Those advertisers are constantly on the hunt for new ways to peddle their goods, and the data sold by platforms like Facebook help give them a clearer picture of who you are and what you’ll buy. Tap or click here to see how Facebook collects and shares your info. Oversharing doesn’t just fuel pesky ads that follow you around the internet. Hackers, stalkers and trolls can easily use the content you’ve posted against you if you don’t take steps to keep it hidden. Check to see if you’re making these privacy mistakes.

1. You’re skipping the privacy and security basics

The most fundamental security feature of any website is a password, and despite how common they are, they’re still difficult to manage. Some passwords are so easy to remember, hackers can guess them too. Or you may be in the (bad) habit of using the same password across multiple websites. If you’re doing this, stop right now and change your shared passwords immediately! Tap or click here to see which passwords are considered the weakest on the web. Why is this so dangerous? It all comes down to hackers and their willingness to experiment. If one gets a hold of your username and password on one site, you can bet they’ll try the same combination on other sites. To protect yourself, you need stronger passwords — and several of them! Ideally, choose something unique for every platform you use. To create a stronger password, use a complex combination of numbers, letters and uppercase characters in a way that makes sense to you. We recommend taking a song lyric (“Take my hand, off to never-never land.”) and converting it to something like T/V\ho2nnL. In this case, the password starts with an uppercase, the “M” becomes two slashes and a “V,” and the word “to” becomes the number 2. And if the platforms you use offer two-factor authentication, enable it. This security feature sends an alert with an unlock code to you any time you try to log in, which means hackers won’t be able to crack your accounts without physical access to your smartphone. Tap or click here to see how to set up 2FA for your favorite social media sites.

2. You have everything set to ‘Public’

Most social media profiles are public by default — but your account really shouldn’t stay that way. If you leave your account public, anyone looking you up can see everything you’ve posted, including your photos, interests and location. To see how your profile looks to others on Facebook, click your profile picture in the top right and click the eye icon below your name. From here, you can choose to see how your profile looks to the general public or specific Facebook users. Swipe through and see if there’s anything visible you’d rather not share. Facebook gives you control over different aspects of your profile. Be sure to check these:

Open Settings and select Privacy.Scroll down to Who can see your future posts? and tap or click Edit. You can adjust specific audience settings here.Scroll down to Limit Past Posts to select who can access your previous content.Scroll down to Who can see your friends list? and tap or click Edit. Choose either Friends or Only me.Scroll down to Do you want search engines outside of Facebook to link to your profile? and tap or click Edit. Clear the checkbox that allows search engines to access your profile.

And if you use Instagram or Twitter, setting your profile to private is much more simple. On Instagram:

Go to your profile, then tap the three-line icon in the corner.Tap the Settings gear icon.Tap Privacy, followed by Account Privacy.Tap next to Private Account to set your account to private.

On Twitter:

Tap or click here to visit your privacy and safety settings.Under Tweet privacy, check the box next to Protect my Tweets.Tap Save near the bottom of the page. Enter your password to confirm the change.

3. You’re not checking your tagged photos

You know what photos you’ve posted, but have you seen all the photos your friends and family have posted of you? This happens when they “tag” you in a photo and upload it to their profile. You may not have wanted that picture going live, but the fact that they tagged you means you’re forever associated with it. But you can do something about it. On Facebook, follow these steps below:

Click the down arrow in the top right corner.Select Settings & Privacy, followed by Activity Log.In the upper left of your activity log, tap Filter.Scroll to Photos & Videos and click the circle to select.Click Privacy: See all and select Privacy: Public. You can also see only the photos you’ve hidden on your timeline by tapping Visibility: All, then Visibility: Hidden.Click Save Changes.

On Instagram, you can remove tags of you that others put on their photos. To do this, follow the steps below:

Tap the photo or video you want to untag.Search for your username and tap on it.Tap on Remove Me From Post.Select Remove (iPhone).

4. You’re giving your data away

Oversharing comes in many forms, and it usually happens when you’re least expecting it. Those fun games and quizzes that circulate on Facebook are a privacy nightmare. Tap or click here to see how a Facebook quiz exposed the data of more than 120 million people. Assume anything you put on the internet can and will go public. This will help you avoid oversharing embarrassing or compromising information. The same thing goes for messaging apps like Facebook Messenger, WeChat and WhatsApp. If an account you’re talking to becomes compromised, a hacker or cybercriminal can easily use the information you’ve sent to crack your account or worse. Never ever treat messaging apps as anything more than basic communication tools. Follow these ground rules for sharing personal data on apps:

Treat all data you share like it’s public. Assume it will be visible to anyone.Never reveal personal information or financial over chat or messenger apps.Don’t use your real phone number or email address to sign up for apps, games or quizzes.If you’re asked to give your location when uploading or sharing a photo, say no.

If you want to use online apps without putting your privacy at risk, consider a burner email account. Tap or click here for our favorite fast and free burner email generator.

5. You’re logging in on public Wi-Fi

Any time you use public Wi-Fi, you’re throwing security out the window. Most of the time, public networks lack advanced security and encryption, and since anyone can connect to them, it’s very easy for hackers to hijack these networks to spread malware remotely. Instead of relying on public Wi-Fi when you’re out and about, consider using your phone’s hotspot or tethering. This means connecting your computer to your phone and piggybacking off its cellular connection. In many cases, your LTE or 5G connection will be faster than public Wi-Fi networks. And because they have to meet the minimum security standards of your carrier, you can relax when connecting your personal devices. Tap or click here for a how-to guide on tethering and hotspots. Another option is using a VPN when out in public. We recommend our sponsor, ExpressVPN. ExpressVPN is a virtual private network (VPN), that promotes a secure bridge between your device(s) and the internet. A VPN also stops your internet provider from tracking you and lets you unblock websites and bypass filters. Protect your privacy with the VPN Kim trusts: ExpressVPN. Get three months free when you sign up for one year at Tap or click here for details on how a VPN works and why you should use one.

6. You’re not checking your settings frequently enough

If you’re a Facebook user, you already know that the platform changes like the wind. Settings and privacy menus appear and disappear overnight, which makes adjusting your settings on a regular basis all the more important. For maximum security, we recommend checking your privacy settings once a quarter. This gives you ample time to decide what you’re comfortable with sharing, as well as what you’d prefer to keep private from friends and followers. Tap or click here to see the Facebook settings you need to change now.

Bonus: You’re using your login outside of social media

Do you ever see an option to “Log in with Facebook” on other parts of the web? No, this isn’t a scam — but that doesn’t mean it’s safe or good for your privacy, either. Facebook partners with a staggering number of partners and advertisers to build a detailed profile about you. Signing into third-party sites with your account only expands Facebook’s each beyond the platform itself. In addition, if your account somehow gets hacked, any other apps or websites you signed in to with that account are now compromised as well. It’s like a domino effect for your data, and not something you should be risking. You’re better off creating a brand new account with a burner email. Tap or click here to see why these social logins are so problematic. It’s not too difficult to stay on top of your social media privacy, but it does take some work to get everything buttoned up. But once you’re finished, you can rest easy that your data is safe and sound — for at least a few months before it’s time to adjust your settings again. It’s all part of how we fight back against the shadiest elements of the modern internet.