As soon as you connect to the internet, your privacy is under attack. This isn’t hyperbole. Call it surveillance capitalism or enshittification or just good ol’ fashioned corporate greed—companies want your data, they want as much of it as they can get, and they want to monetize it in as many ways as they possibly can, sometimes without your consent.
Worse, some governments are starting to use what we’ve created and put online to target dissidents and other “undesirables.” It’s never been harder to maintain your digital privacy than it is today.
That doesn’t mean you shouldn’t try, though. There are many things you can do to protect your data, inject noise into the system, cover your tracks, and disrupt the ability of others to follow you online. But privacy and security often come at the expense of convenience, and that can make it hard to decide what specific actions to take.
I’ve outlined a bunch of techniques below along with benefits and trade-offs. They’re roughly in order of least-annoying to most-annoying/most-expensive. Not all of these ideas are suitable for everyone. Not everyone will be comfortable with the inconvenience or expense required.
Pick and choose what’s right for you right now, and remember that you don’t have to do everything all at once. Even if you only adopt a couple of the techniques here, you’ll be doing more than most people to protect your privacy online.
Use a Privacy-Focused Browser
Edge, Chrome, and Safari are bad choices if you’re trying to preserve your privacy online. Even Firefox, a darling of the privacy community, put their foot in it last month, leaving many of us scrambling to find something safer. Most people settled on Brave as the best middle-of-the-road option. It’s what I’ve been using since the Mozilla dust-up, and it’s fine. You’ll definitely want to tweak the default settings, though.
Benefit: this’ll provide another layer of defense against surveillance capitalism.
Trade-off: aside from maybe having to migrate your bookmarks, this is pretty low-impact after the initial setup.
Use uBlock Origin in Your browser
I used to recommend a whole host of browser plugins to block ads, spyware, malware, crypto miners, and other web junk, but these days, uBlock Origin is pretty much all you need. Plus, running lots of plugins makes you more vulnerable to browser fingerprinting, so staying lightweight is essential.
Benefit: no ads or trackers! Load times go through the roof, and the internet feels snappier and less cluttered. And it’s free.
Trade-off: a site occasionally might not display properly, requiring you to temporarily disable plugins or add the site to uBlock’s allow-list.
Use a TOR Browser
TOR browsers route your traffic through the Onion network, which bounces your requests across multiple random servers around the world. Much like using a virtual private network (VPN), it makes it difficult—but not impossible—to find the computer (and the user) that made a request. This attempt at anonymity comes at a cost: TOR traffic is extremely slow. A TOR browser isn’t meant to be your daily driver; rather, it’s used in specific circumstances when you’re looking at content that’s potentially sensitive.
Benefit: pretty decent anonymization, easy to set up and use, and it’s free.
Trade-off: you gave up your Ferrari for a Geo Metro—don’t expect to get where you’re going quickly.
Ditch Social Media
Governments are starting to use AI to scan people’s social media content to find people to target, so now might be a great time to get off social media entirely.
Benefit: your data won’t be used to train AIs, nor will it be used to add to the growing pile of information collected about you by advertisers. Also, you become a harder target.
Trade-off: FOMO, mostly, but also reduced social interaction, lack of access to real-time and possibly hyper-local news. If these things are of high importance, consider using social media as a read-only service and delete anything you’ve previously posted.
If Need Be, Ask the Internet Archive to Remove Your Old Content
Speaking of social media, did you post something years ago on Twitter or your blog that you regret? Is it in the Internet Archive now?
If you still have access to the account or website, you can request that they remove some or all of the content from the archive. Even if you don’t currently own the account or site, if you can prove that you did own it at the time the content was posted, they’ll work with you to remove what they can.
Benefit: friends, family, potential employers, and hostile governments won’t be able to find your old content.
Trade-off: it takes time to gather the evidence that you own the content you want removed. The process can take several days, and there’s no guarantee your request will be granted.
Use a Private DNS Provider
Whenever you request something on the internet, your computer has to ask a domain name server (DNS) where that thing lives. Your ISP typically provides DNS as part of your internet service, and they can often see these requests because they keep a log of them. But you don’t have to use their DNS.
I can’t recommend NextDNS enough. It’s cheap at only $20/year, it’s super easy to set up, and it lets you add custom filters to automatically block ads, spyware, and corporate telemetry data, meaning your devices can’t phone home to the servers of the company that manufactured the device. If you have kids, you can add filters to block adult content, force them into a kid-safe YouTube environment, set bed-time and time-out schedules, and more.
Also, you can disable DNS logging entirely, or have your logs stored in a country like Switzerland, which would require more legal hurdles if your home country wants to see those logs.
Benefit: your internet provider can’t see the queries you’re making when you enter search terms or a web address, which means they can’t monetize your online habits by selling your logs to other companies. Law enforcement and government agencies would have a very difficult time accessing those logs as well, and if you’ve turned off logging, they won’t be able to see them, period.
Trade-off: this one’s set-it-and-forget-it. Once the initial setup is complete, you won’t even notice it’s there. Of all the items on this list, this one probably has the highest benefit-to-effort ratio.
Use a VPN
Using a virtual private network (VPN) routes your internet traffic through your VPN provider’s servers. To your ISP, all of your traffic is going to one place, so they can’t figure out what you’re actually accessing. Only your VPN provider can see. More on that in a sec.
I use Proton VPN, which I highly recommend. It’s not the cheapest out there, but it is laser focused on maintaining your privacy. Based in Switzerland, any requests for details about your account would have to be handled by the Swiss government, which also strongly supports personal privacy.
But a VPN can see your traffic? Yes, but Proton doesn’t log any activity, so even if your account details are requested and handed over, the requesting party won’t get to see much of anything at all.
Benefit: your IP address gets masked, which makes it harder to track your behavior online. It also trips up data gathering efforts by the sites you visit because they aren’t seeing your actual home IP address. You can also use a VPN to trick websites into thinking you’re connecting from another region or country, which can bypass censorship or allow you to access streaming services like Netflix from outside the US.
Trade-off: mostly cost, but you also have to be diligent about making sure the VPN is enabled. Also, iOS occasionally leaks data outside the VPN, which could defeat the purpose of using a VPN altogether. Traffic over a VPN isn’t necessarily slow, but it will never be as fast as traffic without a VPN.
Use Encrypted Chat
SMS is unencrypted. If you’re sending text messages over SMS, you might as well assume that someone is reading what you’re saying. Services like iMessage are end-to-end encrypted and provide privacy; however, the UK just got Apple to weaken that encryption because the government wanted a back-door. Corporations are not your friends; they’ll compromise your privacy whenever it benefits their bottom line no matter how much they claim to be pro-privacy.
Consider switching to a non-corporate, end-to-end encrypted chat like Signal, which is owned and operated by a non-profit. I can’t recommend WhatsApp because it’s owned by Meta. Telegram is also end-to-end encrypted, but it has a history of being very sketchy.
Also, remember: when you send a text or an email, a copy of that message exists in potentially three places: your device, the recipient’s device, and the server that delivered the message. Of those, you only have control over what you own. This’ll be important when we talk about email later.
Benefit: no one can see what you’re talking about with your friends and family except for you and the intended recipients.
Trade-off: you’ve gotta convince your friends and family to join you on Signal, which can be very difficult. Signal lacks some of the fun features of iMessage like stickers and text effects.
Turn on Full-Disk Encryption
Modern operating systems include full-disk encryption as a security feature, but it isn’t always enabled by default. You may have to turn it on, and for versions of Linux, this might involve jumping through some additional hoops to get it working.
Benefit: full-disk encryption ensures your data is encrypted at rest so that bad actors can’t get access to it.
Trade-off: on some older machines, performance might slow a bit, but you won’t notice any issues on most modern machines.
Shut Down Your Machine at Night
If you lock your computer or shut your laptop, the device will require a password to open up again; however, while the machine is in that suspended state, the disk remains unencrypted. The only way full-disk encryption works properly is if you completely shut down the machine when you’re not using it.
Benefit: you get the comfort of knowing your data is fully encrypted and can’t be accessed.
Trade-off: you have to remember to shut the machine down, and you’ll have to wait longer when you first start your machine for the day.
Use a Safer Email Provider
Proton Mail is encrypted, meaning Proton can’t read your messages or provide them to anyone else. If you’re emailing someone who also has a Proton account, your messages are end-to-end encrypted. And again, being based in Switzerland provides a little extra peace of mind.
Benefit: Proton can’t and won’t index your private emails to target you with ads, nor can they gather that data and sell it to a third-party. Any three-letter agency that wants access to your emails will have to put in a ton of effort, and they likely won’t be able to get your data even if their requests are granted. However, if you send emails to someone with a non-Proton email account, their email provider might be able to view their emails, and law enforcement could target them instead of you since their copy of your emails isn’t encrypted.
Trade-off: you’ll have to pay for a Proton Mail account if you want to use it long-term, as the free account doesn’t include much storage space. You also have to either use their official Proton Mail app or Proton Bridge to access your email.
Remove Your Data from Online Data Brokers
Data brokers buy up large amounts of publicly available data and make it searchable by anyone online. If you’ve ever looked up an old friend from high school, you’ve probably run across one of these sites. They often have your name, age, address, phone number, and the names of people close to you. Creepy!
You could go through the process of requesting that each one of these sites remove your data (guides here and here), or you could pay someone to do it for you using a service like Delete Me.
Benefit: this makes it far more difficult for bad actors to track you down or aggregate data about you.
Trade-off: if you do this yourself, it’s incredibly time consuming. If you don’t do it yourself, you’re spending still more money, and it’s rather costly.
Be Careful What You Print and Scan
Your printer has memory, and it stores copies of the things you’ve printed and scanned in that memory, so be careful what you run through your at-home machine. If you need to print sensitive information—say, protest fliers—opt for printing in a public setting like a Fedex Office shop.
Benefit: it makes it harder to trace the printing of specific documents back to you.
Trade-off: you’ve gotta go somewhere to print things instead of just doing it at home. Alternatively, you could print your stuff at home and then re-enact that scene from Office Space.
Use a NAS Instead of Cloud Storage Providers
Consider getting rid of cloud storage providers like iCloud, Dropbox, Google Drive, and Microsoft OneDrive. These services have a history of scanning and indexing the contents of your documents, and some are using your data to train AIs.
Instead, store your files at home on a network attached storage (NAS) device. One of the most popular, the Synology Diskstation DS923+, is extremely easy to use and powerful enough to also work as a streaming media server.
Benefit: your documents remain yours, and prying eyes can’t access them. Your data can’t be indexed and sold to third-parties.
Trade-off: buying a NAS and hard drives is expensive. That DS923+ is currently around $750 on Amazon, and the drives would be several hundred dollars more. There’s a certain amount of technical know-how involved in maintaining a NAS. Not all apps that work with your NAS offer the same features as cloud storage providers (e.g., the ability to search the contents of files).
Get Your Photos Out of iCloud, Google Photos, etc.
If you shut off iCloud or whichever storage provider you’re using to keep a backup of your phone’s photos, you’ll need to put those photos somewhere. The Synology NAS mentioned above has a Photos app for both iOS and Android that can pull your photos out of your cloud storage service and put them on your NAS automatically. It’ll also automatically upload your new photos to the NAS.
Benefit: cloud providers can’t use your photos to train AI models, and they can’t do things like accidentally flag you for possessing inappropriate photos of children, as happened to one man who took pictures of his child to provide a photo of a rash to his kid’s doctor.
Trade-off: the Synology Photos app doesn’t have as many features as the apps you’d get from Apple or Google. And again, a NAS can be very expensive.
Use a NAS Instead of Streaming Media Services
If you decided to buy a NAS, you can install Plex on it, which lets you stream movies, TV shows, and music to most streaming devices, including Apple TVs.
Benefit: your viewing habits stay private (for now—Plex has made questionable decisions in the past and might ruin this in the future), and streaming services like Netflix can’t gather even more data about you.
Trade-off: building a media library takes time and money, as does maintaining it.
Bonus: Run noisy.py on Your NAS
If you’ve got a NAS, might as well let it send some bogus DNS requests to confuse your internet provider’s data collection system! noisy.py is a script that does just that. You can install it in a container on your NAS with a few clicks.
Benefit: you’re adding noise to the signal, which further undermines your ISP’s ability to collect data about you.
Trade-off: aside from the time spent setting it up, none. You’ll need to be comfortable with creating containers on your NAS. DNS requests are cheap and don’t take up much bandwidth on your network, so you won’t see any degradation in network speed.
Use a Privacy-Focused Phone OS
Did you know it’s possible to de-Google a Google Pixel? You can replace the entire operating system with one that’s more focused on protecting your data. I use GrapheneOS. It’s a fork of Android with all of the Google bits ripped out. You can use it to do things like apply fine-grained access to all of your device’s sensors, network connections, and more, on an app-by-app basis.
You can still get access to apps on the Play store through the Aurora Store front-end, which doesn’t require a Google account. And there are tons of open-source app alternatives available through F-Droid.
Benefit: your mobile device probably knows more about you than any other device you own, which makes using a secure mobile OS like Graphene one of the best things you can do to protect your privacy.
Trade-off: the technical know-how required to get up and running with Graphene is pretty high. You’ll have to buy a Pixel if you don’t already have one. Some of the privacy restrictions in the OS can be a pain to use in practice, as they make the system less convenient to use in some ways. For example, your cameras are blocked by default, so you have to unblock them whenever you want to take a photo. If you answer a phone call, you’ll need to unblock your microphone, etc.
Turn on Your Phone’s Auto-Reboot Feature
Multiple governments have access to Pegasus), a spyware package developed by NSO Group in Israel, and they use it to infect the phones (yes, even iPhones) of their targets. It has a vulnerability, though. Rebooting your phone forces the attacker to re-initiate the attack on your device.
Android recently shipped a new auto-reboot feature, which will restart your device after it’s been locked for three consecutive days. GrapheneOS lets you customize the reboot window to be as short as 10 minutes. I’ve set mine to four hours, so it’s guaranteed to reboot at least once overnight.
If you’re on iOS, just try to remember to restart your phone once a day.
Benefit: state actors will have a harder time keeping tabs on you. However, if you’re being targeted by state actors, you’ve got much bigger problems than keeping your cell phone spook-free.
Trade-off: not much! If you’re using biometrics, you’ll have to unlock your device with a passcode after it reboots, but that’s about it.
Use Open-Source Software
Back in 2013, a slide deck leaked showing that every major tech company in America was providing the NSA with direct access to user data, including emails, videos, photos, chats, and more, through a program called PRISM. The involved companies all denied even knowing what PRISM was despite the fact that this was an NSA document prepared by people at the NSA for use at the NSA to tell other NSA people how good the NSA had gotten at collecting user data.
Again: corporations are not your friends. Open-source software isn’t perfect, and it can’t guarantee your privacy, but it exists in the open and can be audited by anyone. If an application is doing something it shouldn’t, you have a much better chance of finding out.
Benefit: you run a lower risk of having your data intercepted and handed off to three-letter agencies or advertising companies.
Trade-off: if I’m being completely honest, a lot of open source software lacks ease-of-use and doesn’t always look very attractive. Some of it is downright frustrating to use.
Try Linux on Your Laptop
If you haven’t given Ubuntu a shot, you might be surprised to find out how good it is. Coming from macOS, I loved how lightweight and focused the OS felt—something I used to praise Apple’s operating system for.
Benefit: Ubuntu doesn’t send telemetry data about your usage to anyone, and the OS isn’t concerned with trying to steer you into its app store. It’s pretty refreshing!
Trade-off: if you’re currently using a Mac, you’ll need to buy a non-Apple laptop. Not all software that you’re used to using is available on Linux, so you’ll have to find alternatives. Switching platforms always comes with a learning curve.
Use VMs or Ephemeral Operating Systems
Using a virtual machine (VM) is like having a whole separate computer running inside your computer. It shares resources with the machine that it’s running on (processor, memory, the display, etc.), but all of its files are contained in a disk image that can be both encrypted and deleted. The entire machine can be erased as if it never existed. VM software like VirtualBox is free, and you can run free operating systems like Ubuntu in your VMs, so using a VM doesn’t cost anything.
You can also run an ephemeral operating system like Tails, which is installed on a USB drive. You boot your computer from the USB drive, and when you shut down Tails, everything that you did while using Tails is erased.
Benefit: all of your activity can be destroyed, and if your VM’s disk image is encrypted, the data likely can’t be recovered even through forensics. Unless you’re forced to boot the VM and enter the login password, its data will remain encrypted regardless of the host machine’s state.
Trade-off: of all the recommendations in this article, this one probably requires the most technical know-how. The OSINT Techniques book by Michael Bazzell includes thorough and accessible information for creating and maintaining VMs and is a good place to start.
Buy a Used Car
You can’t do much about Flock cameras, the prevalence of doorbell cameras that the police can access, cameras at intersections, license plate readers on cop cars and at toll booths, and your phone’s use of cell towers, which can be used to triangulate your position to within 500 meters.
However, if you’re in the market for a car, consider an older model that doesn’t include a cellular radio. Modern cars gather data about you and your driving habits and send it back to the automaker’s servers for analysis and to be sold to third-parties, including insurance companies. In most cases, the cellular radio cannot be disabled without voiding your car’s warranty.
Some folks recommend not buying anything made after 2018, while others recommend going back as far as 2009 for their car purchases.
Benefit: yet another fork in the eye of surveillance capitalism!
Trade-off: buying a used car and not getting a lemon can be difficult, and the car may require more maintenance and repairs than a new vehicle. Also, cars are just generally expensive. Public transportation is also a great alternative.
Additional Resources
Privacy Guides
r/privacy
Extreme Privacy, another book by Michael Bazzell that goes into much greater detail about some of the topics presented here
DeFlock, a database and map of known Flock cameras
Loved the article? Hated it? Didn’t even read it?
We’d love to hear from you.
