Restrict What Your Mobile Carrier Can Collect

Your phone company probably knows more than just your mailing address. U.S. telcos aggregate profiles using data such as network activity, location signals, call and texting metadata, and the phone’s unique identifier to sell ads that are targeted at people who have aroused advertisers’ interest in data terms or wish to reach a particular kind of audience through “personalization.” Some of these options are active by default. The good news is that you can corral most of it — if you know where to look.

Privacy stakes are not theoretical. T-Mobile has already reported several large breaches in recent years, most notably a 2021 breach that touched more than 76 million people and a 37-million-person incident in 2023. In 2024, AT&T said data linked to about 73 million current and former customers went online. The Federal Communications Commission has also issued enforcement actions stemming from improper sharing of location data. With that frame, the exercise of better-fit carrier settings is worth a couple of minutes.

What Your Carrier Collects, and Why It Matters

Carriers by default retain their copy of Customer Proprietary Network Information (CPNI) that reveals who you call, when, and for how long; they also have access to network-derived location information as well as device identifiers and SIM identification numbers or service features that you use. Some carriers incorporate browsing and app-usage signals into advertising programs, again typically in an aggregate form but linked to your line or a household for targeting.

Carriers must provide such opt-outs for certain uses by law. The FCC mandates an opt-out for the use of CPNI in marketing, and financial-privacy rules provide you a say over some sharing with nonaffiliates. California privacy law introduces “Do Not Sell or Share” concepts. The thing is, these switches exist in separate menus and can overlap, so you do have to turn off more than one thing in order to really step back.

T-Mobile Privacy Settings to Disable First for Ads

Access the Privacy Center through your account dashboard or carrier app in profile or account settings. Uncheck Ads and Analytics, Profiling or Automated Decisions, and any Location-Based Advertising switches. Uncheck all three if you wish to halt ad personalization and restrict behavioral modeling associated with your line.

T-Mobile also provides a control to restrict sharing of some financial information with nonaffiliated partners, which may be used for marketing or identity-verification purposes. Click that to turn it off if you want the most aggressive policy. Finally, locate the CPNI marketing preference and opt out. You’ll continue to receive service and fraud protection, but your network metadata will no longer be sold — at least not directly — in pitches for new products.

Verizon Privacy Controls Worth Checking and Disabling

In account settings, navigate to privacy preferences and look at Custom Experience and Custom Experience Plus. Flip both to off if you wish the carrier to stop using web and app activity, location, and customer info for ads and offers. Opt out: If you receive Business and Marketing Insights, turn it off; these programs rely on aggregated data from subscriber lines for audience segments.

Verizon has a CPNI marketing opt-out, too. For every line on your account, make sure it’s off. Years ago, the company attracted scrutiny around a tracking header that some people call a “supercookie” and subsequently promised more explicit opt-outs. Though that header is no longer injected for customers who have opted out, the safest bet is to disable all ad experiences associated with your account.

AT&T Privacy Choices to Opt Out and Disable Now

Go to Privacy Choices in your profile. If you want to keep your information from being used across services for targeted ads, mute Relevant Advertising and any Enhanced or Cross-Context Advertising setting. Then choose Do Not Sell or Share My Personal Information if you live in a state with the right to do so, which applies specifically to third-party ad tech sharing.

Check location-based advertising settings and turn them off for each line. AT&T’s Identity Verification is supposed to cut down on fraud and help confirm you are you when dealing with banks and stores; many agree to accept it, but this too is optional. Like the others, turn off CPNI marketing for every line.

What About Prepaid Plans and MVNOs on Major Networks

It’s important to note that prepaid brands and MVNOs, such as Cricket, Visible, Mint Mobile, and Google Fi, sit on top of the big networks but have their own privacy policies. Many surface the same toggles in settings associated with accounts for ads and analytics. If you do not, reach out to support and request options on how not to participate in marketing CPNI information, targeted advertising, or sharing data with nonaffiliates for both lines.

Go Deeper to Minimize Visibility of the Carrier

Carrier opt-outs restrict your info’s use, but they don’t remove operational logs. To limit what carriers can deduce, avoid carrier-provided browsing features and one-click “security” toolbars for which the company proxies your traffic. (It also helps to use encrypted DNS, or a trustworthy VPN, to obscure destination lookups from your provider; this won’t cover all metadata, but it reduces what’s visible.)

Reset your device’s advertising ID and disable ad personalization in iOS or Android to break cross-service tracking that may be associated with your line. Also check each carrier’s own apps; many have their own in-app settings for personalized marketing, which don’t necessarily reflect your account-level preferences.

Know Your Rights and How to Report Privacy Violations

The FCC has already established rules for CPNI, and state laws in California, Colorado, Connecticut, Virginia, and elsewhere extend opt-out rights to targeted advertising and data sales. If opt-outs are not honored, you can complain to the FCC or your state attorney general. Privacy groups Electronic Frontier Foundation and Consumer Reports regularly review carrier practices and publish guidelines for these controls.

Bottom line: Turn off ad programs (Custom Experience, Ads and Analytics, Relevant Advertising), opt out of CPNI marketing, restrict financial information sharing, and visit these menus every few months. Carriers swap labels and defaults; your privacy stance should not be set-and-forget.