How to Prevent Data Broker Collection in 2026

What Are Data Brokers?

Data brokers are companies that collect, aggregate, and sell personal information about consumers. You've likely never heard of most of them, yet they know more about you than your closest friends.

The industry operates largely invisibly:

• Over 4,000 data broker companies operate in the United States

• Only a fraction register in states requiring disclosure (550 in California, 404 in Vermont, 36 in Oregon)

• Most consumers have no idea these companies exist or hold their data

Major players by revenue:

• Experian: $9.7 billion annually, 300+ million profiles

• Equifax: $5.1 billion annually, 220+ million profiles

• Epsilon: $2.9 billion annually, 250+ million profiles

• Acxiom: $2.7 billion annually, 260+ million profiles

• CoreLogic: $1 billion annually, 134+ million addresses

The typical profile contains:

• 1,500+ data points per person on average

• Personal identifiers, contact information, demographics

• Complete purchase histories, browsing behaviors

• Location data, social connections, behavioral patterns

• Inferred sensitive information (health, politics, religion)

How the Broker Economy Works

The Business Model:

Data brokers don't sell products to you. They sell you as a product to others.

Collection → Aggregation → Enhancement → Sale

1. Collection: Gather data from hundreds of sources (detailed in next section)

2. Aggregation: Combine data points from different sources into unified profiles

3. Enhancement: Use AI to infer additional attributes not directly collected

4. Sale: Package and sell access to these profiles to buyers

Who buys the data:

• Advertisers targeting specific demographics

• Insurance companies assessing risk

• Employers screening candidates

• Landlords evaluating renters

• Financial institutions determining creditworthiness

• Political campaigns identifying voters

• Other data brokers (profiles get resold multiple times)

Market size and growth:

• $323 billion global market in 2024

• Projected to reach $698 billion by 2034

• 8% annual growth rate

• North America represents $139 billion (43% of global market)

Why brokers bought Honey for $4 billion:

PayPal didn't acquire a simple coupon extension. They bought:

• Real-time purchase intent data from millions of users

• Complete browsing histories tied to shopping behavior

• Ability to attribute conversions across affiliate networks

• Direct access to pre-purchase decision moments

The browser extension data proved worth more than most technology companies.

How Data Brokers Collect Your Information

Data collection happens through dozens of channels simultaneously. Understanding these methods reveals where to focus prevention efforts.

1. Browser Extensions

The Honey model:

• Installed by users voluntarily for "savings"

• Collected 2,591 page views in 3 months from single user

• Tracked every website visited with timestamps

• Captured order numbers, search queries, streaming habits

• Recorded which affiliate links led to purchases

Other extension threats:

• Urban VPN harvested AI conversations from 8 million users

• Collected ChatGPT, Claude, Gemini, Copilot conversations

• Avast/AVG security extensions tracked full browsing histories

• Extensions can access everything you do in the browser

What extensions collect:

• Complete URL history

• Page titles and content

• Form inputs before submission

• Shopping cart contents

• Time spent on each site

• Navigation patterns

• Device and browser fingerprints

2. Cookies and Tracking Pixels

Cookies:

• Small files stored in your browser

• Track you across websites and over time

• First-party cookies increasingly used as third-party blocked

• Average website sets 5.5x more cookies after you click "Accept All"

Tracking pixels:

• 1x1 invisible images embedded in websites/emails

• Send data directly to servers (harder to block than cookies)

• Capture IP address, device type, browsing patterns

• Facebook Pixel detected on 23% of top 10,000 websites

• Work even when cookies are blocked

Combined tracking:

• Cookies identify you across sessions

• Pixels report behavior in real-time

• Together they build complete behavioral profiles

• Data shared with hundreds of advertisers per page view

3. Mobile Apps and SDKs

Software Development Kits (SDKs):

• Pre-built code libraries embedded in apps

• Collect data while providing app functionality

• Often transmit more data than the app developer realizes

Mobile-specific collection:

• Device IDs (IDFA on iOS, AAID on Android)

• Precise GPS location even when disabled (via IP/WiFi)

• Accelerometer and gyroscope data revealing movement patterns

• Wi-Fi networks and Bluetooth for indoor positioning

• Complete app usage history

• In-app purchase data

• Contact lists and communication patterns

Re-identification capabilities:

• 49% of iOS and 59% of Android users re-identified for $5/day

• Advertisers leave "marks" in app storage to bypass ID resets

• Location data alone can identify individuals with 95% accuracy

Scale:

• Every ad impression shares data with hundreds of bidders

• Real-time bidding completes in under 200 milliseconds

• Data broadcast includes location, demographics, behavior

4. IoT and Smart Home Devices

Device surveillance:

• Amazon Alexa collects 28 distinct data points

• Google Home collects 22 data points

• Smart TVs track viewing habits and recognize voices

• Connected doorbells, cameras, thermostats all report data

What smart devices collect:

• Voice recordings from every command

• Video/audio surveillance footage

• Temperature, lighting, and occupancy patterns

• Times you're home vs away

• Device interaction frequencies

• Network traffic from all connected devices

Data sharing:

• 1 in 10 smart home apps explicitly collects data for tracking

• Manufacturers often share/sell usage data

• Third-party apps may have access to device data

• Network analysis reveals household behavioral patterns

5. Social Media Platforms

Platform collection:

• Every post, comment, like, share tracked

• Private messages scanned (except encrypted apps)

• Time spent on different content types

• Scrolling patterns and engagement metrics

• Photos/videos analyzed for content and people

• Location tags from posts and metadata

Extended tracking:

• "Sign in with Facebook/Google" tracks across websites

• Like/Share buttons track you even without clicking

• Pixel tracking on external websites

• Mobile app data sharing with Facebook/Meta

What platforms collect:

• Complete friend/follower network graphs

• Political views inferred from engagement

• Relationship status and life events

• Shopping interests from browsing/likes

• Real-time location from mobile apps

Metadata trading:

• FTC found platforms collected race, sexuality, health status, political affiliation

• Data sold to advertisers, political campaigns, data brokers

• Profiles shared across Meta/Facebook ecosystem

6. Public Records Scraping

Government and court sources:

• Court records (lawsuits, judgments, legal disputes)

• Criminal records (arrests, convictions, mugshots)

• Bankruptcy filings (debts, financial distress)

• Property deeds (real estate ownership, prices, mortgages)

• Voter registration (party affiliation, voting frequency)

• Marriage/divorce records (relationship status changes)

• Birth certificates (date and place of birth)

• Motor vehicle records (cars owned, driver's licenses)

• Professional licenses (occupations, certifications)

Automated scraping:

• Specialized services extract public records at scale

• Data includes names, addresses, family members

• Cross-referenced with other sources for enhanced profiles

• Sold in bulk to data brokers

Postal data:

• USPS change-of-address forms sold to marketers

• New address linked to previous locations

• Moving triggers targeted marketing campaigns

7. Financial Transaction Data

Credit reporting agencies:

• Track every credit account, payment, balance

• Monitor credit applications and inquiries

• Record bankruptcies, collections, foreclosures

• Include employment history and salary data

• Add utility and phone bill payments

Transaction tracking:

• Point-of-sale systems capture purchase details

• Credit card companies sell transaction data

• Banks share spending patterns with affiliates

• Payment processors log merchant categories

Transaction enrichment:

• Raw transactions enhanced with merchant details

• Spending categorized (groceries, entertainment, healthcare)

• Behavioral insights derived from patterns

• Risk assessments based on spending behavior

What transactions reveal:

• Income level from deposits and spending

• Financial stress from budget brand shifts

• Health conditions from pharmacy purchases

• Lifestyle changes from new spending categories

• Travel patterns from transaction locations

8. Loyalty Programs

Signup data collection:

• Name, email, phone, address, birthday

• Product preferences and shopping frequency

• Family size and household information

• Income estimates and demographics

Ongoing tracking:

• Complete itemized purchase history

• Product brands and categories purchased

• Purchase timing and frequency patterns

• Price sensitivity and discount responsiveness

• Store locations visited (geolocation via app)

Data monetization:

• Sold to data brokers and advertising networks

• Shared with third-party analytics firms

• Used for dynamic pricing (different prices for different customers)

• Enables predictive analytics for future purchases

Cross-referencing:

• Email links loyalty data to online browsing

• Mobile apps connect in-store and online behavior

• Payment methods tie purchases across retailers

9. Real-Time Bidding Advertising

How RTB works:

• You visit a website with ad space

• Auction occurs in under 200 milliseconds

• Your data broadcast to hundreds of bidders

• Highest bidder's ad displays

Data shared per impression:

• IP address (reveals location and ISP)

• Device type, OS, browser version

• Browsing history for current session

• Demographic inferences from previous tracking

• Behavioral profiles from cross-site tracking

• Potentially race, sexuality, health status, political views

Privacy implications:

• Data shared with potentially hundreds of companies

• No control over who receives your information

• Profiles built from aggregate auction data

• Cross-device tracking links phones, tablets, computers

10. Additional Collection Methods

Online forms and surveys:

• Contests and giveaways require detailed information

• Product registration forms capture ownership data

• Newsletter signups provide email for cross-referencing

• Quizzes designed to gather personality/preference data

Commercial data sharing:

• Retailers sell customer lists and transaction histories

• Catalog companies share mailing lists

• Financial services share credit/banking info

• Healthcare providers share prescription data (anonymized but re-identifiable)

Data broker trading:

• Brokers buy and sell data between themselves

• Single person's data appears in dozens of databases

• Each broker adds value through enhancement

• Profiles grow more detailed through aggregation

AI-powered inference:

• Algorithms generate new data points without direct collection

• Purchase patterns infer health conditions

• Browsing behavior reveals political leanings

• Social connections suggest demographics

• Example: Publicis CoreAI profiles 2.3 billion people through inference

What gets inferred:

• Pregnancy status from purchase patterns

• Health conditions from pharmacy/supplement purchases

• Political affiliation from browsing and social media

• Sexual orientation from app usage and location

• Financial stress from spending changes

• Education level from vocabulary and browsing

• Personality traits from behavioral patterns

The Profile They Build

Combining all these sources, brokers create profiles containing:

Identity:

• Full name, aliases, maiden names

• Current and previous addresses

• Phone numbers (mobile and landline)

• Email addresses

• Social Security number (from credit sources)

• Date and place of birth

Demographics:

• Age, gender, race, ethnicity

• Education level

• Occupation and employer

• Income estimate and net worth

• Marital status and household size

• Homeowner vs renter status

Behavioral:

• Complete purchase history

• Browsing habits and search queries

• App usage patterns

• Social media activity and connections

• Location history and movement patterns

• Media consumption (TV shows, music, podcasts)

Financial:

• Credit scores and reports

• Bank account balances

• Investment holdings

• Debts and payment history

• Insurance policies

• Tax liens and judgments

Sensitive (Inferred):

• Health conditions and medications

• Political affiliation and voting likelihood

• Religious beliefs

• Sexual orientation

• Psychological profile

• Vices and addictions

• Life changes (pregnancy, divorce, job loss)

This data sells for:

• $0.0005 to $0.50 per person for basic demographic data

• $50-$500 for detailed consumer profiles

• Thousands for high-value prospect lists

• The industry generated $323 billion in 2024

Now let's prevent them from collecting this data in the first place.

1. Browser Setup

Choose Your Browser

Best Pre-Configured Options:

• Brave - Works immediately, no setup needed, Chrome extensions compatible

• LibreWolf - Firefox-based, maximum privacy out of the box

• Safari + content blocker - For Apple users, competitive privacy with AdGuard/1Blocker

Requires Manual Setup:

• Firefox - Good option but needs configuration:

  • Settings > Privacy & Security > Set Enhanced Tracking Protection to Strict

  • Disable telemetry under Firefox Data Collection and Use

  • Change default search to DuckDuckGo/Startpage

  • Enable HTTPS-Only Mode

  • Install uBlock Origin extension

Essential Browser Settings

All Browsers:

• ✓ Block third-party cookies

• ✓ Clear cookies/cache on exit

• ✓ Enable "Do Not Track" or Global Privacy Control

• ✓ Set HTTPS-only mode

• ✓ Disable location access in browser settings

2. Browser Extensions

Install in this order of priority:

Tier 1: Ad/Tracker Blocking

Choose one:

• uBlock Origin - Best for Firefox, Edge, Opera, Brave (MV2 support)

• AdGuard - Best for Chrome (MV3 compatible), works everywhere

Tier 2: Learning Blocker

• Privacy Badger - Complements uBlock/AdGuard, blocks emerging trackers

Tier 3: Script Control (Advanced)

• NoScript - Blocks JavaScript by default, steeper learning curve

  • Brave supports MV2 version (fuller features)

  • MV3 version coming for all browsers

Setup:

• Install extensions from official browser stores only

• Enable all blocking features

• Whitelist only trusted sites as needed

3. Hide Your IP Address

Option A: Traditional VPN

Recommended Providers:

• Mullvad - No email required, strong privacy ($5-7/month)

• ProtonVPN - Switzerland-based, good reputation ($4-10/month)

• ExpressVPN - Fast, widely supported ($8-13/month)

Setup:

1. Subscribe to provider

2. Download/install their app

3. Connect before browsing

4. Verify connection at ipleak.net

Important: VPNs don't block trackers. Use with browser extensions.

Option B: Apple iCloud Private Relay

For Apple users only:

• Built into Safari on iOS 15+, iPadOS 15+, macOS Monterey+

• Included with iCloud+ ($0.99-9.99/month)

• Enable: Settings > Apple ID > iCloud > Private Relay

Limitations:

• Safari only (doesn't protect other browsers/apps)

• Can't run simultaneously with VPN

• No server location choice

4. Email Aliasing

Generate unique email addresses for each service to prevent tracking across accounts.

Service Comparison

Apple Hide My Email Setup

1. Settings > Apple ID > iCloud > Hide My Email

2. When entering email on websites, tap "Hide My Email" autofill suggestion

3. Manage aliases in Settings or iCloud.com

Works with: Sign in with Apple, Safari forms, third-party apps (iOS 16+), Apple Pay receipts

SimpleLogin/Addy.io Setup

1. Create account at simplelogin.io or addy.io

2. Install browser extension

3. Click extension icon when prompted for email

4. Generate new alias with one click

Usage Strategy

Create separate emails for:

• Banks, government, healthcare (primary address - never give to retailers)

• Trusted retailers (secondary address)

• Everything else (use aliases)

5. Virtual Payment Cards

Prevent transaction tracking with unique card numbers per merchant.

Privacy.com

Setup:

1. Sign up at privacy.com

2. Link bank account or debit card

3. Install browser extension (optional)

Usage:

• Generate new card for each merchant

• Set spending limits per card

• Enable merchant-locking (card only works at first merchant used)

• Close/pause cards instantly if compromised

Card Types to Create:

• Single-use cards for one-time purchases

• Subscription cards with monthly limits

• Category cards for recurring expenses (groceries, utilities)

Alternatives:

• Capital One Eno (browser extension)

• Revolut virtual cards

• PayPal (shields real card number)

6. Secure DNS

Prevent ISP from logging websites you visit.

Provider Recommendations

Setup Instructions

Windows 11:

1. Settings > Network & Internet > Ethernet/Wi-Fi

2. Hardware properties > Edit DNS

3. Select Manual, enable IPv4

4. Enter Preferred DNS: 1.1.1.1, Alternate: 1.0.0.1

5. Enable "DNS over HTTPS"

macOS:

1. System Settings > Network > Your Connection

2. Details > DNS

3. Add DNS Server: 1.1.1.1

4. For DoH: Download provider's configuration profile

iOS:

1. Settings > General > VPN & Device Management

2. Download DNS configuration profile from provider

3. Install profile

Android:

1. Settings > Network & Internet > Private DNS

2. Select "Private DNS provider hostname"

3. Enter: one.one.one.one (Cloudflare) or dns.quad9.net (Quad9)

Router (All Devices):

1. Access router admin (typically 192.168.1.1)

2. Find DNS settings

3. Replace ISP DNS with chosen provider

4. Save and reboot router

7. Mobile Privacy Settings

iOS Configuration

Location Services:

• Settings > Privacy & Security > Location Services

• Set apps to "Never" or "While Using the App" (not "Always")

• Disable: Location-Based Apple Ads, Location-Based Suggestions

App Permissions:

• Settings > Privacy & Security

• Review Camera, Microphone, Photos, Contacts

• Restrict to minimum necessary

Advertising:

• Settings > Privacy & Security > Apple Advertising

• Toggle off "Personalized Ads"

Safari:

• Settings > Safari

• Enable "Prevent Cross-Site Tracking"

• Enable "Block All Cookies" (or at minimum block third-party)

App Privacy Report:

• Settings > Privacy & Security > App Privacy Report

• Review which apps access sensitive data

• Remove excessive data collectors

Android Configuration

Permissions:

• Settings > Privacy > Permission Manager

• Review Location, Camera, Microphone, Contacts

• Set to "Deny" or "Allow only while using"

Advertising:

• Settings > Privacy > Ads

• Enable "Opt out of Ads Personalization"

• Reset advertising ID regularly

Location:

• Settings > Location

• Disable when not needed

• Remove permission from unnecessary apps

Data Saver:

• Settings > Network & internet > Data usage > Data saver

• Enable to restrict background data collection

Universal Mobile Practices

Monthly routine:

• ✓ Reset advertising ID

• ✓ Delete unused apps

• ✓ Review app permissions

• ✓ Use mobile browser instead of apps when possible

8. Encrypted Messaging

Replace SMS/standard messaging with end-to-end encrypted apps.

App Comparison

Signal Setup (Recommended)

1. Download from app store

2. Verify phone number

3. Create username (optional, hides number from contacts)

4. Enable disappearing messages for sensitive chats

5. Enable screen security (prevents screenshots)

6. Turn on registration lock

Essential Settings

• ✓ Enable disappearing messages for temporary conversations

• ✓ Turn on screen security

• ✓ Enable app lock (PIN/biometric)

• ✓ Verify safety numbers for sensitive contacts

9. Additional Practices

Account Management

• Use password manager (Bitwarden, 1Password)

• Enable 2FA on all important accounts

• Delete old unused accounts

• Never use "Sign in with Facebook/Google"

Social Media

• Set all profiles to private/friends-only

• Minimize personal information on profiles

• Never do personality quizzes requesting profile access

• Review and revoke app permissions regularly

Shopping

• Use email aliases for all retail accounts

• Use virtual cards for online purchases

• Minimize loyalty program participation

• Opt out of marketing/data sharing in account settings

Browsing Habits

• Clear cookies/history regularly

• Use HTTPS websites only

• Avoid clicking unknown links

• Use VPN on public WiFi

• Bookmark login pages instead of searching

10. Implementation Tiers

Choose your commitment level:

Basic Protection (1-2 hours setup)

Browser:

• Install Brave or LibreWolf

• Install uBlock Origin or AdGuard

• Configure privacy settings

Mobile:

• Adjust location settings

• Review app permissions

• Disable ad personalization

Basics:

• Use password manager

• Enable 2FA

• Install Signal

Blocks: ~60-70% of tracking

Enhanced Protection (3-4 hours setup)

Everything from Basic, plus:

Network:

• Subscribe to VPN or enable iCloud Private Relay

• Configure secure DNS (Cloudflare/Quad9)

Email:

• Set up email aliasing (SimpleLogin/Addy.io/Hide My Email)

• Create primary/secondary/disposable address hierarchy

Payments:

• Sign up for Privacy.com

• Generate virtual cards for existing subscriptions

Mobile:

• Reset advertising ID

• Delete unnecessary apps

• Use browsers instead of apps

Blocks: ~85-90% of tracking

Maximum Protection (Ongoing commitment)

Everything from Enhanced, plus:

Advanced:

• Use Tor Browser for sensitive activities

• Use Privacy Badger + NoScript

• Self-host email/cloud storage (if technical)

• Use hardware security keys

Devices:

• Separate devices for different contexts

• Consider GrapheneOS/CalyxOS for Android

• Minimize IoT devices

Behavior:

• Monthly privacy audits

• Regular alias/virtual card rotation

• Strict account minimization

Blocks: ~95%+ of tracking

Quick Reference Checklist

Browser Setup:

• Privacy-focused browser installed

• uBlock Origin or AdGuard installed

• Privacy Badger installed

• Third-party cookies blocked

• Clear data on exit enabled

Network Privacy:

• VPN or iCloud Private Relay active

• Secure DNS configured

• DNS encryption enabled (DoH/DoT)

Identity Protection:

• Email aliasing service setup

• Virtual card service setup

• Using aliases for new accounts

• Using virtual cards for purchases

Mobile Security:

• Location restricted to "While Using"

• App permissions reviewed

• Ad personalization disabled

• Unnecessary apps deleted

Communication:

• Signal installed and configured

• Contacts migrated from SMS

• Disappearing messages enabled

Ongoing Maintenance:

• Monthly: Reset advertising ID

• Monthly: Review app permissions

• Quarterly: Audit active accounts

• Quarterly: Review active aliases/cards

Tool Costs

Free Options:

• Brave/LibreWolf/Firefox browsers

• uBlock Origin/AdGuard/Privacy Badger extensions

• Cloudflare/Quad9 DNS

• SimpleLogin/Addy.io (limited free tier)

• Apple Hide My Email (with existing iCloud+)

• Privacy.com (free tier available)

• Signal/Threema (one-time $5 for Threema)

Paid Services:

• VPN: $5-13/month

• iCloud+ (with Hide My Email): $0.99-9.99/month

• Email aliasing premium: $1-5/month

• Password manager: $0-5/month

Total monthly cost for Enhanced Protection: $10-25/month

Verification

Test your setup:

Browser protection:

• Visit coveryourtracks.eff.org

• Run the tracker test

• Check for fingerprinting protection

DNS/VPN:

• Visit ipleak.net

• Verify DNS servers match your configuration

• Confirm IP address differs from actual location (if using VPN)

Email:

• Generate test alias

• Confirm forwarding works

• Test deactivation

Payment:

• Create test virtual card

• Verify merchant-locking

• Test pause/close functionality

Remember: Prevention is easier than removal. Every tool you implement makes data broker profiling exponentially harder. Start with Basic tier and expand as comfortable