If you have a Google account—and chances are, you do (there are 1.8 Billion Gmail users after all) —there are a few new updates you should be aware of.

Google recently made some big changes to Gmail, Chrome, and even Android that directly impact your privacy. And while one improves account security, two others quietly increase Google’s access to your most sensitive, even intimate data.

👉 Oh, and there's the fourth update that we’ll reveal at the end of this post, so you’ll want to keep reading. This one is actually good news (we think).

📱 1. Gmail is retiring SMS codes for two-factor authentication

For years, Google let you secure your account with 2-factor authentication (2FA) using SMS codes. After typing your password, Google would text you a six-digit code to enter.

But SMS-based security has major flaws. Hackers can intercept texts, clone SIM cards, and exploit weaknesses in the phone network itself. SMS 2FA was a good solution in 2010, but not in 2025.

To fix this, Google is phasing out SMS codes for Gmail accounts and moving users to stronger forms of two-factor authentication, like:
🔑 An authentication App (we use Ente Auth - it’s open source)
🔑 Physical security keys (such as Yubikey)
🔑 Passkeys
🔑 Device prompts

What this means for you:
✅ If you're still using SMS codes to protect your Google account, switch now.
✅ Set up a secure 2FA method before your SMS codes are disabled.
✅ Don’t wait—accounts still using SMS may eventually face lockouts.

As luck would have it, we recently did a series on alternate 2FA methods, such as passkeys and hardware security keys. Get up to speed here:

The Truth About Passkeys

Feb 14

Read full story

Are Hardware Keys the Ultimate Security Flex?

Feb 28

Read full story

🕵️‍♂️ 2. Chrome’s “Enhanced Protection” now uses AI—and your browsing data?!?

Google also updated Chrome’s "Enhanced Protection" feature, which is designed to warn you about harmful sites, downloads, and extensions.

Helpful? In theory.

But, of course, there’s a privacy tradeoff.

If you enable Enhanced Protection, Google begins processing your browsing activity in real-time—not just to protect you, but to train its AI systems.

In short, Google is (probably) using this feature as another reason to collect sensitive data about where you go and what you do online.

It's a classic move, not necessarily unique to Google: wrap surveillance in a safety feature.

🔄 What should you do?

This is a great moment to ask yourself if Chrome is still the best browser for you.

If you want real security and real privacy, consider switching to one of these alternatives:

🔹 Brave – Fast, private, and blocks ads and trackers by default.

Brave is our preferred privacy browser. While it is chromium based, it strips out all the bad Google stuff and you still get the benefits of Chrome extensions and website compatibility.

🔹 Mullvad Browser – Made by the Mullvad VPN and Tor Project teams, designed to minimize tracking and fingerprinting.

🔹DuckDuckGo - From the team that brought you the DuckDuckGo search engine. They have a solid privacy track record, and they offer both a desktop and mobile version of the browser.

These browsers give you strong protection without turning your browsing history into AI training material (or worse).

So why didn’t we list Firefox?

Firefox was our browser of choice many years ago, but we ditched them around 2020 when their leadership actively promoted content censorship and de-platforming people they disagreed with.

That’s never a good sign, especially for a supposedly privacy friendly company, because it’s quick and easy to path to justifying other bad actions, like spying on your customers. It seems reasonable to assume that that if someone (or a company) supports censorship, they will not be a strong defender of privacy.

Turns out, Firefox did exactly what we feared. They recently did a stealth edit to their privacy policy and FAQs to give them broad rights to your browser data.

RIP Firefox.

🖼 3. Android can now scan your photos for "sensitive content"

This one initially flew under the radar and we almost missed it:

Google recently added a feature called SafetyCore to Android devices (Android 9 and up). It allows apps to scan your photos for "sensitive content"—like explicit images or unwanted material—using on-device machine learning.

Worst of all, SafetyCore just started showing up on standard Android devices. No consent was needed to install it.

According to Google, this is opt-in and privacy-friendly because the scanning happens on your device. But it raises some important questions:

• Who decides what counts as “sensitive”?

• What happens if apps start requesting this scan by default?

• How long before this infrastructure expands into other areas of your personal data?

• What happens if they find content that’s allegedly illegal?

What to do:

If you don’t want SafetyCore scanning your photos:

1. Check your Android app settings and disable any "Sensitive Content Detection" features.

2. Consider alternative, de-Googled Android OS options, like CalyxOS or GrapheneOS, for even more control. We recently did a deep dive on how and why to ditch Google Android and Apple iOS:

Instantly Boost Your Privacy by Ditching Google Android and Apple iOS

September 13, 2024

Read full story

This is where iPhone users are feeling good about not having an Android device. Apple does, after all, spend millions positioning themselves as a privacy friendly company.

Not so fast.

Apple had a similar privacy infraction earlier this year with their “enhanced visual search” functionality designed to improve the iPhone photo app search functionality. Read about that here:

New iPhone Feature Raises Privacy Concerns

Jan 6

Read full story

🗑 Bonus: Google now makes it easier to remove your personal info from search results

In a rare win for user privacy, Google recently improved its Results About You tool to help you monitor and remove personal information from search results.

Here’s how it works:

🔍 Search for yourself on Google.

🔗 If you see a result with your email, home address, or phone number, tap the three-dot menu next to the result.

🗑 Select “Remove result” and choose “It shows my personal info and I don’t want it there.”

Google will review the request—usually within a few hours to a few days.

This feature makes it much easier to clean up personal data from search results. But keep in mind:
⚠️ Removal only affects Google Search, not the website hosting the data.
⚠️ Not all takedown requests will be approved.

If you want the info deleted completely, you’ll still need to contact the site owner directly.

You can do DIY data removal from the data broker sites, but that’s incredibly time consuming in our experience. Longtime readers know we’re a fan of DeleteMe and a customer. We’ve used DeleteMe for almost five years and love it for the peace of mind. It’s also a huge time saver. If you sign up today, you can get 20% off using our affiliate link here.

Yes, there is a chance that Deleteme misuses your data later (like Firefox?). We think that risk is low. But as with all things, there are no perfect solutions, only tradeoffs. Do what’s right for your situation.

⚡️ The Bottom Line

Google is making big moves—some good, some not so much. Here’s what to do now:

✅ Strengthen your Gmail security with an authenticator app or hardware key.
✅ Rethink whether Chrome is still the right browser for you.
✅ Watch out for Android’s new photo-scanning feature.
✅ Scrub your personal info from Google Search while you can.

And as always, remember: Google’s products are free because you pay with your data.

Quick poll to help us out with a future post:

Got questions about authentication apps, passkeys or hardware keys? Can you think of how Google could misuse their new data removal service? If so, drop your feedback in the comments.

Leave a comment

📌 P.S. If you found this post helpful, would you please consider restacking it and sharing it with your friends, family and audience?

This helps spread the words and keeps us writing content that will help you bolster your privacy and become a harder target.

Share

Looking for help with a privacy issue or privacy concern? Chances are we’ve covered it already or will soon. Follow us on X and LinkedIn for updates on this topic and other internet privacy related topics. We’re also now on Rumble and YouTube. Subscribe today to be notified when videos are published.

Disclaimer: None of the above is to be deemed legal advice of any kind. These are *opinions* written by a privacy attorney with 15+ years of working for, with and against Big Tech and Big Data. And this post is for informational purposes only and is not intended for use in furtherance of any unlawful activity.

• Privacy freedom is more affordable than you think. We tackle the top Big Tech digital services and price out privacy friendly competitors here. The results may surprise you.

• Check out our Personal Privacy Stack here.

• Online photo storage is a privacy trap. Get the low down on how to store your photos in a privacy friendly way here.

• Looking to De-Google your life? Proton is one of the best ways to get there. Get started here with a paid plan for around $1/month. (affiliate link)

If you’re reading this but haven’t yet signed up, join the growing Secrets of Privacy community for free and get our newsletter delivered to your inbox by subscribing here 👇