Use a password manager and two-factor authentication
Password managers not only keep track of your online user names and passwords and generate strong passwords, Babel says, but most also have an auto-fill feature that protects your account credentials from key logger malware that may be watching you. (It's especially important to use a strong password for your email account, since it contains a trove of personal information about you, and most online accounts use your email address to allow you to reset forgotten passwords.)
If you already use a password manager -- either on your desktop as a standalone app or in your browser -- check to see if it has a mobile component. Many do.
For additional protection, consider a password manager such as LastPass that supports two-factor authentication. Even if someone guesses your master password they still won't be able to get at your password database without physical access to your device.
Don't share your location information
"You can control who you give location permission to on most mobile devices, but you can't control" with which other apps are given that data. "So choose carefully," says Brookman. Social media updates that include location data also tell people where you are -- and where you aren't. Do you really want everyone on Twitter, or all of your Facebook friends -- and friends of friends -- to know? "Don't turn on location services unless you really need it," says Oppenheim. And turn it off when you're done.
Turn off your Wi-Fi and Bluetooth to avoid retail tracking
Today you walk into a store and the retailer doesn't know much about you. "But stores are installing listening devices to detect mobile phones with Wi-Fi turned on that are actively looking for access points," says Brookman. Before long, it won't just be your mobile carrier and mobile apps that know where you are at all times. Retailers and other businesses want to use the combination of Bluetooth and Wi-Fi signals emanating from your smartphone to track you when you enter a store or other place of business.
"When I walk into the mall they will know I've entered because my device is pinging Wi-Fi. And with Bluetooth they can track me within 30 to 50 feet. They know where I'm walking," says Babel. When your phone queries the store's wireless router to search for connectivity option, the business captures the unique MAC address associated with your phone's Wi-Fi hardware. If you then make a purchase, your MAC address can be combined with other information the store has to identify you. Some consumers might want to announce themselves, Babel says, because they're hoping to receive special offers on their smartphones. But if you're paranoid, says Brookman, turning off Wi-Fi and Bluetooth solves the problem.
If you can't be bothered to toggle those services off every time you leave your home or office, anti-virus software vendor AVG recently rolled out a service called PrivacyFix that automatically turns off your mobile Wi-Fi if the network you're passing by isn't on your whitelist. Mobile apps like Tasker for Android can be configured to use a technique called "geofencing" to turn off Wi-Fi when you leave your home or office and turn it back on when you return.
Soon you may have another option: The Future of Privacy Forum is in the process of creating a service called Do Not Track My Mac -- to be hosted at smartstoreprivacy.org -- that will let users opt out of tracking by retailers that want to capture your smartphone's Ethernet MAC address.
The companies agree not to capture your name or link your information to your MAC address unless you opt in, says Polonetsky. However, they can still track your MAC address anonymously unless you opt out. The data is used for general analysis purposes, such as to determine the average wait time in cashier lines, for example, or to study how traffic moves through the store. So far, 10 companies have signed on, Polonetsky says.
Next: How to minimize your offline data footprint, and where to go to opt out.
This article, The paranoid's online survival guide, part 2: How to protect your personal data, was originally published at Computerworld.com.