01/30/2026
Tips for Secure Technology - Vol 13 - JAN 2026
This volume of “IT Tips for Secure Technology” lists some tips we have gathered from Kim Komando, the host of two daily radio shows and one weekend radio show about consumer technology. On her weekly call-in show, she provides advice about technology news, gadgets, websites, smartphone apps, and internet security. (you can subscribe directly at https://www.komando.com/subscribe/ )
Index
• Hidden Digital Profile - it can get you flagged and ghosted
• Secret watermark hidden in almost every photo you’ve ever taken
• Secret Windows setting eating your RAM
• FIRE TV - Silence Fire TV’s home page
• Deleted data stays on your phone until you manually overwrite it.
• Don’t pick up “abandoned” charging cables at airports or places like that
• Your SmartTV is violating your privacy, tracking what you watch, and Selling your data
• You can use AI voices of deceased famous people for free
• Your car is reporting your data to insurance companies and others
• You should Freeze Your Credit! But it still does not top all identity theft
• Betrayed by Bluetooth - Headphone are accessible by hijackers
• Clicking unsubscribe on spam makes you a bigger target
• A Public Wi-Fi can sn**ch your logins in under two minutes
• Five popular apps that track your driving and sell the info to insurance companies
• Google’s Gemini can leak private calendar info without you clicking anything
• Starlink now shares your personal data to train AI models unless you opt out
• You’re being price-watched in the grocery store and prices Can/Will change on the fly.
• FUN FACTS!!!
.
Hidden Digital Profile - it can get you flagged and ghosted
Ever wonder why you’re on hold for 45 minutes while your friend gets a rep in two? Or why that rental suddenly shows no longer available the second you try to book it? It could be your shadow score. Here’s the deal. While we obsess over credit scores, a hidden digital profile is being built about you. Every time you return a pair of shoes, complain to customer service or browse for a flight, a secret algorithm is ranking you as either a VIP or problem child. This is how you can find yours and fight back.
Meet the gatekeepers:
• Sift: They give you a score that flags you as a fraud risk or bad customer. Big names like Airbnb, Yelp and Poshmark use them.
• Zeta Global: They predict exactly how much money you’re likely to spend and are 99.9% correct.
• Retail Equation: They watch your return habits at stores like Best Buy and Home Depot. Unlike the others, they don’t let you see your file unless you’ve already been warned or denied a return.
See what they have:
While the California Consumer Privacy Act is the gold standard, these massive firms process requests for all U.S. residents to avoid a legal headache.
• The move: Use these links to see what they have on you at Sift (https: //sift.com/data-request) and Zeta Global (https: //privacyportal-cdn.onetrust.com/dsarwebform/bc2d3301-11a5-4de5-b15e-ce796187a352/d0720d0f-d427-4a7d-a773-5d6793229f15.html)
• The result: They’re required to send you a file showing the risk flags, purchase history and labels attached to your name.
.
Take action:
• Step 1: Use a different email address for things like returns or complaints.
• Step 2: Use a credit card, never a debit card. Under the Fair Credit Billing Act, you have the right to dispute a charge if a merchant refuses to honor a legitimate return. Debit cards and services like Venmo or Zelle don’t have the same level of protection.
• Step 3: Cut off the supply. Shadow score gatekeepers buy your information from massive data brokers. If you remove your info from these brokers, the scoring firms have nothing to buy.
.
Secret watermark hidden in almost every photo you’ve ever taken
Yes, even with GPS and location services turned off, your pictures can still be traced back to you. Here’s how: Every smartphone camera sensor invisibly signs every photo you take like a serial number. These tiny marks are called “Photo response non-uniformity”. Think of it as your camera’s accidental autograph, a microscopic pattern baked into the sensor during manufacturing. Every pixel responds to light a little differently, and together, they create a digital fingerprint unique to your device. Forensics teams and AI-powered tools (hi, Big Tech) can match that fingerprint to your exact phone, even if you’ve scrubbed all metadata.
Secret Windows setting eating your RAM
Microsoft has a feature called “Delivery Optimization” that downloads updates and apps faster by pulling them from other PCs on your network or online. Problem is, it’s not actually optimized and can slow down your system. Turn it off under Settings > Windows Update > Advanced options > Delivery Optimization.
FIRE TV - Silence Fire TV’s home page
• Open Settings
• Preferences
• Featured Content
• Turn Off Allow Video Autoplay
• Turn Off Allow Audio Autoplay
Deleted data stays on your phone until you manually overwrite it.
Think of Delete less like a shredder and more like cramming your secrets under the rug and hoping no one lifts it. When you delete something, your phone doesn’t erase it. It makes room for new data until something else takes its place. Even factory resets aren’t a guarantee. A recent study showed 40% of wiped phones still had recoverable personal info.
Check your delete items holding area this way:
• iPhone: Open Photos > Collections > scroll down to Recently Deleted. There’s everything you thought you erased last month.
• Android: Open Photos or Gallery > tap Library or Menu > Trash or Bin. Same deal.
The fix: After deleting photos, empty the trash immediately.
• iPhone: Recently Deleted > Select > tap the three dot icon > Delete All.
• Android: Trash > tap the three dots > Empty trash > Delete permanently.
Even after you empty Recently Deleted, the photo isn’t gone. Your phone marks that storage space as available and hides the image from view. The actual data sits there, fully intact, until new photos or apps eventually overwrite it. That could take days, weeks or months. This is why forensic investigators can recover deleted texts and pictures from phones years later. They use special tools to scan unmarked storage and pull back everything. That photo you deleted in 2019? Still there.
Deleting an image from your phone doesn’t delete it from iCloud or Google Photos. They’re separate. You have to delete it twice.
• iPhone: Delete the photo, empty Recently Deleted, then open iCloud.com, go to Photos > Collections > Recently Deleted, and delete it again.
• Android: Delete from your gallery, then open Google Photos, go to Collections > Trash, and empty it.
Skip this step, and your deleted photo lives forever in the cloud.
Before you sell your phone, just know that a factory reset doesn’t guarantee deletion. Studies show up to 40% of wiped phones still contain recoverable data. Here’s what you need to do:
• iPhone: Settings > General > Transfer or Reset iPhone > Erase All Content and Settings. Let it finish. Then set it up as new and erase it AGAIN. Yes, twice.
• Android: Factory reset, fill the storage with junk files like big videos, then factory reset again. This overwrites the ghost data.
If your old phone has truly sensitive content, don’t sell it. Physically destroy it. Some things aren’t worth the $200 resale value. Your data is your business. Make sure it actually disappears when you want it to.
Don’t pick up “abandoned” charging cables at airports or places like that
That free charging cable someone left at the airport gate? Congrats, it might not only charge your phone, but it will also rob you. The O.MG Cable looks and works like a normal iPhone or USB-C cable. Inside, though, is a tiny computer that can inject keystrokes, steal data and phone home over Wi-Fi at nearly 900 keys per second. No pop-ups, no warnings, this hacker on a leash even has a self-destruct feature. This isn’t spy-movie gear. It’s for sale online for $200 a pop. Now you know to watch out for it.
Your SmartTV is violating your privacy, tracking what you watch, and Selling your data
Your smart TV takes screenshots every few seconds and sells that data. You’re subsidizing that cheap Black Friday TV with your viewing habits. Every major brand does this. But you CAN Turn it ff.
I bet you never thought that while you’re watching TV, it’s watching you right back. The surveillance never stops; that’s one thing you need to know. But I always have your back.
Remember when TVs just showed you stuff? Those days are gone. THIS is why your new TV was so cheap. That beautiful 65-inch 4K you got on Black Friday for $400? It should’ve cost $1,200. The reason it was so cheap: You’re not the customer. You’re the product.
Every smart TV sold today has ACR (automatic content recognition) built in. It screenshots your screen every few seconds and matches those shots against a database. Cable, streaming, DVDs, gaming, even what’s on your laptop via HDMI. Then it sells that data to advertisers and data brokers. They’re tracking every show and movie you watch, when and how long. Your Netflix and Hulu habits, even though you pay for those. What games you play. Which commercials you skip. Combine that with your IP address and purchase history, and they’ve built a profile. They know you watch true crime at night, cartoons in the morning and fall asleep to HGTV.
Who is buying?
• Advertisers: Watch a Chevy commercial? You’ll see Chevy ads on your phone an hour later.
• Data brokers: Experian merges your TV habits with credit card purchases, then sells access.
• Political campaigns: They know whether you watch Fox News or MS NOW (formerly MSNBC) and target you accordingly.
• Insurance companies: Some are using viewing data to assess “lifestyle risk.”
Turn it off
Think this is illegal? In 2017, Vizio paid $2.2 million to the FTC for tracking 11 million TVs without consent. Here’s the kicker: Samsung, LG, Sony and TCL still do the exact same thing. They buried the consent deep inside those legal terms they know you’ll never actually read. Every brand hides these settings differently. Samsung calls them “Viewing Information Services.” For LG, it’s “Live Plus.” Vizio buries them in “Reset & Admin.”
I’ve got a free step-by-step guide for every major brand. It only takes two minutes once you know where to look in your TV’s settings.
Why this matters
“I don’t care if they know I watch The Office reruns” misses the point. Your viewing habits reveal your income level, political leanings, health concerns and vulnerabilities. That profile gets sold, leaked or hacked. Unlike a credit card, you can’t change your behavioral patterns. Turn it off here - and if it asks for a password, try an internet search on your brand.
https://www.komando.com/news/devices/how-to-turn-off-acr-on-every-major-tv-brand/
You can use AI voices of deceased famous people for free
This is something. Judy Garland read me a news article the other day. Not a recording from her movie archives. A brand-new story about AI regulation she never could have seen or imagined in her lifetime. She died in 1969. Her voice was so warm and expressive I almost forgot I was listening to an AI. As someone who’s made a career with my voice (which some people call “soft and sultry” while others email asking why a dude by the name of Kim is hosting the show), this one hits close to home.
Welcome to the world where the dead don’t rest, they narrate and make money for their estate. They can narrate ebooks, commercials, PDFs or articles. Estates have veto power over how the voices are used, so AI Mark Twain can’t hawk crypto.
ElevenLabs has something called the Iconic Voices Marketplace. It’s exactly what it sounds like: a catalog of AI-cloned celebrity voices you can license for commercial projects. Along with Garland, we’re talking Burt Reynolds, James Dean, John Wayne, Maya Angelou and even historical figures like Thomas Edison and Mark Twain.
These aren’t unauthorized deepfakes. The company works directly with estates and rights holders. Liza Minnelli signed off on her mom’s voice. Michael Caine, still very much alive at 92, agreed to let them clone his voice for future use. Fiverr freelancers offer celebrity-style AI voice work starting around $115 for 60-second spots.
For everyday folks: Download the ElevenReader app (free tier gives you 10 hours/month), and you can have Burt Reynolds read you any PDF or article. James Dean reads your ebook. Sir Laurence Olivier narrates Sherlock Holmes. The premium tier runs about $11/month for unlimited listening.
For brands and creators: This is where it gets interesting. Want John Wayne to voice your Western-themed ad campaign? Maya Angelou to narrate your documentary? You submit a licensing request, negotiate with the estate, and ElevenLabs synthesizes the voice to say whatever you need. Expect to pay thousands for commercial use, but it’s fully legal.
Your car is reporting your data to insurance companies and others
GM sold your driving data so insurance companies could raise your rates. Your car logs everywhere you go, how you drive, your contacts, even your garage codes. Before you sell or trade, wipe the data. I.
The FTC recently slapped General Motors with a settlement for selling driving data from millions of vehicles without proper consent. OnStar was sharing your location, acceleration and braking habits with insurance companies that used it to raise your rates. Drivers had no idea until their premiums spiked. GM is now banned from sharing this data for five years. But they’re not the only ones collecting and selling it.
What your car actually knows - Mozilla reviewed 25 major car brands, and every single one failed basic privacy expectations. They called cars “the worst product category we have ever reviewed.” Your car may be logging your home address, contacts, garage door codes and voice commands. Layer AI on top, and it learns your patterns. Late-night drives. Medical appointments. Weekend routines.
Treat your car like an old laptop. Wipe it.
My step-by-step guide tells you where to look in your car to delete your data and what apps you need to use to finish the job. Also, on this page be sure to get your Vehicle Privacy Report that shows all the data your car’s make and model is collecting and selling.
Why this matters? Because you might be trading in that car this weekend. Or renting one. Every trip gets logged. Every connection stays stored. And unlike on your phone, you probably never thought to check the privacy settings. Now you will. https://www.komando.com/tips/privacy/how-to-wipe-your-cars-data-before-you-sell-it
You should Freeze Your Credit! But it still does not top all identity theft
Credit freezes block new credit accounts and can stop a ton of fraud before it ever starts - but that’s all they do. They won’t alert you when someone opens a bank account in your name, applies for a payday loan or quietly tests your data.
But if someone steals your identity? That cleanup can take 300+ hours. Weeks of phone calls. Paperwork. Frozen accounts. Stress. And it usually gets that bad because the fraud wasn’t caught early. Aa credit freeze blocks lenders from pulling your credit to open new accounts. That’s huge. It stops new credit cards, auto loans, mortgages opened in your name.
What it doesn’t do is alert you when something shady is happening. Identity theft rarely starts with a big, obvious move. Criminals test the waters.
• They apply for short-term loans, say payday advances, that don’t always check traditional credit.
• They open bank accounts using your info.
• They change contact details on your accounts, so alerts never reach you.
• They run a single hard inquiry to see if your data still works.
A freeze won’t tell you when any of that is going on.
Quick reminder: If you haven't frozen your credit with all four bureaus (yes, four), I put together everything you need, links, phone numbers, the works. Here’s the link to it on my site. https://www.komando.com/news/security/the-fourth-credit-freezes-you-missed-a-security-guide-from-the-current
Betrayed by Bluetooth - Headphone are accessible by hijackers
Ever wear headphones to avoid people? Me, too. Researchers found that 17 popular earbuds and speakers (Sony, JBL, Google, etc.) can be hijacked in 15 seconds from 50 feet away, letting hackers listen in, blast music or even track your location. Some devices can even be linked to a stranger’s Google account. You’re not just pairing; you’re getting paired with. More info: https://www.wired.com/story/google-fast-pair-bluetooth-audio-accessories-vulnerability-patches
Clicking unsubscribe on spam makes you a bigger target
Clicking unsubscribe on spam makes you a bigger target. Scammers fake unsubscribe links to steal your login info. Use your email’s built-in spam button instead.
Your inbox is a disaster. One click and you’re free! Nope. That link might make things worse.
If an email is from a spammer, you waved a flag that says, “Hey, I’m here, and I’m clicking on things!” That makes your email address a bigger target for even more junk. And that’s the best-case scenario.
The worst case? Scam emails imitate real companies. Your bank, a streaming service, a store you shop at. They include an unsubscribe link that takes you to a fake website designed to steal your login or personal info. You think you’re opting out. You’re actually handing over your credentials on a silver platter.
Cybercriminals have gotten scary good at faking familiarity. They make an email look exactly like it’s from a brand you trust. Netflix, Amazon, your favorite shopping app. The logo, the colors, the sender name. It all feels right. You don’t think twice. Here’s a number that should wake you up: 1 in every 644 clicks on an unsubscribe link in a promo or spam email leads to a malicious website. Think about how many times you hit unsubscribe in a month. Five? Ten? Across the country, that’s millions of clicks a day. At those odds, far too many Americans are getting burned every single day trying to stop the junk.
If you are 100% certain an email is legit (like it’s really from Netflix, Apple or Chase), it’s safe to use the unsubscribe link. Big companies play by the rules because they don’t want legal headaches. But if something feels off, or you never signed up in the first place? Don’t touch it. Delete it and move on.
What to do instead
1. Use your email’s built-in unsubscribe button. Gmail, Apple Mail, Outlook and others usually show an unsubscribe option near the top of the message, right under the sender’s name. This is safer because it’s managed by your email provider, not the sender.
2. Mark it as spam (but only if it’s actually spam). If you don’t recognize the sender or didn’t sign up, skip the unsubscribe link entirely. Hit “Report spam” or “Junk.” This trains your email to catch this garbage before it ever hits your inbox again.
One more thing. If you signed up for a newsletter and you’re done with it, click unsubscribe. Don’t hit the spam button. When you mark a legitimate email as spam, you’re gone for good. The system boots you permanently, and there’s no way back on the list. I see it happen all the time with my own newsletter. Someone marks it as spam, then emails me a week later asking why they stopped getting my tips. Argh.
3. Hover before you click. On a computer, hover your mouse over the unsubscribe link without clicking. Look at where it actually leads. If the URL looks strange, has random characters or doesn’t match the sender’s domain, that’s a red flag. Trust your gut.
The unsubscribe button was supposed to give you control. The bad guys figured out how to turn it against you. Now you know better.
A Public Wi-Fi can sn**ch your logins in under two minutes
A cybersecurity researcher once set up a fake “Free Airport Wi-Fi” hotspot. Over 200 people logged on in the first hour. No password. No questions. They got bounced to a fake login page and handed over their email, bank, and social passwords like they were sharing free mints at the gate. Classic airport-brain autopilot.
Use a PAID VPN (like Express VPN or NordVPN) or tether to your mobile phone or hotspot.
Five popular apps that track your driving and sell the info to insurance companies
Larry Johnson in Atlanta installed Life360 to keep tabs on his teenage kids. Good parenting, right? The data goes to Arity, owned by Allstate, which sells driving scores to jack up your premiums. Then he got quoted insane car insurance rates. When he pushed back, he learned the truth. That family safety app had been tracking every turn, every hard brake, every mile his family drove, and it sold all that information to insurance companies.
Larry had no clue. Neither do the 45 million other Americans getting spied on right now.
The 5 apps (go check your phone)
1. Life360: The family tracker. Selling your driving data to Arity, which is owned by Allstate.
2. GasBuddy: That feature rating your fuel efficiency. It’s powered by Arity. Surprise.
3. MyRadar: Innocent little weather app. Same tracking garbage hidden inside.
4. Fuel Rewards: Saving you 3 cents a gallon while selling you out.
5. Routely: Marketed to gig workers. Monetizing your every mile.
Insurance companies buy driving scores based on your speed, braking and routes. Then they use them to raise your rates. You never agreed to this. You never even knew.
Shut them down
• iPhone: Settings > Privacy & Security > Location Services. Find the offenders. Change them to “Never” or “While using.” Tap each one and toggle OFF “Precise location.”
• Android: Settings > Location > App permissions > [App Name]. Choose “Don’t allow” or “Allow only while using the app.”
Or delete them. GasBuddy isn’t worth your insurance jumping $300 a year.
See what they know about you
You can request your driving report like you pull a credit report. It’s free once a year. You might be shocked at what’s already in your file. LexisNexis is the big one. Insurance companies use them constantly to check your history before giving you a quote.
• Go to consumer.risk.lexisnexis.com.
• Click the red rectangle marked “Request a Consumer Disclosure Report.”
• Fill out the form with your name, address, date of birth, SSN and driver’s license number. Yes, you need to give them all that info to confirm it’s you. They have it already.
• They’ll mail you instructions to access your report online. Rather talk to a human? Call 1-888-497-0011.
Your report will show what driving data they have on file, any claims history and who they’ve shared it with. If something’s wrong, you have the legal right to dispute it under the Fair Credit Reporting Act. Same rules as your credit report.
These apps promised to keep your family safe or save you a few bucks on gas. Instead, they’ve been selling your every move to the highest bidder. Check your phone. Pull your report. Delete the snitches.
(FYI from Ed - I deleted all but Gas Buddy and made her recommended changes!)
Google’s Gemini can leak private calendar info without you clicking anything
I’m talking meeting titles, times, descriptions, attendee lists, basically the stuff that screams merger, layoffs, doctor or divorce lawyer consultation. The hack hides a prompt inside a calendar invite. When you ask Gemini to check upcoming events, it summarizes your private meetings into a new event the attacker can see. Google says it’s patched, but still. Don’t let AI auto-read your calendar, and treat random invites like spam.
Starlink now shares your personal data to train AI models unless you opt out
Starlink quietly updated its privacy policy to say it may share your personal data to train AI models, unless you opt out. This includes other companies, not only Starlink training its own AI. To tell Starlink “please don’t feed my data into someone else’s robot brain,” go to Settings > Edit Profile > scroll to the bottom > toggle off Share personal data… to train AI models > Save.
You’re being price-watched in the grocery store and prices Can/Will change on the fly.
You grab a cart, head to the cereal aisle, spend 10 seconds debating between the healthy bark-tasting granola and the Lucky Charms. You put the granola back. The store watched and recorded you doing that.
Smart shelves
Kroger rolled out EDGE in 500 stores (expanding to 2,600 this year). EDGE is short for Enhanced Display for Grocery Environment, which means AI tech and cameras on shelves. Walmart’s doing the same thing. Devices are in 60 stores now, ramping up to 2,300.
Built with Microsoft, cameras detect your age and gender. Woman in her 30s? Here’s a baby formula coupon. College-age guy? Energy drinks on sale. Older male? Sensitive toothpaste is buy one/get one free. Digital tags can change prices on the spot. Snowstorm coming? Bread and milk jumped $2. Store’s dead early in the morning? Here’s a deal. Lunchtime rush? Sandwiches cost more. Kroger and Walmart both say they’d never use this for surge pricing. Right.
They’re timing you!
Cameras, Wi-Fi and sensors track which aisles you walk down, products you pick up, how long you hesitate and when you walk away empty-handed. They know you stood in front of the pasta sauce for 23 seconds. They know you picked up the organic brand, looked at the price and grabbed the store brand instead.
You on sale !
Kroger sells your shopping data. Your name, address, phone number, purchase history, location data, health information (hello, hemorrhoid cream), along with your age, marital status, gender and race. Americans are spending more of their income on food than at any time in the last 30 years. Grocery stores saw that and thought, “How can we squeeze more?” Regulators are looking into how grocery stores use AI and electronic shelf labels (ESLs) to update prices between the time a customer picks up an item and when they reach the checkout.
Here’s how to spot the cameras:
• Digital price tags, not paper stickers. Those are ESLs.
• Black domes at eye level on shelves and the end of aisles.
• Digital screens showing ads that change when you approach.
Fight back
• Pay cash. Harder to link your purchases to a profile.
• Skip the loyalty app. Ask the cashier for a store number. Most have one. Or try your area code + 867-5309. (Thanks, Tommy Tutone.)
• Turn off Bluetooth. Your phone pings even when you’re not connected.
• Disable auto-join guest Wi-Fi: In settings, make sure auto-join is turned off.
• Wear a hat and sunglasses: Yes, really. Makes it harder for them to scrape your age and gender.
FUN FACTS!!!
Did you know about Fire TV Stick remote shortcuts?
Did you know about Fire TV Stick remote shortcuts? Here are some combos worth knowing. Long-press Home to open the system menu. To change your screen resolution, hold Up + Rewind for 10-15 seconds. If your Fire TV is acting buggy, press Select + Play/Pause to reboot it. And if it’s completely frozen, hold Back + Right to factory reset.
Turn your flashlight into a lantern with a water bottle!
Power's out and you need more than a spotlight? Grab a water bottle. Turn on your phone's flashlight and set it face-up on a table. Place a water bottle on top of the light. The water diffuses the beam and fills the whole room with a soft glow, instant lantern.
An empty bowl or glass can act like an instant speaker amplifier!
Drop your phone in an empty bowl or glass when playing music. Instant speaker amplifier. The bowl acts like a megaphone and doubles the volume without draining your battery faster.
Talk instead of typing to writing a long message or document!
You can speak to enter text anywhere you’d normally type. On Windows, click into a text box and press Win key + H to start voice typing. On Mac, open System Settings > Keyboard > Dictation, turn it on, then press the microphone key when you’re ready.
