You think you’re private. You’ve turned off a few toggles, maybe even paid for “premium privacy.” Yet every week we see another wave of leaked chats, exposed locations, or resurrected “deleted” photos. Here’s 7 privacy settings you should fix now.
The culprit isn’t always a massive data breach or a state-level hacker. More often than not, it’s a single misconfigured privacy setting that nobody noticed – until it was too late.
At vali.now, we spend our days digging through apps, devices, and platforms to see exactly where the defaults (and the not-so-obvious options) fail people. Here are the most common “privacy landmines” we keep finding, ranked by how often they actually bite users in real life.
7 Most common privacy landmines
1. The “People You May Know” That Knows Way Too Much
Platforms still love to slurp your address book the moment you grant contacts permission. The scary part? Even if you revoke access later, the damage is done: shadow profiles of your non-user friends are already created, and the suggestion engine has permanently learned who you talk to.
Fix: Never grant contacts access in the first place. Use a burner email or a separate “social” phone number if the app absolutely demands it.
2. Default “Public” for New Posts (Yes, Still in 2025)
Twitter/X, Threads, Instagram, even some Discord servers – new accounts frequently default to public posting. One sleepy 3 a.m. rant and suddenly your boss, your ex, and that journalist you blocked in 2019 all get a front-row seat.
Fix: Make it a ritual. The second you create an account, go straight to privacy settings and lock it down. Bookmark the direct link to the settings page.
3. Location Metadata That Never Actually Gets Stripped
iOS 18 and Android 15 both added “Remove location on share” toggles… that are off by default. Most people still send photos with full EXIF GPS coordinates embedded. Tools like ImageScrapr and Creepy can plot your home, office, gym, and kids’ school in minutes.
Fix: Turn on “Remove location info” globally, or use an app like Metapho (iOS) or Scrambled Exif (Android) to auto-strip on export.
4. Cloud Backups That Ignore Your Local Encryption Choices
Signal added “encrypted backups” years ago, but the feature is opt-in and the backup itself is stored on Google Drive or iCloud – where it inherits whatever privacy settings those services have. Same story with WhatsApp. One forgotten iCloud setting and your end-to-end encrypted chats become readable to anyone with your Apple ID password.
Fix: Either disable cloud backups entirely or generate and safely store the 64-digit recovery code yourself.
5. “Active Status” and Read Receipts Used as Surveillance Tools
Abusive partners, stalkers, and creepy coworkers love knowing exactly when you’re online and when you’ve seen their message. Almost every major messenger still has these on by default.
Fix: Turn off active status and read receipts everywhere. Yes, it’s slightly less convenient. No, it’s not paranoid.
6. The Forgotten App Permissions That Live Forever
You installed an app in 2021, gave it microphone access “just once,” and forgot about it. That app was acquired, pivoted to AI training, and now silently records audio snippets for “model improvement.” We’re seeing this more and more.
Fix: Monthly permission audit. On iOS: Settings → Privacy & Security. On Android: Settings → Privacy → Permission manager. Revoke anything you don’t actively use.
7. Linked Third-Party Logins That Override Your Settings
You signed up with “Log in with Google/Apple/Facebook” and now that app can pull your updated profile picture, friend list, and email whenever it wants—even if you later make your main account private.
Fix: Go to Google/Apple/Facebook → Security → Third-party apps & revoke access for anything you no longer recognize.
The 4-Question Privacy Checklist
We employ this technique for every new app. Before you hit “Install” or “Sign Up,” ask:
- Does it require more permissions than it actually needs to function?
- Is the default privacy setting the most private one?
- Can I use it without linking my real identity or contacts?
- If I delete my account, does the company actually delete my data?
If the answer to any of these is “no” or “it’s complicated,” maybe you don’t need that app.
You don’t have to become a tinfoil-hat privacy extremist to stay safe. Most leaks happen because of one overlooked toggle or default that hasn’t been updated since 2018. Five minutes of intentional configuration beats years of regret. Use the list of 7 privacy settings you should fix now and our 4-Question Privacy Checklist to up your game!
Stay sharp out there!
P.S. If you want us to tear apart the privacy settings of a specific app you use, forward the details to help@vali.now, drop it in the comments or DM us. We love doing public autopsies.