Reduce Google Tracking: Practical Privacy Steps
A practical, incremental guide to improve privacy by changing defaults (search, browser, location, and account settings) without breaking your daily workflow.
Nobody actually leaves Google in a weekend. The people who claim they did either ran a few command lines on a burner laptop, or they came back quietly when they realized that Calendar, Photos, and Drive had become the load-bearing walls of their digital life. The real question is not whether you can ditch Google in one heroic sprint. It is which of its defaults are quietly producing the most data about you, and which of those defaults are cheapest to fix this week. Privacy is a budget, not a vow. Spend it where it buys the most.
What "leaving Google" actually means in 2026
Google logs roughly 8.5 billion searches a day. Gmail has somewhere north of 1.8 billion active users. Chrome runs on around two-thirds of the desktops on the open web. Android is on more than 70 percent of the world's phones. When privacy advocates say "Google," they are not really talking about a search engine; they are talking about an operating layer that sees your queries, your browsing, your inbox, your calendar, your phone, your location, and the ad you just looked at on a completely unrelated site. The data is not malicious. It is just comprehensive.
Migration is rarely about deletion. It is about decentralization. Search lives in one place, email in another, photos in a third, documents in a fourth. None of those owners has the full picture, and none of them can sell "you" as cleanly as a single cross-product profile can be sold. The point is to break the join between the tables, not to torch every table.
That framing also makes the work tractable. You are not trying to become a ghost. You are trying to make the ad market a little less accurate, the next data leak a little less revealing, and the next subpoena a little less useful. Those are achievable goals on a Saturday afternoon. Anonymity is not.
The data Google has, written plainly
Open myactivity.google.comin any browser where you are signed in. Scroll. The list goes back years. Every YouTube video you watched while half-asleep. Every "ok google" you mumbled at a speaker. Every Maps query, every search you regretted typing, every app you opened on Android. There is a pattern: it is not a single category of data, it is a join across categories. Search alone is interesting. Search joined with location, joined with YouTube history, joined with the Gmail receipt for what you bought afterwards, is something else entirely.
The categories worth knowing by name, because you will need to disable them in different places:
- Web & App Activity.The big one. It captures searches, Chrome history (when sync is on), Android app launches, Assistant requests, and a long tail of in-product behavior. It also opts you into using that data to train Google's models. Turning it off is the single most consequential setting on the account.
- Location History / Timeline. Background location collection. Google moved this from server-side to on-device storage for new accounts during 2024. That was not a privacy gift; it was a legal hedge after years of geofence warrants. On-device by default is good for you, but only if you actively turn it on or leave it off, rather than trusting the migration prompt.
- YouTube History. Drives recommendations, but also feeds the broader profile. Pausing it is one toggle and barely affects the experience after a week.
- Ad personalization. The Frankenstein output of everything above, plus what websites told Google about you through Ad Manager and Analytics. Disabling it does not stop ads; it stops ads chosen specifically for the profile you generated.
None of those toggles are hidden. They are all reachable from the account dashboard. The reason most people never use them is friction and forgetfulness, not technical difficulty. Set yourself a recurring reminder for two minutes every quarter. That is the entire ongoing cost of the highest-leverage privacy work you can do without leaving Google at all.
The five doors worth shutting first
If you only have an hour, spend it on the five settings and switches below, in this order. The order is not arbitrary. It runs from cheapest-to-fix to most-painful-to-undo, and the early steps reduce the damage of postponing the later ones.
- Search default. One setting in your browser. Reduces the freshest, most predictive intent signal in your day.
- Browser hardening. Switch the browser, or pin down the one you have. Neutralizes a long tail of cross-site profiling.
- Account-level toggles.Web & App Activity, Location, YouTube History, Ad Personalization. Free, fast, durable.
- New email for new signups. Stops the bleed without touching anything you already have.
- Critical migrations. Banking, password manager, domain registrar, primary 2FA, social. The ones where a missed recovery email becomes a four-hour problem.
Notice what is not in that list: maps, calendar, drive, photos, contacts. Those are real privacy concerns, but they are also the infrastructure of your week. Move them later, when you have a real replacement that you have already used in anger for a month. Otherwise you will revert, and reverting is worse than never starting because you also lose trust in the next plan.
Search: pick one that fits the way you actually search
The search default is a one-line change in your browser settings, and it touches privacy more than almost any other single switch you can flip. The trade-off is that Google is genuinely the best general-purpose search engine for most queries. The alternatives are good, but each one has a personality, and the right pick depends on what you mostly look up.
- DuckDuckGois the default-default. It runs on Bing's index for the long tail with its own crawlers and ranking on top, has no behavioral targeting, and ships its own browser. The results are fine for most queries and noticeably weaker for niche programming questions and recent events. Good for people who want one switch and done.
- Brave Search uses its own independent index, which is unusual; very few search engines outside Google and Bing have their own crawl. The results have a different shape — more long-form blogs, fewer affiliate spam farms, and an AI summary option you can turn off.
- Kagi is paid (about ten dollars a month for the mid-tier). That sounds awkward until you realize that you are paying for a search engine to be on your side instead of your attention being the product. The results are aggressively deprioritized for SEO sludge, and the customization options for blocking domains and boosting others are unusual. People who try it for two weeks rarely go back, which is the most honest thing I can tell you about a search engine.
- Startpageshows you Google results without sending Google your IP or query history. If you specifically want Google's ranking but not Google's data collection, this is the cleanest path.
- Mojeek runs an independent crawl. Smaller index, but useful as a cross-check when you want results that are not shaped by either Google or Microsoft.
A pragmatic setup: pick one as default, keep one bookmarked as a fallback. Google is one keyword away in any browser's address bar with a custom search shortcut, so you do not lose access. You just stop handing it the firehose.
Browser: where the real cross-site tracking lives
Chrome is fast, polished, and works with everything. It is also a product owned by an advertising company, and that company is in the middle of a years-long argument about how exactly to replace third-party cookies in a way that still allows targeted advertising. Topics API, Privacy Sandbox, the on-and-off-and-on-again cookie deprecation plan. Whatever the final design ends up looking like, it is being designed by the company with the most to lose if browsers stop being good for ads. That is not a conspiracy theory; it is a stated business position.
The two strong replacements:
- Firefox. Mozilla still ships the only major non-Chromium engine that anyone runs at scale. Total Cookie Protection is on by default, fingerprinting protection is real, and the extension model has not been gutted by the Manifest V3 changes that hobbled ad blockers in Chrome. Install uBlock Origin. That is the single highest-leverage privacy extension on any browser, and Firefox keeps it functional.
- Brave.Chromium underneath, but with shields on by default — ads, trackers, fingerprinting, and known telemetry endpoints get blocked at the browser level without needing extensions. The trade-off is the company's own advertising and crypto-rewards features, which are off by default but exist. Most people I know who switched to Brave mostly switched for the speed; the privacy is a bonus.
On iPhone, Safari is the right default and is genuinely improving every year. Apple is not your privacy friend in some absolute sense, but its commercial incentives line up with reducing third-party tracking, which makes Safari a better baseline than Chrome on iOS by a wide margin. Intelligent Tracking Prevention, Private Relay (for iCloud+ users), and the absence of cross-app advertising IDs are not marketing fluff. They genuinely move the needle.
The setting checklist, regardless of browser: third-party cookies blocked, sync turned off or scoped tightly, search shortcuts that keep Google reachable but not default, an ad blocker installed, and a habit of using a private window for one-off logins to sites you do not want associated with your normal browsing identity. None of that is dramatic. All of it adds up.
Email is identity. Treat it that way.
Email is the spine of your online identity. It is the recovery address for every account you have ever made. It receives the one-time codes for the bank, the password resets for the domain registrar, the legal notices about the lease, and the order confirmations that double as proof of purchase. Moving it is the single biggest project in any privacy migration, and it is also the one most people start with and give up on within a week. So plan for the friction.
The real alternatives are mature now, in a way they were not five years ago. Proton Mail is end-to-end encrypted by default for Proton-to-Proton mail, has Swiss legal jurisdiction, works with custom domains on the paid plan, and has decent IMAP via the Bridge tool if you need to use Apple Mail or Thunderbird. Tuta (formerly Tutanota) is the German equivalent with end-to-end encryption baked in deeper at the cost of some IMAP compatibility. Fastmail is Australian, has been around since 1999, has the best web client of any provider I have used, and is the option I quietly recommend to people who want something that just works without a privacy ideology.
Mailbox.org is the German pick if you want IMAP, calendar, contacts, and a professional setup at a low price. Apple iCloud Mail with Hide My Email is the underrated choice if you live in the Apple ecosystem already; the per-signup aliases let you give a different address to every site without operating a custom domain, and the relay sits between you and the sender.
The migration pattern that actually works: get the new mailbox. Forward Gmail to it for a month so you do not miss anything. Update the email on your password manager first, then your domain registrar, then your bank, then the rest of your top ten accounts. The order matters because each later account uses one of the earlier ones as the recovery channel. Get the chain right and the rest of the migration takes care of itself over the following quarter as you happen to log into things and realize the email is old.
Use a custom domain if you can. Five dollars a year at any registrar and you stop being captive to whichever email provider you pick this year. If the provider goes bad, you point the domain somewhere else and your address survives. That is the real long-term privacy move on email — not which provider you pick, but whether your address is portable.
Location is where this stopped being abstract
In November 2022, Google paid $391 million to settle with 40 state attorneys general over location tracking that continued after users thought they had turned it off. In 2023, California settled separately for another $93 million. Multiple state cases continued after that, and in late 2023 Google announced it was moving Location History from cloud storage to on-device storage for new accounts. The official framing was about giving users control. The unofficial framing, in every privacy lawyer's reading I have seen, was about making future geofence warrants impossible to comply with — because Google cannot hand over data it does not have.
Geofence warrants are the practical reason this matters. Police would ask Google for a list of every device near a location during a window of time. Google would return anonymized records, and the police would narrow down to a person. People near a crime scene who were never suspects ended up identified that way. People near abortion clinics ended up identified that way. The rules have tightened, but the history is recent enough that it should change how you think about background location collection.
The practical settings:
- On Android, set location permission to "While in use" for almost every app. The exceptions should be ones with a real ongoing need, like turn-by-turn navigation while you are driving.
- Turn off Web & App Activity at the account level, which kills location-tagged search history.
- Disable Location History (or Timeline) entirely if you do not need the "where was I last June" feature. If you do, set auto-delete to three months. That is short enough to mostly neutralize subpoena risk and long enough to be useful.
- Audit your photo metadata. Modern phones embed precise coordinates in every photo by default. If you share photos online, either strip EXIF before posting or turn off location tagging for the camera entirely. Apps that strip metadata exist; iOS has the option built into the share sheet.
- Check the Maps app for saved "home" and "work" addresses. Many people set these years ago and forgot. They are the most sensitive single fields in the entire account.
The "Sign in with Google" trap
Every time you click "Sign in with Google" on a third-party site, three things happen. The site gets a verified identity tied to your Google account. Google learns that you have an account on that site. And the next time the site changes its login flow, you discover whether you can still get in if you were to lose access to the Google account.
The single-sign-on convenience is real. So is the lock-in. Treat "Sign in with Google" like a relationship you can end cleanly. For accounts you actually care about, set up a separate password and use that as the primary login. Keep Google SSO as a backup if the site supports both. For trivial accounts, SSO is fine, but be aware that you are giving the same identity to a long list of sites and that a future change to any single one of them — Google or the site — can lock you out without warning.
Apple's "Sign in with Apple" is the cleaner version of this same idea. It can give the third-party site a per-app relay email instead of your real one, which means the site cannot easily join its records to anyone else's. It is not a privacy panacea, but for new accounts where you do not need a custom domain identity, it is the better default.
Maps without selling the route home
Google Maps is genuinely best-in-class for traffic, business hours, reviews, and routing in dense cities. The alternatives are not embarrassing anymore, but they have different strengths.
- Apple Maps on iOS is the easy pick if you are already on iPhone. The data has been rebuilt over the last several years, the routing is competitive, and the privacy posture is the best of any mainstream maps product. It does not tie your queries to a long-lived profile the way Google does.
- Organic Maps is open source, offline-first, and built on OpenStreetMap. Excellent for hiking, road trips, and anywhere you do not want to depend on a connection. Worse for business listings and traffic. Free, no account.
- OsmAnd is the power-user option in the OSM family. Steeper learning curve. The most flexible offline maps tool I have used.
- Magic Earth is proprietary but free and uses OSM data with its own routing engine. Good live traffic without the tracking. Available on both iOS and Android.
A reasonable hybrid: Apple Maps or Magic Earth for daily routing, Organic Maps preloaded for travel and trips, Google Maps in a private browser window when you genuinely need a business's weekend hours.
Documents, calendar, contacts: the boring tier
Drive, Calendar, and Contacts are where most migration plans die, because the replacements work differently and the existing data is sticky. The honest advice is that this tier is rarely worth migrating for privacy alone. It is worth migrating for resilience: not having a single account that, if compromised, takes your last decade of documents and your professional calendar with it.
For documents: Proton Drive is the encrypted choice with mobile and desktop apps that have finally stopped feeling like an alpha product. Tresorit is the enterprise pick. Sync.com is Canadian and zero-knowledge. iCloud is the path of least resistance for Apple-ecosystem users, and Advanced Data Protection (a setting Apple released in 2023) makes the bulk of iCloud genuinely end-to-end encrypted. Turn that on even if you do not migrate anything else.
For calendars and contacts: a CalDAV/CardDAV provider like Fastmail, Mailbox.org, Proton, or Apple iCloud handles both natively, and every modern phone and calendar client speaks those protocols. The usual blocker is shared calendars with non-migrated people. The fix is to keep Google Calendar around as a read-only mirror via cross-subscribe for the first six months, then phase out the invitations slowly.
YouTube is harder than it looks
YouTube has no real replacement at the content level. There is no other site with even ten percent of the videos. What you can do is change how you watch.
- Pause Watch History on your account. Recommendations get less personalized; that is mostly fine after a week.
- Watch logged-out where possible. The site is functional without a sign-in for the actual viewing.
- On Android, NewPipe is the front-end most privacy-conscious users settle on. No login, no ads, subscriptions stored locally.
- On iOS, Vinegar rewrites the YouTube embed to use the native video player and strips the tracking layer. About a dollar fifty, one of the best small-software purchases available.
- On the web, Invidious instances let you watch without a Google session. They come and go; pick a recently updated one.
Android: stop signing in to everything
The deepest Google integration on the planet is an Android phone signed in to a Google account that is also synced to Chrome and used for the Play Store and YouTube and Maps. It is impressive engineering and a complete privacy nightmare. You do not need to flash a custom ROM to fix it.
- Use a different Google account for Play Store than the one you use for personal email. The Play account becomes a billing and install-history identity; your real identity does not need to be attached to it.
- Turn off Backup & Sync for the system, or scope it to only the data you actually need recovered.
- Per-app permissions: deny location to apps that do not need it, deny contacts to apps that do not need it, deny photo access at all to anything except actual camera and gallery apps. Modern Android has selected-photos permissions; use them.
- For real privacy minded users, GrapheneOS on a Pixel is the option. It has the best security model of any mobile OS, runs sandboxed Google services as ordinary apps if you want them, and removes them entirely if you do not. It is not for everyone — banking apps in particular have been a moving target — but it is the most polished de-Googled Android there has ever been.
Network privacy: the layer you cannot migrate around
You can change every app and every account and your IP address still identifies your home, your office, and any cafe Wi-Fi you have recently used. Your DNS queries still tell whichever resolver you use which sites you tried to visit. Your browser still leaks small details about your hardware that combine into a fingerprint.
The network-layer playbook:
- Use encrypted DNS at the system level. DNS over HTTPS or DNS over TLS to a resolver that is not your ISP and is not Google. Quad9, Cloudflare 1.1.1.1, NextDNS, AdGuard DNS. Each has different trade-offs. NextDNS in particular is paid past a small free tier and gives you per-device logs and blocklist control.
- A VPN matters for two specific things: hiding your IP from sites you visit, and stopping your ISP from selling your DNS history. It does not anonymize you to logged-in services. See What Is a VPN? for the realistic version of what a VPN buys you.
- Verify with the right tools. Run the IP address lookup, the DNS leak test, and the WebRTC leak test before and after any change. Without measurement, you do not know which switches actually moved the needle.
- For people who run a Pi-hole or AdGuard Home at the router level, this is where ad and tracker blocking gets durable. Every device on the network inherits the policy without per-device setup.
Google Takeout: the tool nobody actually uses
Before you change anything that affects accounts, run Google Takeout from takeout.google.com and ask for a full export. Photos, Drive, Mail, Calendar, Contacts, YouTube history, Chrome bookmarks, Maps timeline, Fit data, Keep notes, and the long tail of smaller services. Pick the format that you can actually open later; for Photos, that means JSON sidecar files plus the original images, not just the images.
The export takes hours to days depending on how much data you have. Two practical tips. First, set the delivery method to a service you do not control via Google itself — Dropbox, OneDrive, or a download link to your own machine. Otherwise you have just made a copy of your Google data, on Google. Second, verify the archive after it arrives. Open a few photos, open the contacts vCard, open the Calendar ICS file. Discovering that the export is broken six months after you cancelled the account is a uniquely bad experience.
What this does not fix, said clearly
- You are still trackable by a determined adversary. Privacy is probabilistic; you are reducing the resolution of the picture, not becoming a black box.
- Other ad networks fill the vacuum. Meta, TikTok, Microsoft, the long tail of programmatic ad-tech firms — they all want the same information. Splitting your data across them is better than handing it all to one company, but it is not anonymity.
- Bad habits beat good tools. A reused password, a phishing click, a shady browser extension, a leaked database from a site you forgot you signed up for ten years ago. Migration does not fix any of those. A password manager and hardware 2FA fix more of them than any browser switch ever will.
- Your friends are part of your privacy. If they back up their contacts to Google, you are in the contacts they backed up. There is no setting on your account that fixes that. Pick your social graph accordingly.
A 30-day plan that survives contact with reality
Heroic migrations fail because the friction is concentrated in the first weekend. Spread the work across four weeks and the chance of rollback drops by an order of magnitude.
Week 1: settings and search.Run Takeout. Switch the search default in every browser you use. Pause Web & App Activity, Location History, and YouTube History on the account. Disable ad personalization. Turn on auto-delete at three months for anything you keep. Total time: under an hour, plus the export running in the background.
Week 2: browser. Install Firefox or Brave. Move bookmarks. Install uBlock Origin. Set up a password manager that is not browser-built-in. Bitwarden free works for most people; 1Password is the polished paid pick. Move passwords out of Chrome. Sign out of Chrome.
Week 3: email shell. Buy a domain at any registrar. Set up Proton, Fastmail, or Mailbox on it. Forward Gmail to the new address. Update the email on your password manager, your registrar, and the top three accounts you cannot afford to lose. Do not yet deactivate Gmail.
Week 4: cleanup.Audit your account list (your password manager will show you the real number). Sort by sensitivity. Update the email on the next twenty accounts. Disable "Sign in with Google" where you set it up reflexively. Set a recurring calendar reminder for the next quarter to check the account dashboards on every privacy-relevant service.
After 30 days, you have not left Google. You have neutralized roughly 80 percent of the data flow with about five hours of total work. The remaining 20 percent is whatever services you still actively need. That residue is fine. It is the residue of life with hardware and software that have to work, not a moral failure.
Common mistakes
- Deleting before exporting. Once a Google account is closed, the data is gone within weeks. Run Takeout first. Verify the archive opens. Then delete.
- Migrating email without updating recovery first. The day you change your password manager's email is the day you find out which of your accounts had broken recovery flows. Fix the master account first.
- Trusting a single privacy product as a vow. A VPN is not a privacy plan, a private browser is not a privacy plan, an encrypted email is not a privacy plan. They are pieces. The plan is the layer above them.
- Confusing privacy with anonymity. They overlap but they are not the same. You can have privacy from advertisers without being anonymous to your bank, and you should want that.
- Forgetting that browsers leak fingerprints. Even with cookies blocked and a VPN running, a fresh-from-default Chrome window is identifiable across sites. This is a solved problem (Tor, hardened Firefox profiles) but only if you actually do the work.
- Treating it as one-and-done. Defaults change. Apps update. Your habits drift. Set the calendar reminder.
Useful IP Trackers tools for privacy hardening
- IP Address Lookup shows what your connection currently exposes at the network level.
- DNS Leak Test is useful when you switch to encrypted DNS or start using a VPN and want to verify the resolver path.
- WebRTC Leak Test checks browser-level exposure after you change browsers or extensions.
- IPv6 Leak Test confirms a VPN is also covering the IPv6 path. This is the forgotten failure mode in most VPN setups.
- IP Location Lookup shows how coarse or revealing the public IP still looks after your changes.
- What Is a VPN? gives the realistic version of what a VPN buys you, separate from the marketing.
- How to Protect Your IP Address is the network-layer companion to this article.
Frequently asked questions
Do I need to delete my Google account? No. Most people get most of the privacy benefit from changing defaults and moving identity off Gmail. Deletion is the last step, and only if you actually want it. A dormant account with all activity tracking off is functionally similar.
What is the single most consequential change? Pausing Web & App Activity at the account level. It is one toggle. It stops the largest single data stream into your profile. Cost: thirty seconds. Reversible: yes.
Will a VPN solve my Google privacy problem? No. A VPN changes what your ISP and websites see at the network layer; it does not change anything Google records about an account you are signed in to. The two protections stack but they are not substitutes.
Is Proton Mail or Tuta safer than Gmail? Safer is the wrong word. They are differently positioned. Gmail has the best spam filtering, the best deliverability, and the best UX. Proton and Tuta have end-to-end encryption for messages between users on the same service, jurisdictions outside the US Five Eyes, and a business model that does not rely on reading mail to sell ads. For most people, the second set of properties matters more.
Should I use Sign in with Apple instead of Sign in with Google?Yes, when both are offered and you have an Apple account. Apple's implementation supports per-site relay email, which Google's does not. The lock-in is the same; the data sharing is less.
Is the "Privacy Sandbox" in Chrome a real privacy improvement?Mixed. Topics API replaces some third-party cookie tracking with on-device topic inference, which is genuinely better than the previous baseline. But the framing that it makes Chrome "private" is marketing. The third-party-cookie-blocking browsers (Firefox, Safari, Brave) are still ahead.
What about my Android phone's baseband and firmware? If you are at the threat-model level where baseband and firmware matter, you are past the audience for this article. For most people, an up-to-date phone running an OS that receives security patches is the relevant baseline. GrapheneOS on a Pixel is the next step up.
Will any of this break my work account? Likely not the steps in this article. Work accounts on Google Workspace are governed by the admin, not the user, and the personal account toggles do not affect them. If you also want privacy on the work side, that is a conversation with IT.
How do I check whether the changes worked? Visit the account dashboard and confirm the toggles. Do a fresh search in your new default search engine and see whether it lands somewhere useful. Run the network-layer leak tests linked above. Openmyactivity.google.com in two weeks and confirm the recent activity list is empty or shorter than before.
Will I miss anything important?Probably the speed and accuracy of search, for the first month. Probably nothing else. Most people I have walked through this say the only adjustment they actively notice is the rougher first-day-of-search experience, and that goes away as the new search engine builds local cache and as you stop expecting Google's exact result ranking.
Continue with How to Protect Your IP Address, Essential Internet Security Tips, Understanding DNS, How to Hide My IP, and What Is a VPN?.