Your data is being collected, tracked, and sold every time you go online. Advertisers, data brokers, and governments build detailed profiles from your browsing, searches, location, and purchases. This guide shows you how to protect your privacy online with 15 actionable steps — from basic to advanced.
You can’t achieve 100% privacy online. But you can reduce tracking by 90% with the right tools and settings.
Basic Privacy (10 Minutes)
These 5 steps take 10 minutes and block the most common tracking methods.
1. Use a Privacy-Focused Browser
Impact: ★★★★★ | Time: 2 min
Chrome is made by an advertising company — Google tracks your browsing by default. Switch to a browser that blocks tracking by default.
- Brave: Best balance of privacy and convenience. Built-in ad blocker, fingerprinting protection, and HTTPS upgrade. Looks like Chrome (Chromium-based). Install your Chrome extensions.
- Firefox: Best open-source option. Enable “Strict” tracking protection in Settings → Privacy. Install uBlock Origin for ad blocking.
- Safari: Best for Mac/iPhone users. Intelligent Tracking Prevention blocks cross-site tracking. Already installed.
2. Install an Ad Blocker
Impact: ★★★★★ | Time: 1 min
Ads track you across websites. An ad blocker stops the tracking at the source.
- uBlock Origin: The best ad blocker. Free, open source, lightweight, and effective. Blocks ads, trackers, and malware domains. Available for Firefox and Chrome (Brave has one built-in).
- Avoid: AdBlock Plus (accepts payment to show “acceptable ads”), Ghostery (sold to an ad company).
3. Use a Password Manager
Impact: ★★★★★ | Time: 5 min
Reusing passwords is the #1 way accounts get hacked. A password manager creates and remembers unique, strong passwords for every account.
- Bitwarden: Best free option. Open source, third-party audited, unlimited passwords and devices.
- 1Password: Best paid option ($3/mo). Better interface, Watchtower feature alerts you to breaches.
See our full password manager comparison.
4. Enable Two-Factor Authentication
Impact: ★★★★★ | Time: 5 min
2FA prevents 99.9% of automated attacks on your accounts. Even if your password is leaked, the attacker can’t log in without the second factor.
- Best: Authenticator app (Aegis on Android, Raivo on iOS, Ente Auth cross-platform). Free and secure.
- Good: SMS 2FA. Better than nothing but vulnerable to SIM swapping attacks.
- Avoid: Email-based 2FA. If your email is compromised, both factors are compromised.
5. Change Social Media Privacy Settings
Impact: ★★★★☆ | Time: 3 min
Social media platforms collect and share enormous amounts of data. Lock down your settings:
- Facebook/Meta: Settings → Privacy → set everything to “Friends” or “Only me.” Disable location tracking, ad personalization, and face recognition.
- Instagram: Settings → Privacy → set account to Private. Disable activity status and data sharing with Facebook.
- X/Twitter: Settings → Privacy → disable data sharing with business partners. Uncheck personalized ads.
Moderate Privacy (1 Hour)
6. Use a VPN
Impact: ★★★★☆ | Time: 10 min
A VPN encrypts your internet traffic and hides your IP address from websites and your ISP. Essential on public Wi-Fi.
- ProtonVPN Free: The only safe free VPN. No data cap, no ads, Swiss privacy laws. Limited server selection.
- Mullvad: Best paid VPN for privacy ($5/mo flat). No account required (anonymous account numbers), no logs, cash payment accepted.
- Avoid: Free VPNs from unknown companies — they sell your data.
See our full VPN comparison.
7. Use Encrypted Messaging
Impact: ★★★★☆ | Time: 5 min
Regular SMS and many messaging apps (Facebook Messenger, Telegram default) can read your messages. Use end-to-end encrypted messaging.
- Signal: Best encrypted messenger. Open source, end-to-end encryption by default, disappearing messages, no data collection. The gold standard.
- WhatsApp: End-to-end encrypted (Signal protocol) but collects metadata (who you talk to, when, how long). Better than SMS but not as private as Signal.
8. Use Encrypted Email
Impact: ★★★☆☆ | Time: 15 min
Gmail, Outlook, and Yahoo scan your emails for advertising and data profiling. Encrypted email providers don’t.
- Proton Mail: Best encrypted email. Free tier (1GB), end-to-end encryption, Swiss privacy laws. Can send encrypted emails to non-Proton users.
- Tuta (formerly Tutanota): German privacy laws, fully encrypted calendar included. Free tier (1GB).
9. Change Search Engine
Impact: ★★★☆☆ | Time: 2 min
Google tracks every search and links it to your account. Privacy-focused search engines don’t track you.
- DuckDuckGo: Most popular private search engine. Good results, no tracking. Set as default in your browser settings.
- Startpage: Uses Google results without Google tracking. Best if you need Google-quality results without the tracking.
- Kagi: Paid ($5/mo) ad-free search with excellent results. No ads, no tracking, personalized without data collection.
10. Review App Permissions
Impact: ★★★★☆ | Time: 15 min
Apps request more permissions than they need. Review and revoke unnecessary permissions.
- iOS: Settings → Privacy & Security → review each permission type. Revoke access apps don’t need.
- Android: Settings → Privacy → Permission manager → review each permission.
- Key permissions to check: Location (set to “While using” or deny), Camera, Microphone, Contacts. Most apps don’t need these.
Advanced Privacy (Ongoing)
11. Use Linux Instead of Windows
Impact: ★★★★★ | Time: 2-4 hours setup
Windows collects extensive telemetry (hard to fully disable) and is the most targeted OS for malware. Linux collects nothing by default. Ubuntu or Linux Mint are user-friendly enough for daily use. See our OS comparison.
12. Encrypt Your Devices
Impact: ★★★★☆ | Time: 10 min
Full disk encryption protects your data if your device is stolen or seized.
- Mac: FileVault — enabled by default on Apple Silicon. System Settings → Privacy → FileVault.
- Windows: BitLocker — requires Pro edition ($100 upgrade from Home). Or use VeraCrypt (free) for any edition.
- Linux: LUKS — enable during installation. Most distros offer this as an option.
- Phone: iPhone encrypts by default. Android encrypts by default on modern devices. Use a strong passcode (6+ digits).
13. Use Tor for Anonymous Browsing
Impact: ★★★★★ | Time: 5 min
Tor Browser routes your traffic through 3 encrypted relays, making it extremely difficult to trace. Use it for sensitive research, anonymous communication, or when you need maximum privacy. It’s slower than regular browsing but provides the strongest anonymity available.
14. Use Alias Email Addresses
Impact: ★★★☆☆ | Time: 10 min
Use a different email alias for every service. If one alias gets spam or leaked in a breach, disable it without affecting your other accounts.
- SimpleLogin (free, open source) — creates unlimited aliases that forward to your real email
- DuckDuckGo Email Protection (free) — strips trackers from emails and forwards to your real address
- Proton Mail Plus ($4/mo) — includes built-in aliases with Proton’s privacy
15. Deactivate Data Broker Profiles
Impact: ★★★★☆ | Time: 2-4 hours
Data brokers (Spokeo, Whitepages, PeopleFinder) collect and sell your personal information. You have the right to opt out.
- Manual opt-out: Search yourself on major data brokers and submit opt-out requests. Time-consuming but free.
- Automated: DeleteMe ($10/mo) or Incogni ($7/mo) automate opt-out requests to 100+ data brokers.
Your Threat Model
Not everyone needs the same level of privacy. Choose based on your situation:
Level 1: Basic (Most People)
Steps 1-5. 10 minutes. Blocks most tracking, secures your accounts. This is enough for 90% of people.
Level 2: Moderate (Privacy-Conscious)
Steps 1-10. 1 hour. Adds VPN, encrypted messaging, private search, and app permission review. For people who want meaningful privacy without changing their workflow.
Level 3: Advanced (High-Risk)
Steps 1-15. Ongoing. For journalists, activists, or anyone facing targeted surveillance. Maximum privacy at the cost of some convenience.
Frequently Asked Questions
Can I really be private online?
100% privacy is impossible. But you can reduce tracking by 90% with basic steps: privacy browser, ad blocker, password manager, and 2FA. These take 10 minutes and block the most common tracking methods. More steps = more privacy, but diminishing returns.
Is incognito mode private?
No. Incognito/private browsing only doesn’t save local history. Your ISP, employer, and websites can still see everything. It’s useful for shared computers but provides zero privacy from tracking.
Do I need a VPN?
Yes, for specific situations: public Wi-Fi, bypassing censorship, hiding your IP from websites. No, for general browsing at home — your ISP sees you’re connecting to a VPN instead of specific websites, but the VPN provider sees your traffic. Use a trusted VPN (ProtonVPN, Mullvad).
Is it too late to start protecting my privacy?
No. Start now. Change your browser, install an ad blocker, and enable 2FA today. These immediately stop new tracking. Then work through the other steps over time. Every step helps — you don’t need to do everything at once.
Conclusion
Protecting your privacy online starts with 5 steps in 10 minutes: switch to Brave or Firefox, install uBlock Origin, set up Bitwarden, enable 2FA, and lock down social media settings. This blocks 90% of common tracking.
For stronger privacy, add a VPN (ProtonVPN Free), switch to Signal for messaging, and use Proton Mail for email. For maximum privacy, consider Linux and Tor.
Every step helps. Start with the basics and add more over time.
Continue reading: