How to Protect Your Privacy

This is a practical guide. Not a manifesto, not a paranoia spiral — just concrete steps you can take to meaningfully improve your privacy without quitting the internet.

I’ll update this as things change. The threat model matters, so I’ll note who each section is relevant for.

Threat Model First

Before you do anything, ask: what are you protecting against?

• Everyone: Corporate data collection, data brokers, ad tracking
• Some people: Targeted harassment, stalkers, abusive relationships
• Fewer people: Government surveillance, nation-state actors

Most people need to cover the first category. This guide focuses there, with notes where something is specifically relevant to higher threat models.

Start Here

Your browser Switch to Firefox. Install uBlock Origin. Enable DNS-over-HTTPS.

If you want to go further: LibreWolf, Brave, or a hardened Firefox profile.

Don’t use Chrome, Edge, or Safari as your daily driver.

Your search engine Switch to DuckDuckGo as a baseline. Mullvad Leta or Brave Search if you want better results with less compromise.

Your DNS Use an encrypted DNS resolver. Nextdns or Quad9 are solid. Quad9 is free and nonprofit.

Email

Gmail, Yahoo, and Outlook are not private. They scan your email.

Alternatives:

• Tuta (free tier available, end-to-end encrypted)
• Proton Mail (more widely known, solid)

For protecting your real address: Use an email alias service (SimpleLogin, Addy.io). Give every service a unique alias. When one gets breached or spammed, you just delete that alias.

Passwords

Use a password manager. Not your browser’s built-in one.

Recommended:

• KeePassXC (local, FOSS, no cloud required) — what I use
• Bitwarden (cloud-based, open source, reputable)

Use a unique password for every account. Let the manager generate them.

Two-Factor/Multi-Factor Authentication (2FA/MFA)

Enable 2FA everywhere it’s offered.

Use an authenticator app, not SMS. SMS 2FA is vulnerable to SIM swapping.

Apps: Aegis (Android), FreeOTP, Ente Auth

Avoid: Google Authenticator (cloud-synced), Authy (closed source, cloud-synced)

Your Phone

This is the hardest one. Phones are surveillance devices by design.

Baseline:

• Review app permissions. Revoke location, microphone, and camera access from anything that doesn’t need it.
• Disable ad ID (or opt out of personalized ads in settings)
• Use Signal for messaging

If you want to go further: GrapheneOS on a Pixel is the gold standard for Android privacy. It’s not for everyone but it’s a real option.

Messaging

Stop using SMS for anything sensitive. It’s not encrypted.

Use Signal. If the people you’re talking to won’t use Signal, that’s a separate problem.

Matrix (via Element or other clients) is a good option for group communication and self-hosted setups.

VPN

A VPN hides your traffic from your ISP and local network. It does not make you anonymous. The VPN provider can see your traffic instead.

Use one if:

• You’re on public WiFi regularly
• Your ISP is selling your data (they are)
• You need to obscure your traffic from your local network

Recommended: Mullvad (cash/crypto payment, no account required), ProtonVPN (free tier available), IVPN (cash/crypto payment, no account required)

Don’t use: Free VPNs you haven’t researched. They monetize your data.

Further Reading

• EFF’s Surveillance Self-Defense (ssd.eff.org)
• Privacy Guides (privacyguides.org)