Online privacy is a topic that grows in importance every single year. With more and more web services, connected apps, and even home assistant devices that are gaining in popularity, it’s now more crucial than ever to understand what the dangers to your online privacy are and how to protect it consciously.
This online privacy guide is all about that.
Here are 19 actionable steps to help you remain anonymous on the web and protect your online privacy. No sophisticated computer knowledge required.
1. Get a VPN
Normally, your connection to the web is unprotected by anything. It’s just your computer requesting a website (or a service, or a tweet, etc.) and then the server providing that website to you.
What’s problematic from an online privacy point of view here is that such a connection is public, can be intercepted, and every server helping on with the connection along the way can take a peek into what’s being transmitted. If it’s a sensitive email (or anything to that nature) then you really don’t want that.
This is where a VPN comes into play. VPN (or Virtual Private Network) is a service that allows you to connect to the web safely by routing your connection through a VPN server before it gets to its destination.
Here’s a quick visualization of what your connection looks like without and then with a VPN enabled:
What a VPN actually does is encrypting the connection so that even if someone intercepts it, the information within will be scrambled and unreadable. In fact, no intercepting party will be able to determine where the connection is coming from or what it is about, thus giving you improved online privacy.
Even though the concept might seem complicated and intimidating at first, modern VPNs are actually very easy to use and don’t require any technical skills like server configuration or routing. All you need to do is literally install your VPN of choice and enable it with a single click.
We have a comparison of the best VPNs on the market right here. Many of the top VPN solutions also offer versions for mobile devices.
Be careful with free VPNs
VPN services are great. That’s more than true. However, not universally across the board.
As someone once said, “if you’re not paying for the product, then you’re the product”. And this is even more concerning considering that we’re dealing with the topic of online privacy. At the end of the day, no one wants to have their data compromised or sold to a third party purely because they failed to read the fine-print when signing up for a seemingly great free VPN service.
2. Use the privacy/incognito mode
All current versions of web browsers like Chrome, Firefox, Opera come with a privacy mode.
For example, in Chrome, if you press CMD+SHIFT+N (Mac) or CTRL+SHIFT+N (Win), you will open a new tab in privacy mode. In that mode, the browser doesn’t store any data at all from the current session. This means no web history, no web cache, no cookies, nothing at all.
Use this mode whenever doing anything that you’d prefer remain private and not able to be retrieved at a later date on the device that you’re using.
However! Let’s make it clear that privacy modes don’t make the connection more secure in any way. They just make it private in relation to your own device – meaning, they make it private on your end only.
(Privacy modes are also available in mobile browsers.)
3. Block web activity trackers
The main online privacy concern with the modern web is that you’re basically being tracked everywhere you go.
And this is not only about ads. Basically, every website that you visit will attempt to track your activity in multiple different manners. Just to name a few:
- Traffic analytics – used commonly by most websites to get a better understanding of their audience, where they’re from, what devices they’re using, how much time they’re spending on the website, what sub pages they’re interacting with, and so on.
- Current location – commonly used by functional widgets like weather widgets, “near events”, and so on. But also used for general tracking and data analysis.
- Social media – used to show you people’s activity in relation to the page or article that you’re reading. A specific example of this is the Facebook pixel:
- Facebook pixel – those are meant to connect your activity with your Facebook profile, thus giving Facebook a better understanding of what your behavior is and what to show in your news feed (including which ads you’re most likely to enjoy).
- Media trackers – for example, if there’s a YouTube video on the page, that video block is connected to your other YouTube activity, thus having an impact on what kind of videos YouTube is likely to recommend you next.
All of those trackers can make websites slower and generally less safe to use.
One of the viable solutions is to use a tool like Ghostery. It’s free and has versions for all major web browsers. The installation is simple, and it basically starts working right out the box.
4. Use ad blockers
But that’s only Google. What about Facebook? What about all the in-house ad inventory handled by webmasters themselves, without any ad network in between? It’s not unreasonable to estimate that the total number might grow to even 60 billion.
In simple terms, ads are everywhere. But their sole existence isn’t problematic from an online privacy point of view.
What is problematic is that ads are not “closed black boxes”. It’s quite the opposite – they take in a lot of data, “listening” to what you’re doing and taking note of every click and every action you take. That data can then be used to follow you on the web and serve you even more targeted ads the next time around.
All of the above is common market practice. It’s not illegal to do any of it. In fact, all those tracking algorithms are considered clever for how effective they are.
But then there’s also the other side of the coin. Some ads go even further and try to infect your computer with malware, trick you into installing unsafe software, or try getting accidental clicks by hiding the fact that they are ads in the first place (impersonating the design of the site they’re on).
The best solution to not get affected by any of this is to simply block ads altogether. The easiest way to do that is by installing an ad blocker extension in your browser. Such an extension will block out any ad and prevent it from displaying. Ad blockers usually work right out the box with no configuration needed.
- For Chrome: Adblock Plus, uBlock Origin, AdBlock.
- For Opera: Opera Ad Blocker, Adblock Plus, uBlock Origin.
5. Use WhatsApp or Viber for messaging
Not all online communication is equally secured or protects your online privacy enough.
For example, email in itself isn’t the most private form of communication due to all the connection layers and different servers that participate in order to get the email to its destination.
Using solutions like Facebook Messenger or direct messages on Twitter raises whole other privacy concerns related to those corporations’ agendas and ways of handling user data. It wasn’t that long ago when we heard about 32 million Twitter passwords potentially getting hacked and leaked, for instance.
A much better solution is to use other tools for casual communication and even sensitive conversations. Tools like WhatsApp and Viber, even though seeming like something that your younger cousin might use, are, in fact, top-of-the-line when it comes to making sure that whatever’s been said via the tool’s communication lines remains private.
More than that, both apps also now enable voice calls, which presents a much safer and more private alternative to classic phone calls.
6. Don’t input sensitive personal data on non-HTTPs websites
In simple terms, HTTPS is the secure version of HTTP – the standard protocol that’s used to send data between your web browser and the website you’re reading.
Checking whether you’re connected to a website via HTTPS is very simple. All you need to do is take a look at your browser’s address bar and notice if the address starts with
https:// plus if there’s a green padlock icon next to it. Like so:
The important thing to remember here is to never enter any sensitive information on websites that don’t have HTTPS enabled. This includes things like your credit card information, social security numbers, address information, or anything else that you don’t want to have compromised.
Unfortunately, there isn’t “a fix” that you can do if a given website doesn’t have HTTPS. You simply have to avoid websites like that.
7. Clear your cookies regularly
Cookies are a popular term on the web, but very few people realize what they actually are. Technically speaking, cookies are quite simple. They’re just small text files that are kept on your computer (and your mobile devices as well). They store small packets of information related to your personal activity in connection with a given website.
The most classic use of a cookie is to keep you logged in to a certain website and not force you to re-enter your credentials every time you come back. But cookies can go much further than that.
These days, they’re also commonly used to store your shopping cart items (in case you decide to abandon your cart but then come back to the site later on and continue shopping), or to keep track of the content that you read previously on the site (thus helping with future content suggestions). These are just two of tens of possibilities.
Cookies are perhaps impossible to avoid entirely. If you disable them altogether, you’re effectively making it nearly impossible for yourself to use sites like Facebook, Twitter, most e-commerce stores, or other services where login is required.
What you can do, though, is at least clear your cookies occasionally. This can help keep your browser clean and also not let some websites take advantage of older cookies that they set up maybe even months ago, thus making it more difficult to track your online habits.
8. Only use secure email
As we said above when discussing online messengers (in #6), email is not the most secure form of communication online. On the other hand, it’s hard to image our life without email entirely, so, in some situations, we just need to bite the bullet and use email anyway.
However, there are still things that we can do to make it more secure.
First off, you can say goodbye to free email solutions like Gmail or Outlook.com, and instead opt for a premium one. One of the viable alternatives in that realm is ProtonMail.
Other than that, you can attempt to add another layer of encryption on top of your existing free email inbox. For instance, if you use Gmail, you can get this Chrome extensions, which will enable end-to-end encryption on your messages as well as attachments. This sort of encryption makes sure that your conversation remains private.
9. Review the permissions given to your mobile apps
Each app that you have on your iPhone, iPad, or Android device requires a certain set of permissions to deliver its functionality. Sometimes, though, certain apps become too demanding in this department, requesting access to more than seems necessary to make the app operational.
If you ever caught yourself wondering, “Why does a recipe app need access to my location all the time?” then you know what we’re talking about.
What you should do from time to time is go through your currently installed apps and review the permissions given to them. Most of the time, you can revoke part of those permissions without making the app useless (like the recipe app example).
On iPhone, you can do that by going to Settings, scrolling to the bottom, and then going through each app one by one.
10. Update to a newer mobile device
It seems that every year companies like Apple, Samsung, Google try to convince us to buy the latest smartphone and toss our old ones away. Naturally, we resist. But we can’t resist forever. At least not if we don’t want our online privacy to take a hit.
What we need to remember is that modern mobile devices are computers. Just like your desktop PC or Mac, but only slightly less powerful. Therefore, they’re also prone to various security threats, and just like any other device, they require constant updates to stay secure.
New devices are being updated constantly, so that’s no problem. Older ones, not so much.
For example, Nexus 7 – a device that’s still relatively popular (you can buy them on eBay right now) – stopped getting security patches after June 2015. This means that whoever’s using it has been left on their own and exposed to new security threats for more than two years now.
Whether we like it or not, at some point, a new device is unavoidable.
11. Shred your files
Although sounds surprising, getting rid of a specific file once and for all isn’t that easy. Simply moving it to the bin and then emptying it won’t do. Any file removed through this standard operation is easily recoverable in full.
This is due to how the process of deleting anything actually works. In its most basic state, your operating system will just make a note that the space where your file used to be “is now free” with no actual deleting taking place. Therefore, if someone knows where to look, they can still access that file easily.
A safer solution is to take advantage of a “file shredding” tool. Those will allow you to remove sensitive, private files from your hard drive by overwriting them several times with random sets of data and in random patterns.
12. Be careful with social media
The ideal case from an online privacy point of view would be to delete your Facebook account entirely, but that’s probably out of the question for most people. So, instead, at least be careful about what sort of data you share with your favorite social platform.
For once, don’t share your location with Facebook all the time and with every update you post. There have been multiple cases of people’s homes robbed after they posted updates about them being on vacation. For instance, three robbers in New Hampshire got away with $200,000 worth of stolen goods after breaking into 50 homes, all made possible by checking Facebook statuses of their victims beforehand.
A good rule of thumb is to not post any information that you’d consider sensitive from an online privacy point of view. Assume that the whole world is going to see your next status update.
13. Access the web via Tor
Tor has been getting a lot of bad reputation over the years, not always for all the right reasons. Tor, as a technology, is a very clever mechanism that allows you to remain completely anonymous while browsing the web.
Tor (short for “The Onion Router”) routes your web connection through a number of nodes before it gets to its destination. Because of that, no one is able to track it or view what’s being transmitted. In some aspects, Tor is similar to VPN. The main difference between the two is that VPN connects you through one additional server, while Tor uses multiple ones.
Getting started with Tor is simple – all you need is the official Tor web browser. There are versions available for all major systems. After getting it installed and fired up, you can establish a connection with the Tor network via a single click. At that stage, your connection is secure and anonymous. Here’s what the browser looks like:
14. Don’t use Windows 10 if you can
Windows 10 is notorious for its “loose” approach towards online privacy. On its default setup, the system is set to share all of your personal information (including your activity) with Microsoft and even third parties. It also synchronizes all your browsing history and other settings back to Microsoft servers.
On top of that, Cortana – the system’s assistant – records all your keystrokes and listens to all your activity.
If that’s not enough, Microsoft is also making it surprisingly difficult to set things the way they should be. Basically, every consecutive update of the system tends to bring back the factory settings, thus forcing you do carry through with your fixes once again.
At the end of the day, if it’s a viable option for you, say goodbye to Windows 10 entirely.
15. Consider not using Google
This goes not only for the main Google search engine but also all of the other tools – Google Analytics, Gmail, Google Apps, Google Drive, etc.
Due to its huge network and portfolio of tools, Google knows basically everything about you there is to know. Whether you’re comfortable with this from an online privacy point of view is up to you.
As for things like Gmail and Google Drive, there are multiple viable solutions on the web. For example, SpiderOak is an interesting alternative to Google Drive and Dropbox that even has Edward Snowden’s approval.
16. Probably delete Facebook from your phone
There have been multiple stories appearing lately describing Facebook’s alleged “in the background listening” practices. Some people are reporting concerns related to the Facebook app listening on to the conversations they’re having over the phone and then suggesting ads based on the things mentioned in those conversations.
In all likelihood, or at least we’d like to believe so, this is not entirely plausible – and Facebook obviously denies. However, getting rid of the Facebook app from your phone surely won’t hurt your overall online privacy.
17. Do you really need that Amazon Echo?
As useful as those new home assistants can be, they also carry some serious online privacy concerns with them. Most of all, they’re in an “always on, always listening” state.
What this means is that Alexa is constantly listening to everything – everything(!) – you say around the house, and transmitting it over the internet to Amazon’s servers.
Ultimately, you have no control over how that data is going to be used and by whom. Though, full disclosure, Amazon says they don’t share your Amazon Echo data with third parties.
Google Home, however, is perhaps even more hostile to your privacy. Apart from microphone access (always listening) it also tracks your location and can share your data for advertising purposes with third parties (including Google’s other companies).
18. Use virtual machines
Virtual machines let you simulate a second computer (a virtual one) within an application. It’s basically a sandbox. The virtual machine can be limited in any way you need it to be, for instance, with the web connection disabled, or any other part of the system removed.
Virtual machines are great if you want to do a sensitive task on your computer that doesn’t necessarily involve a web connection. Or, even more so, when you want to make sure that the web connection is unavailable and that your actions are not logged for any future transmission to a third party.
In other words, if you want to open a file and you need to be sure that no one is watching over your shoulder as you do so, you can do that via a virtual machine. Then, after you’re done, you can delete that virtual machine and thus remove every trace of the operation.
Try out VirtualBox, a popular free solution that runs on Windows, Linux, and Mac.
19. Avoid public Wi-Fi
As much as everyone loves those free Starbucks Wi-Fi hotspots, you should perhaps be careful around them. Or, rather, not perhaps, but definitely.
Public Wi-Fi raises a number of online privacy concerns:
- You never know who’s running the hotspot, what the software is, what the setup is, what sort of information is being logged, and so on.
- You don’t have any certainty if the hotspot you’re using isn’t an “evil twin” – a hotspot created to impersonate the genuine Wi-Fi network that you actually intended to use. For example, let’s say that you see an open network called, “Starbucks Free Internet”, so you decide to connect. However, you have no way of telling if that network is actually the official one run by the coffee shop. Essentially, anyone with a mobile router can create a network like that and then steal the information of anyone who connects to it. Listen to the first episode of Hackable – a podcast by McAfee to learn more about this (available on iTunes).
- You can’t be sure that using a VPN will protect you. In most cases, VPNs solve the problem, but if you’re dealing with a fake network then the person running it might still be able to see what’s going on. Additionally, there’s the issue of DNS leaks. In simple terms, your laptop can still be using its default DNS settings to connect to the web, rather than the VPN’s safe servers. Here’s more on the topic.
What can you do?
- Really avoid public Wi-Fi networks if you want to perform any sort of sensitive operation. Don’t access your online banking platforms or anything else where your privacy is of utmost importance.
- If you do use public Wi-Fi, also use a VPN. Do the DNS leak test available here to make sure that the connection is secure.
- Always ask what’s the exact name of the public network that you want to connect with – to avoid connecting to an evil twin.
Conclusion: What’s Next?
Online privacy is a topic that has been gaining in importance more and more over the last couple of years.
Apart from those basic, common-sense things that every web user should be doing in terms of their online privacy, there are also matters of new regulations and problematic net neutrality issues that have appeared quite recently.
These days, it seems that you can’t easily escape big corporations tracking you online, your ISP (internet service provider) recording your online activity and perhaps even selling the data to third parties (which is legal in the US).
All in all, this can be frightening. However, there still are viable things you can do and tools you can use to keep and protect your online privacy. We hope that the list above gave you a good overview of what’s possible and how easy to carry out most of those actions are. But you do need to be deliberate, and also review your online privacy optimizations every once in a while.
More helpful online privacy tools can be found here: PrivacyTools.io