartphone app, the data they collect may be put to use in ways that you reasonably may not expect. I Tried, and Failed, to Disappear From the Internet Every time you use a smartphone or computer to visit a web page that has ads, and every time you open many smartphone apps, a series of transactions takes place in a microsecond: Information about you and your smartphone or computer is offered up for auction, and automated bidders the world over get the chance to place an ad in your view. Their bids may be based on profiles that include highly specific traits, details about your smartphone, and your personal interests based on your online activities. This practice is controversial, because not only does the auction winner have access to personal details in your profile, but so do all of the other bidders. And while that data may be anonymized, it can include personally identifiable information about you — even your current location. The issue has been known for some time, and in 2021 a team of US senators released a letter sent to a group of prominent tech companies that broker data, including AT&T, Google, OpenX, Twitter, and Verizon, demanding details on RTB in relation to consumer data sent to foreign countries. 'Few Americans realize that some auction participants are siphoning off and storing 'bidstream' data to compile exhaustive dossiers about them,' the letter noted. 'In turn, these dossiers are being openly sold to anyone with a credit card, including to hedge funds, political campaigns, and even to governments.' Last year, the Federal Trade Commission banned Virginia-based broker X-Mode/Outlogic from sharing user-location data, which the FTC said could be used to track someone to 'sensitive locations such as medical and reproductive health clinics, places of religious worship and domestic abuse shelters.' (This Wired article details how RTB tech physically located Russian president Vladimir Putin.) In January 2025, the Electronic Privacy Information Center, along with the Irish Council for Civil Liberties, submitted a complaint and request for investigation to the FTC. The complaint alleges that for a decade, Google, which makes Nest smart-home devices, knowingly sent sensitive user data via real-time bidding to 'foreign adversary' countries in violation of federal law. At this writing the FTC has yet to respond to requests for confirmation of any pending investigation. We requested confirmation from Google as to whether data used for Google's RTB products and services 'contains now or ever contained any data that could be collected from, or accessed by, Google Nest devices, the Google Home app, or Google Nest app.' A Google Nest spokesperson responded with this official statement: 'Google's Nest products do not sell ads through real-time bidding, nor does Google send sensitive personal data to RTB.' Data brokering is not a new business; it has been around as long as companies have collected information about their customers. But in the modern era, mass data collection has exploded, and a Senate report dating back to 2013 was already raising alarms about the industry. The report goes on to note that data sharing may happen without your consent or your knowledge of what data is being collected, who is seeing it, how it is used, and how you may be affected. More than a decade since that report, things have only intensified as a result of faster technology, the advent of AI, and the proliferation of listening devices such as smart speakers, smart-home devices, and smart TVs. The average American home has 17 internet-connected devices silently observing their activities — and more than 40% of households have smart devices (or 66% if you count smart TVs). They might have an Amazon Echo and a Roku TV. Or perhaps a Google Nest Thermostat and a few iPhones. If you've ever wondered whether these pieces of technology are passively ingesting information about you — listening as you go about your daily life, synthesizing information about your habits and preferences to help you, sure, but also to sell you things and perhaps sell your data to unknown actors — well, so have we. When we speak about smart devices, we're referring to internet-connected devices in your home that you can access using an app, many of which can be automated. That includes your smart thermostat, for example, but also your smart TV, your security camera, your smart kitchen appliances, your smart speakers, and so on. In order to do smart stuff, these devices rely on different types of data, including data that they detect — motion, voices, the temperature — but also data that they access from the internet, as well as data that is specific to you or your home, such as your location. Data is the fuel of the smart home. Enjoying the benefits of smart devices involves a fundamental trade-off: They and their associated smartphone apps track the various ways you interact with them. When you open and use a smartphone app to turn on a lamp, or ask Alexa a question, or check on a Nest camera, or watch a movie on Tubi through a Roku device, the companies behind those devices and services, and sometimes their partners, are paying attention and keeping a highly detailed record of every interaction. That data creates a unique profile of you. Some of that harvested data is used for product development and refinement. Companies refine their products, discover and fix bugs, and create new and better smart devices. But sometimes that data is also used to market other products to you — as well as to other people like you. What is especially concerning is how difficult (impossible, we'd argue) it is for a device owner to grasp what data is being collected, especially if you link one of your smart devices from one company with a device or platform from another company, such as linking your Tapo camera to your Alexa speaker. Although companies, especially large, well-known ones, do take meaningful precautions in the way they handle your personal data, they may also be overconfident in their ability to secure your privacy at best. And at worst, they fail to exercise restraint when monetizing your personal data. So if you're interested in using smart devices, and internet-connected devices in general, you need to use your own best judgment to determine whether that trade-off is comfortable for you. One of the experts we spoke with, Omar Alrawi, a scientist at Georgia Institute of Technology, noted that he operates under the assumption that a data leak of security camera footage is always going to be possible. So while he wouldn't put security cameras inside his home, he does have them outside, where he is less concerned. Share this article with a friend. Similarly, if you have smart speakers, it's prudent to consider where you place them. We also strongly advise adjusting the privacy settings in the speaker's companion app to ensure that you are comfortable with what data you allow it to access. Peter Dolanjski of DuckDuckGo noted that it's common for tech companies to rely on third-party analytics and advertising tools in their smartphone apps, including some used to manage smart devices. 'We tested the top Android free apps in Google Play, and 96% of those popular free apps contained trackers, companies that were different from the owners of the app — 87% of those send data to Google, and 68% send data to Facebook,' Dolanjski said. The issue is that when you use those apps, your personal data is shared with those third parties, which you may be unaware of. In tests of a few smart devices conducted by Wirecutter, we confirmed that some were indeed sending data to third-party endpoints. We should note, too, that data is part of the cost of affordably priced technology. It helps device makers keep track of bugs and make improvements or add new features. And as long as the companies employ proper security measures, and you as a device owner take standard privacy precautions, you should feel safe using your devices as usual. Part of our investigation was to find out if all that is true. We examined the privacy policies and data-collection practices of some of the most popular smart and connected devices, and consulted more than a dozen industry experts, to understand what risks, if any, they present. We also assembled specific instructions for how to protect yourself. Let's begin with the always-on devices that many people have invited into their homes. It's useful to think of voice-controlled smart speakers such as Amazon Echo devices, Apple HomePods, and Google Nest models as part quirky entertainment devices and part data-collection machines. You generate a ton of tempting data. When you set up a smart speaker, you need to use a companion app to set it up, and in doing so you are asked to provide a lot of personally identifiable information: an email address, your physical address or zip code, your smartphone's location, your contacts, and potentially even your photos. But what makes smart speakers unique is that almost every interaction you have with them is an expression of your interests. The music you like, the news stations you choose, the sports you ask about, the places you mention, the definitions you ask about — all of those add rich details that refine your profile. Your speaker is always listening, but not like you might think. Smart speakers have microphones that are always on. But Amazon, Apple, and Google Nest confirmed with Wirecutter that their speakers must hear a precise sonic pattern, a wake word, in order to begin recording (though they do make mistakes). Whenever they are recording, they signal it by lighting up or playing a tone. Zach Oberman, of marketing consultancy Launch Ready and a former ad product specialist at Google, confirmed what the companies claim. In reality, the giants that make smart speakers are too concerned about the reputational damage from getting caught being sneaky. 'The data-care policies that every Google employee has taken are extensive,' Oberman said. 'There are numerous, numerous privacy reviews — nobody needs the drop in stock price that would come [from a data leak].' The more you connect, the more you share. Amazon, Apple, and Google each have their own privacy policies, which state what types of data they collect, how they use it, and whether they share it. And all of them note in some form that once you integrate a third-party device with one of those respective platforms, how your data gets treated may change based on the policies of that device. (For example, Nest's policy states: 'When you use third-party services integrated with Google services, their own terms and privacy policies will govern your use of those services.') That means that if you use, say, a WiZ smart bulb in a bedroom lamp, you can look up that company's privacy policy and know how your data is protected. If you then decide that you want to control your bulb with Alexa, Apple Home, Google Home, or any other third-party service, however, the data that WiZ has access to also gets shared with that third party, and that company may use the data differently than WiZ would. As the Philips Hue privacy policy notes, once you pair your Hue bulbs with a third-party service, 'We may collect and process functional data (such as registration data, usage and diagnostic information) and your usage thereof.' Your Phone Is Stolen. Your Laptop Gets Lost. Here's What to Do. Gen AI is changing the playing field. The current versions of Alexa and Google Assistant rely on AI to perform their tasks, and on relatively basic levels they 'learn' and are improved, but only in general, not specifically tailored to you. In contrast, powered by generative AI, the emerging Alexa+ and Google Gemini (gen AI Siri is still in the distance) are intended to be highly personalized and far more proactive. During an Alexa+ demonstration event that Wirecutter attended, the presenter noted that users will be able to tell Alexa their personal preferences, including likes and dislikes in foods, songs, movies, and so on, which will get incorporated into future interactions. So if you tell Alexa+ that you are allergic to mushrooms and also music by Bob Seger, Alexa+ will filter those out when you ask for recipes or request music. Alexa+ will also make inferences about you — the more you interact with it, the more it will extrapolate. (We've begun testing Alexa+ and posted our initial experiences here). Similarly, Google says that a substantial amount of user data is collected by Gemini, and while you can prevent your data from being reviewed, it's still collected: 'Even when Gemini Apps Activity is off, your conversations will be saved with your account for up to 72 hours.' The company claims that data won't be used to serve you ads, but it leaves the option open for future changes. It makes no difference whether your TV is an LG or Samsung or most any other brand, or whether it has built-in Roku TV or Google TV. Modern smart TVs all have one thing in common: While you're watching them, they're paying attention to you, too. Your smart TV is screenshotting your shows. When you first set up your TV, you probably inadvertently agreed to enable software called Automatic Content Recognition (ACR). This technology takes a screenshot of whatever shows or movies you watch, identifies them, and sends that info to your TV's manufacturer (and potentially its partners, too). Yash Vekaria, co-first author of a study of ACR published last year, told us that ACR is 'like someone has installed a camera 24-7 in your living room.' Some TVs capture your viewing as much as multiple times a minute. Although companies are now required to ask TV buyers to opt in to ACR (following a 2017 FTC action against TV maker Vizio), most people end up doing so without knowing it. To opt out, you have to wade through your TV's settings menus to find a specific privacy setting (more details below). ACR takes in everything on your screen, not just TV shows. The built-in ACR software in your TV isn't just monitoring and reporting on your devotion to Today or even your Netflix binge sessions of Love Is Blind . ACR is capturing anything that appears on your screen, including YouTube videos, personal photos, security or doorbell camera streams, and video or photos you send via Apple AirPlay or Google Cast. ACR can even snag content from other devices connected to your TV by HDMI, including personal laptops, video game consoles, and Blu-ray players. What manufacturers do with that data is completely out of your hands. 'As of now, this data is freely bought and sold in the data broker economy,' said Vekaria. He cautions that data can be used maliciously. Your Data Appeared in a Leak. Now What? A study published in 2024 by the advocacy group Center for Digital Democracy looked at commercial surveillance in the streaming era. The authors cite a number of ways in which personal data harvested by ACR could be used to micro-target people individually, including through personalized pharmaceutical ads or manipulative political ads. ACR is tenacious. The Center for Digital Democracy's study found that in the smart TVs they tested (from LG and Samsung), ACR continued to run and capture data even when the smart TV was offline. So even if you disconnect your TV from the internet, should you ever reconnect it to your home's network, perhaps for firmware updates, it'll forward saved data to the content-recognition servers as soon as it can ping them. Short of disconnecting your TV, if you want to prevent ACR from sharing your TV viewing, you'll need to turn it off (see below). Home security cameras alert you when packages are delivered and tell you when someone is at the door. And of course, they offer priceless peace of mind, keeping a record of your environment even when you're not around. But they have the ability to capture, and share, much more. Security cameras do more than watch. According to a 2024 Surfshark report, home security cameras collect more data points than any other consumer smart devices. Luís Costa, research lead at Surfshark, further told us, 'Outdoor security camera apps are among the top collectors of user data. On average, they gather 12 types of data, which is 50 percent more than what's usual for other smart home devices.' That includes video and audio, but also data from motion, light, and temperature sensors. The Surfshark report, which focused on popular camera models (from brands such as Arlo, Eufy, Nest, Ring, TP-Link, and Wyze), notes that many cameras collect personally identifiable information (PII), such as email addresses, phone numbers, payment information, and precise location. And of that data, seven out of the 12 data points are linked by the app to your actual identity. 'The risk of sharing this information with these vendors is the same as any other company that may offer digital services like Google, Apple, or Microsoft,' said Alrawi of Georgia Tech. 'As a consumer, I have no control [over] how these vendors secure my information, and if it were to be leaked, I would simply get an apology letter with an offer for one year of fraud monitoring.' Companies that leak customer data are at risk of potentially steep regulatory penalties and civil actions — but once personal data is leaked, there's no way to undo it. Although security camera companies may not be sharing your video, audio, and still photos, we looked at the privacy policies for Eufy, Google, Ring, and TP-Link, all of which state that they do share personal data for marketing purposes. All of these policies also include a clause that the companies will respond to legal requests, with Ring stating that it may even share recordings without a court order in circumstances 'when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss.' Although most privacy policies say similar things, it's reasonable to be concerned that this type of information could fall into the wrong hands as a result. For instance, in August 2024, ADT confirmed it had been hit by a cyberattack; the company said that the attack didn't involve access to customers' systems but did include theft of customer information. AI supercharges, and complicates, everything. AI is commonplace in security cameras, serving to discern what the cameras have detected. Some models, such as Nest video doorbells, can identify specific people by name using facial recognition (which some states, such as Illinois and Texas, and localities like Portland, Oregon, have banned). Some can detect sounds such as alarms, breaking glass, or crying. All of those capabilities require AI, and AI requires training in order to work its magic. Representatives from Eufy, Google, and TP-Link (maker of Tapo cameras) all told us that user videos are not used to train their AIs and that instead they use publicly available and open-source data. Domek Yang, product security director and chief information security officer for Eufy Security, also noted that 'videos voluntarily donated by users are used to improve the models.' For example, if you send a report through the app because a video is mislabeled, it could be used for training. A Loved One Dies. No One Knows Their Passwords. Here's What to Do. More powerful AI needs more personal data. Both Google and Ring (which is owned by Amazon) have demonstrated features that let you use keyword searches of your camera recordings to find highly specific people, or moments, or objects. For instance, you can ask for videos of every time your spouse enters or leaves, or when a red car drives by your house, or whenever the raccoons visit. Those capabilities are possible because of updated versions of the companies' AI, in this case Gemini and Ring IQ, respectively, which are in the process of being rolled out. This may change the way user data is put to work, especially with smart cameras. For instance, Google's privacy policy for its AI specifically notes that Gemini employs human reviewers of user data; the policy also urges customers not to expose 'confidential information in your conversations or any data you wouldn't want a reviewer to see or Google to use to improve our products, services, and machine-learning technologies.' That may be a technically correct solution to prevent device owners from accidentally sharing confidential information, though the notion that people who own Gemini-powered smart speakers have to adjust their everyday behavior to cater to their device is concerning. All of this doesn't necessarily mean that your data is in jeopardy and that you are at risk. It may simply mean that the way you use devices impacts the way they function, and some of that may make you a valuable target for marketers and advertisers. But if you take simple precautions, you'll have less to worry about. It also depends on the trustworthiness of the devices that you invite into your home, which is why Wirecutter works hard to vet the makers of products we recommend. Discouragingly, in May 2025 the Consumer Financial Protection Bureau abandoned a proposed rule put forward by the Biden administration in 2024 that would have curbed the sale of some types of private data by data brokers in line with the way credit bureaus and background-check companies are restricted. However, the Federal Trade Commission, one of the federal agencies with regulatory power, has launched investigations into some of the related practices that have emerged, such as surveillance pricing. And the Federal Communications Commission is also in the process of launching an Energy Star–like program for certifying smart-home products, called the U.S. Cyber Trust Mark. The program aims to provide the public with an easy-to-understand way to verify that a device meets a set of security and privacy standards. Share this article with a friend. In the meantime, here are a number of simple steps you can take that will have profound impact, plus a few device-specific ones: Reputable data brokers have a process for letting you opt out of having your data collected and sold. The process is onerous, though. You'll need to contact each broker individually — and estimates indicate that there are more than a thousand. The Privacy Rights Clearinghouse outlines the basic process: Go to a data broker's privacy policy on its website, locate where it keeps its instructions for deleting personal data (usually under wording like 'consumer privacy rights,' 'delete your information,' or similar), and then file a request. You'll need to verify your identity, which may require submitting personal information. For instance, to delete your personal information and prevent the sale of your data by Acxiom, one of the largest data brokers, go to Acxiom's opt-out page and enter your details. Click the + icon beside each type of data to add it to your request, and then click Submit. You will receive an email with a confirmation link. Rinse, repeat. This Vice article contains a useful list of brokers with links on how to opt out for each one. A common feature of home Wi-Fi routers is the ability to create a secondary or guest Wi-Fi network, which stays disconnected from your own. Use that network only for your smart devices, so they don't have access to the internet activity of all the other devices you use at home on your regular Wi-Fi network. To set it up, log in to your gateway (combo modem and router, if you rent one from your ISP) or router (if you have your own) and enable a 'guest network,' giving it a name and a new password. Peter Dolanjski of DuckDuckGo told us that using unique burner email addresses that forward automatically to your main email address creates a barrier that helps prevent data brokers from joining together all the various logins and subscription services you have. The Best Data Removal Services We've written before about ways to protect your privacy, including services that allow you to relay your email address. Apple's Hide My Email is one good option built into iOS devices and is free with an iCloud+ subscription; Firefox Relay provides five addresses for free or 99 cents per month for unlimited addresses. When installing a new app, you get a prompt to allow or deny permissions for the app to access data, including your location, contacts, and photos, as well as Bluetooth or other devices on your network. At the point of install, deny all of those; then, turn them on only as needed when an app prompts you. For location, choose Only when using app . Unlike computers, all smartphones have a unique advertising identifier — representing your unique profile — that is stored on your device, and which by default is accessible to advertisers on apps and websites. You can prevent apps and sites from tracking your habits and activity by adjusting the settings. On an iPhone, go to Settings, scroll down to Privacy & Security, select Tracking , and toggle it off. In the Privacy & Security page, scroll down to Apple Advertising and turn off Personalized Ads . On an Android device, go to Settings and then Privacy, select Ads , tap Delete advertising ID , and confirm. You have a few ways to prevent ad services from collecting data on you and your devices. There are services that allow you to block ad tracking for all the devices on your Wi-FI network, though we don't currently review them. Apple iPhones have a pair of built-in do-not-track features for both the Safari web browser and Mail. When you're using Safari, iCloud Private Relay (included in a subscription to iCloud+) is a system that keeps the unique IP address of your smartphone separated from your web activity, which is encrypted. Mail also prevents trackers that are embedded in email messages. On an Android device, you can download the free DuckDuckGo web browser, which includes a feature called App Tracking Protection. Once enabled, it blocks most trackers in all the apps on your phone. (Some trackers are allowed, as turning them off may cause apps or sites to malfunction.) The Electronic Frontier Foundation's Privacy Badger, one of our picks, is a good and free choice. A VPN service can prevent your devices and your online activity from being tracked. It's a smart option for people who frequently travel or use public Wi-Fi. Each of the smart-speaker platforms handles voice requests and recordings differently. And the newer Alexa+ and Google Gemini, powered by generative AI, will bring changes. Using the Alexa app, you can view or listen to all of your voice interactions and correct them or delete them. You can also limit how long Alexa keeps recordings before automatically deleting them. Amazon says that it takes up to 48 hours for a deletion to complete. Amazon does not record video calls. Google Nest does not save chats with Google Assistant unless you specifically opt in, and it doesn't save video calls, either. Google Nest states that it keeps 'video footage, audio recordings, and home environment sensor readings separate from advertising, and we won't use this data for ad personalization.' However, interactions with Google Assistant may be used for personalization. Google does offer comprehensive controls for limiting what data can be collected, used, and stored, including the ability to delete history. (Note that Google has announced that Google Assistant is in the process of being replaced by Google Gemini on Google and Google Nest devices.) Share this article with a friend. Siri processes some voice commands locally and some in the cloud, where they are stored for up to two years. You can decline to have your recordings saved by Siri, though Apple will still send a transcript of your command to the cloud. Unlike with Amazon and Google, there is no longer a way to view a history of your interactions with Siri, though you can opt to delete your history by opening Settings and going to Siri , choosing Siri & Dictation History , and then tapping Delete Siri & Dictation History . The golden rule of internet-connected security cameras is to never point them at anything you wouldn't want the world to see — your driveway or porch might be fine, but your living room, maybe not so much. Otherwise, several models of smart cameras, such as this Eufy camera, allow you to store recordings on the device itself using a removable memory card, or sometimes on a hub. By keeping your recordings in your devices, you lower the risk of recordings being leaked in a data breach or otherwise abused. That said, the devices we recommend encrypt their recordings, so we generally recommend a cloud subscription for most people. If you didn't explicitly choose not to allow ACR when you set up your TV, you'll need to do it now, manually; fortunately, federal law requires TV makers to let you opt out. Doing so may take some digging around, as the process sometimes changes between TV model years and software versions. This SlashGear article has directions for TVs from a number of popular brands, though they may have changed. For LG TVs, this multi-step explainer from the company gives directions that differ depending on the year your TV was made. Here's the short version of how to disable or limit ACR on the TVs that we currently recommend: Hisense: Toggle off Viewing Information Services in the Privacy menu. Toggle off in the Privacy menu. LG: First, find Additional Settings in the System menu, and turn off Live Plus . Then go to the Advertisement submenu and turn on Limit AD Tracking . First, find Additional Settings in the System menu, and turn off . Then go to the Advertisement submenu and turn on . Roku: Find Smart TV Experience in the Privacy menu and toggle Use Info From TV Inputs to off . Find Smart TV Experience in the Privacy menu and toggle . Samsung: In the menu, find Privacy Choices and toggle off Viewing Information Services . In the menu, find Privacy Choices and toggle off . Sony: Go to the Initial Setup menu and disable Samba Interactive TV . This article was edited by Jon Chase, Grant Clauser, and Jason Chen.
New York Times
7 days ago
- New York Times
A Loved One Died and Didn't Leave Access to Their Online Accounts. Now What?
Miguel Porlan for NYT Wirecutter By Haley Perry Haley Perry is a staff writer focused on video games and booze. She has spent innumerable hours playing games and tasting spirits. Published June 25, 2025 Before I lost my father, I'd always heard that nothing can prepare you for the grief of losing a loved one. But in the aftermath of his death, I was especially blindsided by what came next: the bills that stopped for no one, the accounts that needed to be closed, and the frustrations of taking over someone's estate — even a digital one. You can find plenty of resources for how to prepare a digital will for your loved ones, but navigating someone's online life after they've passed away suddenly and without preparation can be complicated and downright demoralizing. Although my father left behind a proper will, documented login credentials for most of his online accounts, and even noted the passcode to his phone, my family and I still faced challenges in transferring utilities, cancelling subscriptions, and paying ongoing expenses. And after spending a month researching the legality of digital estates and the options that a person has for accessing a loved one's device or accounts, I'm still left with unanswered questions. Unfortunately, there's no universal solution for managing the digital portion of a person's estate. Not only do digital-estate laws vary by state, but every single website and company you open an account with has its own privacy policy that could supersede those laws — and ultimately bar you from gaining access after someone's death. But that doesn't mean the endeavor is hopeless, and the step-by-step list we've compiled below should prepare you for what to expect and how to get started. Explore all articles In many states, what constitutes a 'digital asset' is still unclear, as well as whether those assets are subject to the same probate laws as the rest of a person's estate. And when someone dies intestate — that is, without a will in place — the rules pertaining to ownership of digital accounts and assets become murkier. If you're locked out of your loved one's phone or device, you may want to seek legal counsel to discuss your options. Keep in mind that in many cases, only the inheritor of the estate — as determined by your state's intestate-succession laws — can request access to locked devices and accounts. Even then, you may not receive the level of access you're after. Both Apple and Google confirmed that it isn't possible to remove a passcode from a smartphone or tablet without erasing all of the data on the device in the process. However, you might be able to request a download of some of the stored data, such as photos, notes, and texts. 'We do not give access to deceased-user accounts. A family member, spouse, or next of kin can submit requests either to obtain data/funds from an account or to close the account of a deceased user,' a Google spokesperson told us. We've found similar stipulations about accessing accounts from Microsoft. Our guidelines below are intended for those who already know their loved one's login credentials, as accessing a loved one's phone or device can help preserve memories, grant contact info for other family members and friends who need to be reached, and provide useful clues to help you settle impending bills and subscriptions. Even if you do have the password, note that logging in to someone else's computer or online account is illegal under the Computer Fraud and Abuse Act, and we advise treading lightly and refraining from acting as the account owner. If you are the inheritor of the estate, you still need to abide by the terms of service for each account to see if the contents are legally transferrable. We suggest speaking to a lawyer who can better help you understand the privacy laws for the accounts you want access to. I Tried, and Failed, to Disappear From the Internet Start by requesting certified copies of the death certificate as soon as possible. Certain companies may require you to provide a death certificate in order to access data from a locked smartphone or tablet or to close or transfer phone numbers or accounts. Cindi Jo Willey, a California licensed fiduciary we spoke to, recommends obtaining five to 10 official copies. You can order them through your county or state's vital-records office or through a funeral director or mortuary. Do this as early as you can, because in some states it can take up to 16 weeks to process such requests. Collecting documents that prove your relationship to your loved one can also be beneficial down the line. This could include copies of your marriage certificate or the decedent's birth certificate, as well as any other relevant court documents. You're unlikely to need a copy of their Social Security card for tech-related disputes, but retrieving their Social Security number could be necessary for certain tasks, such as managing their internet or cell phone plan. To prevent the recurrence of credit card charges in your loved one's name, you can consult their smartphone and emails to pinpoint ongoing expenses. A good place to start is their Apple or Google Play subscription. On an iPhone or iPad, open Settings > Apple Account > Subscriptions . For Android devices, open the Google Play app, tap the profile button in the upper-right corner, and then navigate to Payments & subscriptions . A quick scan through the decedent's app library could also provide clues as to which services you'll need to cancel or investigate further. For example, your loved one could still have funds in PayPal or Venmo, or an active subscription to Spotify or Netflix. Checking their downloaded apps could also help you locate which banks or cryptocurrency exchanges they are affiliated with. If you have access to their email account, you can use search filters to find which utilities, subscriptions, bills, and financial accounts the decedent is responsible for. We recommend keeping a simple spreadsheet or handwritten list to record the accounts you've discovered, along with their upcoming billing dates and your status on settling future payments with each company. Most social media platforms allow you to request the deactivation of an account after someone passes away. But if you'd prefer to keep their online legacy intact, a few sites — including Facebook, Instagram, and LinkedIn — offer the option to memorialize the account instead. This means that the account will be locked, notifications such as birthday and anniversary reminders will be turned off, and a remembrance banner will be displayed on the profile (among other things, depending on the platform). You'll still be able to view content previously posted to the account, and on Facebook, friends will still be able to share photos and posts on the deceased's timeline. Each platform has its own set of guidelines for requesting the removal or memorialization of an account, but in nearly every case, you need to provide documentation confirming the death. In addition, some companies, such as Instagram, may respond only to removal requests submitted by immediate family members, which could require further documentation proving your relationship to the deceased. If you're just getting started, we recommend combing through Everplan's extensive database for instructions on how to close more than 230 online accounts. Share this article with a friend. Cable, internet, and cell phone providers can be notoriously frustrating to deal with. When my father passed away, my mother and I struggled to take ownership of our shared Xfinity account: After countless hours on the phone with customer service, multiple trips to our local Xfinity storefront, and several months' worth of bills that continued to roll into my dad's account, we ultimately found it easier to cancel the service entirely and start a brand-new account with new phone numbers. (Ironically, I'm still locked out of some of my own accounts due to the two-factor authentication setups linked to my previous phone number.) Your experience may be less of a headache, but regardless, you should jump on cancelling or transferring your loved one's phone number quickly to prevent their account from accruing extra charges. T-Mobile, Verizon, and Xfinity list steps online for how to proceed when an account holder passes away, but some other companies are less streamlined and may require you to call their customer service line for more information. In most cases, you need to provide a death certificate, and certain providers may require the last four digits of the decedent's Social Security number. Managing someone's digital life after they pass can be nebulous and frustrating. If you don't want your own loved ones to face the same roadblocks, it could be time to prepare your own digital will. An easy place to start is designating a legacy contact for your Apple, Facebook, and Google accounts, which would allow the person you choose to manage your accounts after you've passed. 'We talk so much about advanced deathcare directives and pre-planning, and now that pre-planning also has to include a digital plan,' said Loren Talbot, the director of communications and partnerships for the International End-of-Life Doula Association. Your digital will could include a list of login credentials for all of the websites you have accounts with, instructions for how you'd like those accounts handled, and an inventory of your subscriptions and digital wallets. If you'd like to get started on creating your own plan, Talbot recommends companies such as Cake and Evaheld, as well as Future File for those seeking a physical kit that they can complete offline. It's something that everyone, no matter their age, would do well to consider. This article was edited by Signe Brewster and Caitlin McGarry.
