Online Privacy Guide: 17 Actionable Steps to Remain Anonymous

Article Summary

17 steps covered, from VPNs and ad blockers to Tor, file shredding, and OS privacy settings — no tech skills required.
Incognito mode ≠ privacy: it only hides activity on your device, not from your ISP, government, or the sites you visit.
Social media tracks you off-platform too — disable “Off-Facebook Activity” and opt out of AI training in your settings.
Free VPNs are the product: if you’re not paying, your data likely is — only use audited no-logs providers.
Stay private online: NordVPN, Surfshark, and ProtonVPN all have independently audited no-logs policies.

Online privacy is a topic that grows in importance every single year.

With more and more web services, connected apps, and even home assistant devices that are gaining in popularity, it’s now more crucial than ever to understand what the dangers to your online privacy are and how to protect it consciously.

Here are 17 actionable steps to help you remain anonymous on the web and protect your online privacy. No sophisticated computer knowledge required.

What Is Online Privacy? (Definition & Why It Matters)

Online privacy is the right to have control over your personal data and communications. Typically, companies collect or track information such as your browsing activity or the data you enter on their platforms. Online privacy measures let you set limits on what companies can collect and how they use your data.

Online privacy is crucial for several reasons:

Cybercrime is growing rapidly: IC3 receives roughly 714,000 cybercrime victim reports per year, which shows how many individuals and businesses are getting hit. Cybercriminals are coming up with new ways to break into accounts and steal sensitive data. As state-backed cyber operations continue to expand globally, everyday users increasingly get swept into the same digital ecosystem targeted by larger campaigns. Having information out there, completely exposed, only makes it easier for them to carry out these attacks.
Free speech is being curbed: Governments around the world are expanding their mass surveillance efforts to monitor citizens’ opinions and associations. This is having a “chilling effect” where people are self-censoring their thoughts over the fear of being profiled or persecuted. Online privacy is key to creating a safe space where you can think or speak freely without scrutiny.
Digital footprints can affect real-world opportunities: Employers and institutions are increasingly using online profiles of individuals to make critical decisions. A photo posted years ago or a comment taken out of context can affect an individual’s chances of getting hired or admitted to a program. Online privacy offers the ability to set boundaries and make sure former activity doesn’t come in the way of securing an opportunity.

Steps to Protect Your Online Privacy:

Consider using a VPN
Use the privacy/incognito mode
Block web activity trackers
Use ad blockers
Use secured messaging apps (Signal or Telegram)
Don’t input important data on non-https sites
Clear your cookies regularly
Only use secure email
Review permissions given to your mobile apps
Update your mobile device
Shred your files
Be careful with social media
Access the web via TOR

1. Consider getting a VPN

Normally, your connection to the web is unprotected by anything. It’s just your computer requesting a website (or a service, or a tweet, etc.) and then the server providing that website to you.

What’s problematic from an online privacy point of view here is that such a connection is public, can be intercepted, and every server helping on with the connection along the way can take a peek into what’s being transmitted. If it’s a sensitive email (or anything to that nature) then you really don’t want that.

This is where a VPN comes into play. VPN (or Virtual Private Network) is a service that allows you to connect to the web safely by routing your connection through a VPN server before it gets to its destination.

Here’s a quick visualization of what your connection looks like without and then with a VPN enabled:

What a VPN actually does is encrypting the connection so that even if someone intercepts it, the information within will be scrambled and unreadable. In fact, no intercepting party will be able to determine where the connection is coming from or what it is about, thus giving you improved online privacy.

Even though the concept might seem complicated and intimidating at first, modern VPNs are actually very easy to use and don’t require any technical skills like server configuration or routing. All you need to do is literally install your VPN of choice and enable it with a single click.

VPN Evaluation Criteria

Nearly every VPN claims to protect your online privacy, but only a few have the technology and resources to deliver on their promise. Here’s what to evaluate when choosing a VPN provider:

Encryption standards – these are the protocols that VPN companies use to protect your data during transmission. Look for VPNs that use AES-256-GCM or ChaCha20 encryption standards, as these offer the highest level of security. Avoid providers that don’t explicitly state the type of encryption method they use for any reason.

No logs policy – A no-logs policy means a VPN doesn’t collect or store your data in any form. The problem with this is that any provider can claim to have a no-logs policy. The way to verify this is to check whether their policy has been reviewed by an independent auditing firm such as Deloitte or PwC. VPNs that undergo these audits are transparent about their practices and are the ones you should consider.

Company jurisdiction — This refers to the country where the VPN provider is legally based. You want to use a service that operates outside of the 5/9/14 Eyes alliances — a group of countries that share intelligence data with each other. VPN companies in Panama, Switzerland, or the British Virgin Islands operate outside these agreements and aren’t legally required to share user data with government agencies.

Money back guarantee — Check for how long the VPN allows you to test their service risk-free. Most reputable VPN providers offer 30 days with a full refund if you’re not satisfied, though the period can vary depending on the provider. Aim for this industry standard at minimum and read the fine print to check whether any usage limits or restrictions apply.

We have a comparison of the best VPNs on the market right here. Many of the top VPN solutions also offer versions for mobile devices.

VPN not connecting? Troubleshoot it with these steps

Be careful with free VPNs

VPN services are great. That’s more than true. However, not universally across the board.

As someone once said, “if you’re not paying for the product, then you’re the product”. And this is even more concerning considering that we’re dealing with the topic of online privacy. At the end of the day, no one wants to have their data compromised or sold to a third party purely because they failed to read the fine-print when signing up for a seemingly great free VPN service.

2. Use the privacy/incognito mode

All current versions of web browsers like Chrome, Firefox, Opera come with a privacy mode.

For example, in Chrome, if you press CMD+SHIFT+N (Mac) or CTRL+SHIFT+N (Win), you will open a new tab in privacy mode. In that mode, the browser doesn’t store any data at all from the current session. This means no web history, no web cache, no cookies, nothing at all.

Use this mode whenever doing anything that you’d prefer remain private and not able to be retrieved at a later date on the device that you’re using.

However! Let’s make it clear that privacy modes don’t make the connection more secure in any way. They just make it private in relation to your own device – meaning, they make it private on your end only.

(Privacy modes are also available in mobile browsers.)

3. Block web activity trackers

The main online privacy concern with the modern web is that you’re basically being tracked everywhere you go.

And this is not only about ads. Basically, every website that you visit will attempt to track your activity in multiple different manners. Just to name a few:

Traffic analytics – used commonly by most websites to get a better understanding of their audience, where they’re from, what devices they’re using, how much time they’re spending on the website, what sub-pages they’re interacting with, and so on.
Current location – commonly used by functional widgets like weather widgets, “near events”, and so on. But also used for general tracking and data analysis.
Social media – used to show you people’s activity in relation to the page or article that you’re reading. A specific example of this is the Facebook pixel:
Facebook pixel – those are meant to connect your activity with your Facebook profile, thus giving Facebook a better understanding of what your behavior is and what to show in your news feed (including which ads you’re most likely to enjoy).
Media trackers – for example, if there’s a YouTube video on the page, that video block is connected to your other YouTube activity, thus having an impact on what kind of videos YouTube is likely to recommend you next.

All of those trackers can make websites slower and generally less safe to use.

One of the viable solutions is to use a tool like Ghostery. It’s free and has versions for all major web browsers. The installation is simple, and it basically starts working right out the box.

You can also consider switching to privacy-focused services that don’t collect your data in the first place.

For example:

DuckDuckGo is a search engine that doesn’t track what you search for or build a profile on you. You can use it the same way you use Google, but your searches stay anonymous.
ProtonMail offers end-to-end encrypted email where any message you send can only be read by you and the recipient. Nothing is scanned for advertising purposes.
SpiderOak encrypts your files before they leave your device, so the company can’t access them. It works like Google Drive but without anyone else having access to your data.

4. Use ad blockers

Various sources (e.g. 1, 2) indicate that Google serves around 29 billion ads every single day.

But that’s only Google. What about Facebook? What about all the in-house ad inventory handled by webmasters themselves, without any ad network in between? It’s not unreasonable to estimate that the total number might grow to even 60 billion.

In simple terms, ads are everywhere. But their sole existence isn’t problematic from an online privacy point of view.

What is problematic is that ads are not “closed black boxes”. It’s quite the opposite – they take in a lot of data, “listening” to what you’re doing and taking note of every click and every action you take. That data can then be used to follow you on the web and serve you even more targeted ads the next time around.

All of the above is common market practice. It’s not illegal to do any of it. In fact, all those tracking algorithms are considered clever for how effective they are.

But then there’s also the other side of the coin. Some ads go even further and try to infect your computer with malware, trick you into installing unsafe software, or try getting accidental clicks by hiding the fact that they are ads in the first place (impersonating the design of the site they’re on). And when malware escalates into something like ransomware, the financial damage can be massive.

The best solution to not get affected by any of this is to simply block ads altogether. The easiest way to do that is by installing an ad blocker extension in your browser. Such an extension will block out any ad and prevent it from displaying. Ad blockers usually work right out the box with no configuration needed.

For Chrome: Adblock Plus, uBlock Origin, AdBlock.
For Opera: Opera Ad Blocker, Adblock Plus, uBlock Origin.

5. Use Signal or Telegram for messaging

Not all online communication is equally secured or protects your online privacy enough.

For example, email in itself isn’t the most private form of communication due to all the connection layers and different servers that participate in order to get the email to its destination.

Using solutions like Facebook Messenger or direct messages on X (formerly Twitter) raises whole other privacy concerns related to those corporations’ agendas and ways of handling user data. It wasn’t that long ago when we heard about 32 million X passwords potentially getting hacked and leaked, for instance.

A much better solution is to use other tools for casual communication and even sensitive conversations. Tools like Signal and Telegram, even though seeming like something that your younger cousin might use, are, in fact, top-of-the-line when it comes to making sure that whatever’s been said via the tool’s communication lines remains private.

Both Signal and Telegram employ end-to-end encryption, which makes sure your messages stay between you and the person you’re talking to. Not even the apps themselves can access these messages despite being the ones delivering them. Think of encryption like a locked box where only you and your friend have the keys.

Signal encrypts your messages using the Signal protocol, which has been independently verified and audited by security researchers from Oxford and MIT. If that isn’t convincing enough, the company has also made its code open source so anyone can inspect it for vulnerabilities at any time.

Telegram’s messages — the regular ones — aren’t encrypted end-to-end by default. They go straight to Telegram’s servers where the company can access them should they have a reason to. But Telegram users can manually enable Secret Chats (messages that use Telegram’s custom encryption protocol) to secure their conversations.

Additionally, both apps also now enable voice calls, which offers a much safer and more private alternative to classic phone calls.

6. Don’t input sensitive personal data on non-HTTPs websites

In simple terms, HTTPS is the secure version of HTTP – the standard protocol that’s used to send data between your web browser and the website you’re reading.

Checking whether you’re connected to a website via HTTPS is very simple. All you need to do is take a look at your browser’s address bar and notice if the address starts with https:// plus if there’s a green padlock icon next to it. Like so:

The important thing to remember here is to never enter any sensitive information on websites that don’t have HTTPS enabled. This includes things like your credit card information, social security numbers, address information, or anything else that you don’t want to have compromised.

Unfortunately, there isn’t “a fix” that you can do if a given website doesn’t have HTTPS. You simply have to avoid websites like that.

7. Clear your cookies regularly

Cookies are a popular term on the web, but very few people realize what they actually are. Technically speaking, cookies are quite simple. They’re just small text files that are kept on your computer (and your mobile devices as well). They store small packets of information related to your personal activity in connection with a given website.

The most classic use of a cookie is to keep you logged in to a certain website and not force you to re-enter your credentials every time you come back. But cookies can go much further than that.

These days, they’re also commonly used to store your shopping cart items (in case you decide to abandon your cart but then come back to the site later on and continue shopping), or to keep track of the content that you read previously on the site (thus helping with future content suggestions). These are just two of tens of possibilities.

Cookies are perhaps impossible to avoid entirely. If you disable them altogether, you’re effectively making it nearly impossible for yourself to use sites like Facebook, X, most e-commerce stores, or other services where login is required.

What you can do, though, is at least clear your cookies occasionally. This can help keep your browser clean and also not let some websites take advantage of older cookies that they set up maybe even months ago, thus making it more difficult to track your online habits.

Here’s how to clear cookies in Chrome, Firefox, Opera.

8. Only use secure email

As we said above when discussing online messengers (in #6), email is not the most secure form of communication online. On the other hand, it’s hard to imagine our life without email entirely, so, in some situations, we just need to bite the bullet and use email anyway.

However, there are still things that we can do to make it more secure.

First off, you can say goodbye to free email solutions like Gmail or Outlook.com, and instead opt for a premium one. One of the viable alternatives in that realm is the secure email service Tutanota that comes with a fully encrypted mailbox.

Other than that, you can attempt to add another layer of encryption on top of your existing free email inbox. For instance, if you use Gmail, you can get this Chrome extensions, which will enable end-to-end encryption on your messages as well as attachments. This sort of encryption makes sure that your conversation remains private.

9. Review the permissions given to your mobile apps

Each app that you have on your iPhone, iPad, or Android device requires a certain set of permissions to deliver its functionality. Sometimes, though, certain apps become too demanding in this department, requesting access to more than seems necessary to make the app operational. That is especially important on iPhones, where fake apps and harmful configuration profiles can be used to steal data or quietly take control of device settings.

If you ever caught yourself wondering, “Why does a recipe app need access to my location all the time?” then you know what we’re talking about.

What you should do from time to time is go through your currently installed apps and review the permissions given to them. Most of the time, you can revoke part of those permissions without making the app useless (like the recipe app example).

On iPhone, you can do that by going to Settings, scrolling to the bottom, and then going through each app one by one.

10. Update to a newer mobile device

It seems that every year companies like Apple, Samsung, Google try to convince us to buy the latest smartphone and toss our old ones away. Naturally, we resist. But we can’t resist forever. At least not if we don’t want our online privacy to take a hit.

What we need to remember is that modern mobile devices are computers. Just like your desktop PC or Mac, but only slightly less powerful. Therefore, they’re also prone to various security threats, and just like any other device, they require constant updates to stay secure.

New devices are being updated constantly, so that’s no problem. Older ones, not so much.

For example, Nexus 7 – a device that’s still relatively popular (you can buy them on eBay right now) – stopped getting security patches after June 2015. This means that whoever’s using it has been left on their own and exposed to new security threats for more than two years now.

Whether we like it or not, at some point, a new device is unavoidable.

11. Shred your files

Although sounds surprising, getting rid of a specific file once and for all isn’t that easy. Simply moving it to the bin and then emptying it won’t do. Any file removed through this standard operation is easily recoverable in full.

This is due to how the process of deleting anything actually works. In its most basic state, your operating system will just make a note that the space where your file used to be “is now free” with no actual deleting taking place. Therefore, if someone knows where to look, they can still access that file easily.

A safer solution is to take advantage of a “file shredding” tool. Those will allow you to remove sensitive, private files from your hard drive by overwriting them several times with random sets of data and in random patterns.

For Mac, you can use Dr. Cleaner.
For Win, Eraser.

12. Be careful with social media

Social media platforms collect far more data than most people realize. They track not just what you post, but where you go, what you click on other websites, and who’s in your contact list. And because every hour spent on social media gives advertisers and third parties more chances to harvest personal data, that tracking adds up quickly over time. The good news is you don’t need to delete your accounts. A few changes can limit what gets shared.

Never Share Sensitive Information

The ideal case from an online privacy point of view would be to delete your Facebook account entirely, but that’s probably out of the question for most people. So instead, at least be careful about what sort of data you share with your favorite social platform.

Don’t share your location with every update you post. There have been multiple cases of people’s homes robbed after they posted updates about them being on vacation. For instance, three robbers in New Hampshire got away with $200,000 worth of stolen goods after breaking into 50 homes, all made possible by checking Facebook statuses of their victims beforehand.

A good rule of thumb is to not post any information that you’d consider sensitive. Assume that the whole world is going to see your next status update.

Lock down your privacy settings

Most social media platforms set your account to share as much as possible by default because it’s better for their business. To make sure your information stays private, consider taking the following steps:

Choose Friends instead of Public: Set your default audience to Friends for future posts. On Facebook, use “Limit Past Posts” to change all your old public posts to Friends-only in one click.
Opt out of AI training: Platforms like Facebook, Instagram, and X use your posts and photos to train their AI models. Check settings to see if you can opt out before your content gets used.
Disable facial recognition: If the platform offers this feature, switch it off to prevent the service from automatically tagging you and building a database of your face.
Deactivate off-platform tracking: Look for settings like “Off-Facebook Activity” and disconnect it. This stops platforms from tracking what you do on other websites through embedded Like buttons.

Check your settings regularly

Social media companies update their platforms constantly and sometimes reset your privacy choices or introduce new settings with data collection turned on by default. Set a reminder to review your privacy settings every few months to make sure everything is still locked down the way you want it.

13. Access the web via TOR

Tor has been getting a lot of bad reputation over the years, not always for all the right reasons. Tor, as a technology, is a very clever mechanism that allows you to remain completely anonymous while browsing the web.

Tor (short for “The Onion Router”) routes your web connection through a number of nodes before it gets to its destination. Because of that, no one is able to track it or view what’s being transmitted. In some aspects, Tor is similar to VPN. The main difference between the two is that VPN connects you through one additional server, while Tor uses multiple ones.

Tor comes in handy for:

Whistleblowing or journalism in dangerous regions

If you’re working in a country where exposing government information can lead to serious consequences, Tor can be your safeguard against identification and surveillance. It routes your connection through multiple servers and encrypts the data at each step. That means neither you nor your sources can be identified even if the authorities manage to get their hands on one of the servers.

Bypassing heavy censorship

Countries with heavily regulated internet like China and Iran block VPNs most of the time. Tor can help you bypass these restrictions with special servers that aren’t publicly listed and stay off the government’s radar. You no longer have to deal with blocked connections and worry about your IP being tracked.

Accessing .onion sites

The dark web consists of websites with .onion domain addresses. These fall outside of Google’s index and can only be accessed via Tor Browser. You can take advantage by using Tor to access censored information while maintaining full anonymity, but it’s worth understanding that 64.06% of all dark web activity involves stolen data and databases, which shapes what you’ll actually find there.

Free and decentralized

Tor was created by a nonprofit organization as a free alternative to paid privacy services. It has thousands of volunteers worldwide who run the network rather than a single company controlling it. This is what makes Tor resistant to government pressure — there’s no central authority that can be legally compelled to log or hand over user data.

Getting started with Tor is simple – all you need is the official Tor web browser. There are versions available for all major systems. After getting it installed and fired up, you can establish a connection with the Tor network via a single click. At that stage, your connection is secure and anonymous. Here’s what the browser looks like:

Keep in mind that Tor isn’t as fast because of the way it routes your connection. Whereas a VPN connects you through one additional server, Tor uses multiple servers to encrypt and route your data. That means activities like streaming and downloading can be painfully slow or impossible to do on Tor.

If your primary internet activity is watching Netflix or browsing social networking sites, you might be better off using a VPN than Tor. But if you’re looking for a tool that prioritizes complete anonymity over speed, Tor is likely to fit your needs better.

14. Adjust Your OS Privacy Settings

Your computer and phone share a lot more information about you than you might think. MacBooks, Windows PCs, and smartphones all collect data like which apps you use by default. Even though the companies say they do this to improve your experience, the real reason is rooted in the fact that they want to improve their advertising so they can make more money off of you.

Does that mean your trusty old device is going in the trash?

No, it just means you need to adjust a few settings.

If you’re on Windows: Open Settings and go to Privacy & Security. Turn off your advertising ID under General. Under Diagnostics & Feedback, switch to “Required” instead of “Optional.” Then go through App Permissions and turn off camera and microphone access for apps you don’t use regularly.

If you’re on a Mac: Go to System Settings and click Privacy & Security. Turn off personalized ads and disable “Share Mac Analytics.” Review Location Services, Camera, and Microphone permissions and remove access from apps that don’t need it.

If you’re on a phone: Open Settings and find Privacy or Security & Privacy. Turn off ad personalization, check which apps can track your location, and revoke permissions from apps you haven’t used in months.

15. Do you really need that Amazon Echo?

As useful as those new home assistants can be, they also carry some serious online privacy concerns with them. Most of all, they’re in an “always on, always listening” state.

What this means is that Alexa is constantly listening to everything – everything(!) – you say around the house, and transmitting it over the internet to Amazon’s servers.

Ultimately, you have no control over how that data is going to be used and by whom. Though, full disclosure, Amazon says they don’t share your Amazon Echo data with third parties.

Google Home, however, is perhaps even more hostile to your privacy. Apart from microphone access (always listening) it also tracks your location and can share your data for advertising purposes with third parties (including Google’s other companies).

16. Use virtual machines

Virtual machines let you simulate a second computer (a virtual one) within an application. It’s basically a sandbox. The virtual machine can be limited in any way you need it to be, for instance, with the web connection disabled, or any other part of the system removed.

Virtual machines are great if you want to do a sensitive task on your computer that doesn’t necessarily involve a web connection. Or, even more so, when you want to make sure that the web connection is unavailable and that your actions are not logged for any future transmission to a third party.

In other words, if you want to open a file and you need to be sure that no one is watching over your shoulder as you do so, you can do that via a virtual machine. Then, after you’re done, you can delete that virtual machine and thus remove every trace of the operation.

Try out VirtualBox, a popular free solution that runs on Windows, Linux, and Mac.

17. Avoid public Wi-Fi

As much as everyone loves those free Starbucks Wi-Fi hotspots, you should perhaps be careful around them. Or, rather, not perhaps, but definitely.

Public Wi-Fi raises a number of online privacy concerns:

You never know who’s running the hotspot, what the software is, what the setup is, what sort of information is being logged, and so on.
You don’t have any certainty if the hotspot you’re using isn’t an “evil twin” – a hotspot created to impersonate the genuine Wi-Fi network that you actually intended to use. For example, let’s say that you see an open network called, “Starbucks Free Internet”, so you decide to connect. However, you have no way of telling if that network is actually the official one run by the coffee shop. Essentially, anyone with a mobile router can create a network like that and then steal the information of anyone who connects to it. Listen to the first episode of Hackable – a podcast by McAfee to learn more about this (available on iTunes).
You can’t be sure that using a VPN will protect you. In most cases, VPNs solve the problem, but if you’re dealing with a fake network then the person running it might still be able to see what’s going on. Additionally, there’s the issue of DNS leaks. In simple terms, your laptop can still be using its default DNS settings to connect to the web, rather than the VPN’s safe servers. Here’s more on the topic.

What can you do?

Really avoid public Wi-Fi networks if you want to perform any sort of sensitive operation. Don’t access your online banking platforms or anything else where your privacy is of utmost importance.
If you do use public Wi-Fi, also use a VPN. Do the DNS leak test available here to make sure that the connection is secure.
Always ask what’s the exact name of the public network that you want to connect with – to avoid connecting to an evil twin.

Privacy for Specific Use Cases (Health Data, Children’s Privacy, Smart Devices)

Privacy can be more complicated for certain situations. For example, you might be handling sensitive health data, protecting your children online, or securing smart devices in your home. Here’s how to protect yourself in each case.

For health data: Your fitness tracker isn’t protected by the same privacy laws as your doctor’s office. Companies can share your heart rate, sleep data, and location with advertisers. The best way to protect your information is to turn off data sharing in your app settings and delete old health records you no longer need.
For children’s privacy: Laws like COPPA require companies to seek parental consent before collecting data from kids under 13. See if the apps and toys your child uses actually follow these rules. A quick search on Google can help you find out whether a product has been flagged for privacy violations.
For smart devices: “Admin” or “1234” won’t protect your smart speaker or camera from being hacked. To secure these devices, change default passwords immediately and set up a separate Wi-Fi network for all your smart home gadgets.

Conclusion: Protecting Your Online Privacy is Simple

Online privacy is a topic that has been gaining in importance more and more over the last couple of years.

Apart from those basic, common-sense things that every web user should be doing in terms of their online privacy, there are also matters of new regulations and problematic net neutrality issues that have appeared quite recently.

These days, it seems that you can’t easily escape big corporations tracking you online, your ISP (internet service provider) recording your online activity and perhaps even selling the data to third parties (which is legal in the US).

All in all, this can be frightening. However, there still are viable things you can do and tools you can use to keep and protect your online privacy. We hope that the list above gave you a good overview of what’s possible and how easy to carry out most of those actions are. But you do need to be deliberate, and also review your online privacy optimizations every once in a while.

More helpful online privacy tools can be found here: PrivacyTools.io