Sign In Sign Up

Online Privacy Guide

The complete guide to protecting your privacy online

Every click, search, and scroll leaves a trace. Companies collect your data, advertisers track your behavior, and data breaches expose your information. This guide gives you practical steps to take back control of your online privacy—no technical expertise required.

Why Online Privacy Matters

Privacy isn't about having something to hide—it's about having control over your own information. Here's why it matters:

The Real Costs of Lost Privacy

  • Financial harm: Data breaches lead to identity theft, fraudulent accounts, and drained bank accounts. The average victim spends over 200 hours resolving identity theft.
  • Price discrimination: Companies use your data to charge you more. Airlines, hotels, and retailers adjust prices based on your browsing history, location, and perceived willingness to pay.
  • Manipulation: Your psychological profile—built from your data—is used to target you with ads designed to exploit your specific vulnerabilities, fears, and desires.
  • Reputation damage: Information shared privately can surface publicly years later. What's acceptable today might be career-ending tomorrow.
  • Discrimination: Data about your health, religion, politics, or lifestyle can be used against you by employers, insurers, landlords, or governments.
  • Stalking and harassment: Personal information enables real-world harm from abusive ex-partners, stalkers, or online harassers.
  • Loss of autonomy: When you're constantly watched, you change your behavior. Self-censorship and conformity replace free expression and exploration.

The Scale of Data Collection

Consider what companies may know about you:

  • Every website you visit and how long you stay
  • Every search you make
  • Every purchase, online and offline (through payment data)
  • Your location history, often down to the minute
  • Your contacts and communication patterns
  • Your health concerns (from searches, apps, and wearables)
  • Your political views, religious beliefs, and sexual orientation
  • Your financial situation and creditworthiness
  • Predictions about your future behavior

This data is collected, combined, sold, and used in ways you never agreed to and may never know about.

Understanding Your Digital Footprint

Your digital footprint is the trail of data you leave behind. Understanding it is the first step to controlling it.

Active Footprint

Data you knowingly create:

  • Social media posts, comments, and likes
  • Emails and messages you send
  • Forms you fill out
  • Accounts you create
  • Reviews you write
  • Photos and videos you upload
  • Purchases you make

Passive Footprint

Data collected without your active involvement:

  • Your IP address and approximate location
  • Browser type, screen size, installed fonts
  • Pages you visit and time spent
  • Links you click
  • Items you view but don't buy
  • Your device identifiers
  • Wi-Fi networks you connect to
  • Bluetooth devices near you
  • Background app activity

Inferred Data

Conclusions drawn from your data:

  • Your likely income and net worth
  • Your political affiliation
  • Health conditions you may have
  • Whether you're pregnant or trying to be
  • Your relationship status
  • Your personality type
  • How susceptible you are to certain marketing
  • Your creditworthiness
  • Whether you're likely to quit your job

Eye-opener: Request your data from Google, Facebook, or Amazon using a DSAR. Seeing what they've collected is often the wake-up call people need to take privacy seriously.

Quick Wins: Start Here

If you do nothing else, do these ten things. Each takes less than 15 minutes and dramatically improves your privacy.

  1. Use a password manager

    Stop reusing passwords. A password manager creates and stores unique passwords for every account. Bitwarden is free and excellent.

  2. Enable two-factor authentication (2FA)

    Turn on 2FA for your email, bank, and social media accounts. Use an authenticator app, not SMS when possible.

  3. Review your Google privacy settings

    Visit myaccount.google.com/privacycheckup. Turn off Web & App Activity, Location History, and YouTube History—or set them to auto-delete.

  4. Lock down Facebook

    Set your profile to Friends Only, limit past posts, disable face recognition, and review which apps have access to your account.

  5. Install an ad blocker

    uBlock Origin blocks ads and many trackers. It also makes the web faster and safer.

  6. Switch your default search engine

    Try DuckDuckGo or Brave Search. They don't track your searches or build a profile on you.

  7. Check your phone's app permissions

    Review which apps have access to your location, camera, microphone, and contacts. Revoke permissions that don't make sense.

  8. Opt out of data broker sites

    Search your name on Spokeo, Whitepages, and BeenVerified, then use their opt-out processes to remove your information.

  9. Use private browsing for sensitive searches

    Health questions, financial research, and legal issues shouldn't be tied to your profile. Use private/incognito mode or a different browser.

  10. Update your software

    Security updates patch vulnerabilities. Enable automatic updates for your operating system, browser, and apps.

Browser & Search Privacy

Your browser is the window through which most tracking occurs. Securing it is essential.

Choose a Privacy-Focused Browser

Browser Privacy Level Best For
Firefox Good (with tweaks) Daily use with strong customization options
Brave Very Good Privacy out of the box, Chrome compatibility
Safari Good Mac/iOS users who want built-in protection
Tor Browser Excellent Maximum anonymity (slower speeds)
Chrome Poor Not recommended for privacy

Essential Browser Settings

  • Block third-party cookies: Most browsers now offer this. It stops cross-site tracking.
  • Enable tracking protection: Firefox's Enhanced Tracking Protection, Safari's Intelligent Tracking Prevention, or Brave's Shields.
  • Send "Do Not Track" requests: Not all sites honor it, but it doesn't hurt.
  • Clear cookies regularly: Or use containers/profiles to isolate different activities.
  • Disable autofill for sensitive data: Don't let your browser store payment info or passwords (use a password manager instead).

Browser Extensions Worth Installing

  • uBlock Origin: Best ad and tracker blocker. Free, open source, lightweight.
  • Privacy Badger: Learns to block trackers as you browse. Made by the EFF.
  • HTTPS Everywhere: Forces secure connections when available. (Now built into most browsers.)
  • Cookie AutoDelete: Automatically clears cookies from closed tabs.
  • Firefox Multi-Account Containers: Isolate different parts of your online life (work, shopping, social media).

Search Engine Alternatives

  • DuckDuckGo: No tracking, good results, easy switch from Google.
  • Brave Search: Independent index, no tracking, growing fast.
  • Startpage: Google results without Google tracking.
  • Ecosia: Plants trees with ad revenue, better than Google for privacy.
  • Searx: Open-source metasearch engine you can self-host.

What Private Browsing Actually Does

Private/incognito mode:

  • Doesn't save browsing history locally
  • Doesn't save cookies after you close the window
  • Doesn't save form data

Private mode does NOT:

  • Hide your activity from your ISP
  • Hide your IP address from websites
  • Make you anonymous
  • Protect you from malware
  • Stop your employer from seeing your traffic on work networks

Social Media Privacy

Social media platforms are surveillance machines disguised as communication tools. Here's how to use them more safely.

General Principles

  • Assume everything is public: Even "private" posts can be screenshotted, leaked, or accessed through security breaches.
  • The product is you: Free platforms make money by selling access to your attention and data.
  • Default settings favor the platform: Always review and tighten privacy settings after creating an account.
  • Less is more: The less you share, the less can be used against you.

Facebook/Meta

  • Set your profile and posts to "Friends Only"
  • Use "Limit Past Posts" to restrict old content
  • Disable face recognition
  • Review and remove app connections regularly
  • Turn off "Off-Facebook Activity" or clear it regularly
  • Disable location history
  • Review your ad preferences and opt out of personalized ads
  • Consider using Facebook Container extension to isolate tracking

Instagram

  • Set your account to private
  • Disable activity status
  • Review tagged photos before they appear on your profile
  • Turn off location for posts
  • Limit data sharing with Meta partners
  • Be cautious about third-party apps requesting access

X (Twitter)

  • Protect your tweets if you want a private account
  • Disable location tagging
  • Turn off "Personalize based on your inferred identity"
  • Disable "Allow additional information sharing with business partners"
  • Review connected apps and revoke unnecessary access
  • Be aware that DMs are not encrypted

LinkedIn

  • Control who can see your connections
  • Disable "Profile viewing options" to browse anonymously
  • Turn off activity broadcasts (so connections don't see every action)
  • Limit profile visibility to logged-in members only
  • Be selective about what personal details you share
  • Review data export options to see what LinkedIn knows

TikTok

  • Set your account to private
  • Disable personalized ads
  • Turn off "Suggest your account to others"
  • Review and restrict who can comment, duet, and stitch
  • Be extremely cautious—TikTok collects extensive device and usage data
  • Consider whether the privacy trade-off is worth it

What to Never Share on Social Media

  • Your exact birthdate (use it for account recovery, not public display)
  • Your home address or frequent locations
  • Real-time travel updates (advertises empty home)
  • Photos of IDs, tickets, or boarding passes (contain scannable data)
  • Children's full names, schools, or routines
  • Financial information or purchases
  • Work complaints or confidential information
  • Answers to common security questions (pet names, mother's maiden name, first car)

Email & Communication Privacy

Email was never designed for privacy. Most email is unencrypted, can be read by your provider, and is a primary target for attackers.

Securing Your Email

  • Use a reputable provider: Gmail and Outlook are convenient but scan your emails. ProtonMail and Tutanota offer end-to-end encryption.
  • Enable two-factor authentication: Your email is the key to resetting all your other accounts. Protect it accordingly.
  • Use strong, unique passwords: Never reuse your email password anywhere else.
  • Be suspicious of links and attachments: Phishing emails are increasingly sophisticated. Verify before clicking.
  • Consider email aliases: Services like SimpleLogin or Apple's Hide My Email let you create unique addresses for different services.

Email Aliases: Why and How

Using unique email addresses for different services:

  • Reveals which companies sell or leak your data
  • Lets you disable a single alias if it gets spammed
  • Makes it harder to link your accounts across services
  • Reduces the impact of data breaches

Options: SimpleLogin (free tier available), AnonAddy, Apple Hide My Email, Firefox Relay, or Gmail's plus addressing (yourname+service@gmail.com, though this is easily stripped).

Encrypted Messaging

For private conversations, use end-to-end encrypted messengers:

  • Signal: Gold standard for privacy. Open source, minimal metadata collection, free.
  • WhatsApp: End-to-end encrypted, but owned by Meta and collects metadata.
  • iMessage: Encrypted between Apple devices, but tied to Apple ecosystem.
  • Telegram: Only encrypted in "Secret Chats"—regular chats are not.

Note: Encryption only protects messages in transit. If either party's device is compromised, messages can still be read. And remember: the person you're messaging can always screenshot or share the conversation.

Video Calling

  • Signal: Encrypted voice and video calls.
  • FaceTime: Encrypted between Apple devices.
  • Zoom: End-to-end encryption available but not default. Check your settings.
  • Google Meet/Microsoft Teams: Encrypted in transit but not end-to-end by default.

Passwords & Account Security

Weak passwords and reused credentials are the most common cause of account compromises. This is entirely preventable.

Password Best Practices

  • Use a unique password for every account: If one site is breached, attackers will try that password everywhere.
  • Make passwords long: 16+ characters is ideal. Length matters more than complexity.
  • Use a password manager: It generates, stores, and autofills passwords. You only need to remember one master password.
  • Never share passwords: Not with friends, not with "support," not with anyone claiming to be from a company.

Recommended Password Managers

  • Bitwarden: Free, open source, excellent features, cross-platform.
  • 1Password: Polished interface, family sharing, good for non-technical users.
  • KeePassXC: Free, open source, local storage (you control the file).
  • Apple Keychain: Built into Apple devices, convenient but Apple-only.

Two-Factor Authentication (2FA)

2FA requires something you know (password) and something you have (phone, security key). Enable it everywhere possible.

2FA methods, ranked by security:

  1. Hardware security keys (best): YubiKey, Google Titan. Phishing-resistant, can't be intercepted.
  2. Authenticator apps (good): Authy, Google Authenticator, Microsoft Authenticator. Generate time-based codes.
  3. SMS codes (better than nothing): Can be intercepted via SIM swapping. Use only if no other option.
  4. Email codes (weakest): Only as secure as your email account.

Check If You've Been Breached

  • Visit haveibeenpwned.com and enter your email addresses
  • Sign up for notifications of future breaches
  • If breached, change that password immediately—and anywhere else you used it

Account Recovery

  • Set up recovery options (backup email, phone, codes)
  • Store recovery codes securely (password manager or physical safe)
  • Use security questions with fake answers stored in your password manager (real answers are often guessable from social media)
  • Consider who could social-engineer your recovery process

Mobile Device Privacy

Your phone knows more about you than any other device. It's with you constantly, tracking your location, communications, and behavior.

Smartphone Security Basics

  • Use a strong lock screen: 6+ digit PIN minimum. Biometrics are convenient but can be compelled by authorities.
  • Enable device encryption: On by default for modern iPhones and most Androids.
  • Keep software updated: Updates patch security vulnerabilities.
  • Enable remote wipe: Find My iPhone or Find My Device lets you erase a lost phone.
  • Be cautious with USB connections: Charging at public stations can expose you to "juice jacking."

iOS Privacy Settings

  • Settings > Privacy & Security > Tracking: Turn off "Allow Apps to Request to Track"
  • Settings > Privacy & Security > Location Services: Set apps to "While Using" or "Never," not "Always"
  • Settings > Privacy & Security > Analytics: Disable all sharing options
  • Review each app's permissions: Camera, microphone, photos, contacts—does the app really need them?
  • Use Sign in with Apple: Creates email aliases and limits data shared with apps
  • Enable Lockdown Mode: For users at high risk (journalists, activists)

Android Privacy Settings

  • Settings > Privacy: Review and restrict permission manager settings
  • Settings > Location: Disable for apps that don't need it
  • Settings > Google > Ads: Opt out of ad personalization, delete advertising ID
  • Disable Google activity tracking: Web & App Activity, Location History, YouTube History
  • Review app permissions individually: Especially location, camera, microphone, contacts
  • Consider a privacy-focused ROM: GrapheneOS or CalyxOS for advanced users

App Privacy

  • Download from official stores: App Store and Google Play have some vetting. Third-party stores are riskier.
  • Check permissions before installing: A flashlight app doesn't need your contacts.
  • Delete unused apps: They can still collect data in the background.
  • Review permissions regularly: Apps sometimes add new permission requests in updates.
  • Read privacy nutrition labels: iOS App Store shows what data apps collect.

Location Privacy

Your location data is uniquely sensitive—it reveals where you live, work, worship, seek medical care, and who you spend time with.

  • Turn off location services for apps that don't need it
  • Use "While Using" instead of "Always" when location is needed
  • Disable "Precise Location" where approximate is sufficient
  • Turn off Wi-Fi and Bluetooth when not in use (they can track you even without connecting)
  • Review and delete your Google Location History and Apple Significant Locations

Smart Home & IoT Privacy

Smart devices bring surveillance into your home. They can listen, watch, and report on your private life. Approach with caution.

Voice Assistants (Alexa, Google Home, Siri)

  • Review and delete voice history regularly
  • Disable "always listening" if possible, or mute when not in use
  • Don't place in bedrooms or private spaces
  • Opt out of human review of recordings
  • Be aware that they sometimes activate accidentally
  • Consider whether the convenience is worth the privacy cost

Smart TVs

  • Disable ACR (Automatic Content Recognition) in settings
  • Don't connect your TV to Wi-Fi if you use a separate streaming device
  • Opt out of data collection in the TV's privacy settings
  • Cover or disable built-in cameras and microphones
  • Use a streaming device you trust rather than built-in apps

Security Cameras

  • Choose cameras with local storage options, not cloud-only
  • Use strong, unique passwords for camera accounts
  • Enable two-factor authentication
  • Keep firmware updated
  • Don't point cameras at areas where privacy is expected (bedrooms, bathrooms)
  • Be aware of who has access to recordings

General IoT Safety

  • Change default passwords: Default credentials are publicly known and exploited.
  • Update firmware: IoT devices are often poorly maintained. Enable auto-updates if available.
  • Use a separate network: Put IoT devices on a guest network isolated from your main devices.
  • Research before buying: Check the manufacturer's privacy policy and security track record.
  • Consider: do you need this? A "dumb" version might be more private and reliable.

The IoT rule of thumb: If it connects to the internet, it can be hacked, surveilled, or discontinued. Buy accordingly.

Financial Privacy

Financial data reveals your life in detail—where you go, what you buy, who you support, and what you care about.

Payment Privacy

  • Cash: Still the most private payment method for in-person transactions.
  • Prepaid debit cards: Can be purchased with cash, used without linking to your identity.
  • Virtual card numbers: Services like Privacy.com create disposable card numbers for online purchases.
  • Apple Pay/Google Pay: Tokenize your real card number, reducing exposure at merchants.
  • Cryptocurrency: Not inherently private—most blockchains are public ledgers. Privacy-focused coins exist but have limitations.

Banking Privacy

  • Opt out of information sharing (banks must provide this option)
  • Use strong, unique passwords and 2FA for online banking
  • Enable transaction alerts to catch unauthorized activity
  • Review statements regularly for unfamiliar charges
  • Be cautious with financial apps—they often have broad data access
  • Use separate email addresses for financial accounts

Credit Privacy

  • Freeze your credit at all three bureaus (Equifax, Experian, TransUnion)
  • Request your free annual credit reports and check for errors
  • Opt out of prescreened credit offers at optoutprescreen.com
  • Consider a credit monitoring service for breach notifications

Shopping Privacy

  • Avoid store loyalty cards or use a separate email/phone number
  • Don't provide your ZIP code at checkout (used for data enrichment)
  • Use guest checkout when possible
  • Consider shipping to a PO box or locker for sensitive purchases
  • Be aware that purchase data is sold and combined with other profiles

Public Wi-Fi & Network Privacy

Public networks are hunting grounds for attackers. Your traffic can be intercepted, your device can be probed, and fake networks can trick you into connecting.

Public Wi-Fi Risks

  • Eavesdropping: Others on the network may see your traffic
  • Man-in-the-middle attacks: Attackers intercept and alter your communications
  • Evil twin attacks: Fake networks impersonate legitimate ones
  • Malware distribution: Compromised networks can push malware
  • Session hijacking: Attackers steal your login sessions

Staying Safe on Public Wi-Fi

  • Use a VPN: Encrypts your traffic so the network operator can't see it
  • Verify the network name: Ask staff for the exact network name to avoid fakes
  • Stick to HTTPS sites: Look for the padlock icon
  • Avoid sensitive activities: No banking, shopping, or logging into important accounts
  • Turn off auto-connect: Prevent your device from joining networks automatically
  • Use mobile data instead: Your cellular connection is generally safer
  • Forget networks after use: Don't let your device reconnect automatically

VPN Considerations

A VPN encrypts your internet traffic and hides your IP address. But choose carefully—a bad VPN is worse than none.

  • Avoid free VPNs: They often monetize through data collection or ads
  • Look for no-log policies: And verify with independent audits
  • Reputable options: Mullvad, ProtonVPN, IVPN, ExpressVPN, NordVPN
  • Understand limitations: VPNs don't make you anonymous; they shift trust from your ISP to the VPN provider

Home Network Security

  • Change your router's default admin password
  • Use WPA3 or WPA2 encryption (never WEP)
  • Create a strong Wi-Fi password
  • Keep router firmware updated
  • Consider a separate guest network for visitors and IoT devices
  • Disable WPS (Wi-Fi Protected Setup)—it's vulnerable
  • Consider changing your network name to not identify the router model

Privacy Tools & Software

A curated list of tools to enhance your privacy across different needs.

Browsers

  • Firefox: Customizable, strong privacy features with tweaks
  • Brave: Privacy-focused, blocks trackers by default
  • Tor Browser: Maximum anonymity through onion routing

Search Engines

  • DuckDuckGo: No tracking, solid results
  • Brave Search: Independent index, no tracking
  • Startpage: Google results privately

Password Managers

  • Bitwarden: Free, open source, cross-platform
  • 1Password: Polished, great for families
  • KeePassXC: Local storage, open source

Email

  • ProtonMail: End-to-end encrypted, Swiss privacy laws
  • Tutanota: Encrypted email, German privacy laws
  • SimpleLogin: Email aliases and forwarding

Messaging

  • Signal: Gold standard for private messaging
  • Session: No phone number required, decentralized
  • Element/Matrix: Decentralized, encrypted, open protocol

VPNs

  • Mullvad: No email required, accepts cash, strong reputation
  • ProtonVPN: Free tier available, Swiss company
  • IVPN: Transparent, audited, privacy-focused

Browser Extensions

  • uBlock Origin: Ad and tracker blocker
  • Privacy Badger: Learns to block trackers
  • Firefox Multi-Account Containers: Isolate browsing contexts

Other Tools

  • Have I Been Pwned: Check if your data was breached
  • Privacy.com: Virtual debit cards for online shopping
  • Standard Notes: Encrypted note-taking
  • Cryptomator: Encrypt cloud storage files

Choose Your Privacy Level

Privacy is a spectrum. Not everyone needs maximum protection—but everyone can benefit from some improvements. Choose a level that matches your needs and threat model.

Level 1: Basic Privacy

For: Everyone who uses the internet

Time investment: 1-2 hours

  • Use a password manager with unique passwords
  • Enable two-factor authentication on important accounts
  • Install uBlock Origin browser extension
  • Review privacy settings on social media
  • Check haveibeenpwned.com for breached accounts
  • Keep devices and software updated

Level 2: Enhanced Privacy

For: Those who want to limit tracking and data collection

Time investment: Half a day

  • Everything in Level 1, plus:
  • Switch to Firefox or Brave browser
  • Use DuckDuckGo or another private search engine
  • Review and restrict app permissions on your phone
  • Disable Google activity tracking
  • Opt out of major data brokers
  • Use email aliases for new accounts
  • Use a VPN on public Wi-Fi

Level 3: Strong Privacy

For: Privacy enthusiasts, those handling sensitive data

Time investment: Several days

  • Everything in Level 2, plus:
  • Use Signal for private messaging
  • Switch to ProtonMail or similar for email
  • Use a reputable VPN full-time
  • Compartmentalize online identities
  • Use virtual cards for online purchases
  • Freeze your credit
  • Submit DSARs to major companies to understand and delete your data
  • Remove personal information from data broker sites systematically

Level 4: Maximum Privacy

For: Journalists, activists, abuse survivors, those at elevated risk

Time investment: Ongoing commitment

  • Everything in Level 3, plus:
  • Use Tor Browser for sensitive browsing
  • Use a privacy-focused mobile OS (GrapheneOS)
  • Separate identities with different devices
  • Use hardware security keys for 2FA
  • Pay with cash or privacy-focused methods
  • Avoid smart home devices
  • Use air-gapped devices for highly sensitive work
  • Consider professional security consultation

Remember: Privacy improvements compound over time. Start with Level 1 today, then gradually move up as you become comfortable. Some protection is always better than none.

Know Your Rights

Laws increasingly protect your privacy—but only if you exercise your rights.

Key Rights Under Most Privacy Laws

  • Right to Know: Find out what personal data companies have collected about you
  • Right to Access: Obtain a copy of your data
  • Right to Correction: Fix inaccurate information
  • Right to Deletion: Request that your data be erased
  • Right to Portability: Get your data in a usable format
  • Right to Opt Out: Stop the sale of your data or targeted advertising
  • Right to Non-Discrimination: Companies can't penalize you for exercising rights

How to Exercise Your Rights

  1. Submit a Data Subject Access Request (DSAR): Ask companies what data they have on you
  2. Request deletion: After seeing your data, request its removal
  3. Opt out of data sales: Look for "Do Not Sell My Personal Information" links
  4. Withdraw consent: Revoke permissions you previously granted
  5. File complaints: Report violations to data protection authorities

Major Privacy Laws

  • GDPR (EU/UK): Comprehensive rights for EU and UK residents
  • CCPA/CPRA (California): Right to know, delete, and opt out for California residents
  • State Laws (Virginia, Colorado, etc.): Growing patchwork of US state protections
  • PIPEDA (Canada): Federal privacy law for private sector
  • LGPD (Brazil): GDPR-like protections in Brazil

When Privacy Policies Change

Companies can and do change their privacy practices. Stay informed by:

  • Reading privacy policy update emails (don't just delete them)
  • Monitoring services you use for policy changes
  • Submitting new DSARs periodically to see what's changed
  • Re-evaluating whether services still deserve your trust

The Bottom Line

Perfect privacy is impossible in the modern world—but meaningful privacy is achievable. Every step you take reduces your exposure, limits tracking, and gives you more control over your digital life.

Start with the quick wins. Build habits gradually. Remember that privacy isn't all-or-nothing; it's about making informed choices about what you share, with whom, and why.

Your data is valuable. Treat it that way.

Browse the Privacy Glossary →

Track Privacy Policy Changes

Monitor how companies update their privacy practices. Get notified when the policies of services you use change.

Start Tracking Free