Most of us know deep down that we should probably be trying a little harder to protect our privacy. But reclaiming even a small fraction of the privacy that normal people enjoyed a few decades ago can seem overwhelming, and not worth the effort. The good news is that a more private life can be created in an afternoon, you just need to know what steps to take.

To make this transformation easy, I’ve created this comprehensive guide covering the tools and tactics I’ve used to live a more private life. I’ve used every tool in this guide, and none of them are sponsoring me in any way. The guide is organized into three categories based on the level of difficulty, time, or money required to implement them. While I take my privacy very seriously, you should use this guide to make informed decisions about where you want to invest in privacy, and we’re your ok with compromising.

Why You Should Care About Your Privacy

Before we jump into the details, it’s important to understand why you should care about your privacy. For a lot of people, privacy in the digital age seems like a lost cause. Whenever you bring this subject up to groups of people, you’ll inevitably hear someone say “Who cares, I have nothing to hide”. This mistaken belief is common because the people exploiting you and your data want you to think it’s true. In reality, it’s easy to live a private life, all it takes is a little knowledge and some basic effort. There are many good reasons why you should care about online privacy, but to save time, here are some highlights to research if you aren’t fully convinced:

• Protecting yourself and your family from financial, or even physical harm. Data breaches, scammers, and discriminatory pricing are just the tip of the iceberg. In the age of increasingly advanced AI, every scrap of your data that’s out there is a weapon to be used against you or your family. Think AI deepfakes for extortion, blackmail or scams, and AI research tools making it easy for anyone to find out even your most personal and private information.

• Protecting democracy and freedom. Do you know why zebras have stripes? It’s not to blend in with their surroundings. The shifting patterns in a large herd of zebras make it harder for predators to pick out any one individual to target, which makes the whole herd safer. If journalists, whistle blowers, and activists are the only ones using privacy tools, then they stick out like a lone zebra. This makes it easier for bad actors and authoritarian governments to target them. But if privacy tools are the default, then the people who need them most are safely hidden in the herd.

• Maintain your power. As the old saying goes, knowledge is power. The more people know about you, the more they can use that knowledge against you. Job interviews, loan applications, buying insurance, and even dating are all high stakes situations where knowledge about the other party can have huge consequences. I’m not saying you should try to maliciously withhold information, but humans are flawed, biased, and often irrational creatures. It’s wise not to reveal more about yourself than the situation calls for.

  ---

How to Use This Guide

At almost 10,000 words, this guide is massive. If you’re totally new to privacy, I’d recommenced taking it slow. Trying to implement everything in here at once will be completely overwhelming. Instead, treat this guide as a menu, not a manual. Bookmark this post so you can come back to it when you want to try something new. Use the table of contents to skip around to parts that interest you!

Table of Contents

• Easy Privacy – “I Want to Protect My Data, But I Don’t Want Trade-offs”

• Intermediate – “I Want to Live a Private Life”

• Advanced – “Now You See Me . . .”

Easy Privacy – “I Want to Protect My Data, But I Don’t Want Trade-offs”

Like many things in life, the tools and tactics in this guide follow the 80/20 principle. The easiest 20% of actions you can take today will result in about 80% of your privacy gains. From there, the methods become more advanced, and the trade-offs become more significant.

How far you want to go is based on your threat model. Who are your trying to hide from? Eliminating most corporate surveillance and protecting yourself from low effort scams is easy. A little more effort can protect you from mass government surveillance, determined stalkers, and even local authorities. But only the most advanced tactics can prevent determined surveillance efforts from governments, and even then, nothing can protect you from targeted surveillance by agencies like the NSA or CIA.

Luckily, most of us aren’t international spies, so let’s start with the easy stuff! You can easily implement this section of the guide in an afternoon. If you do, you’ll already be living a more private life than 90% of people!

Email

Email is the foundation of our online life. It’s our main form of communication for important things like financial and medical services, it’s the key to all our online accounts, and in many ways it’s our digital ID. Unfortunately, the largest email provider is Gmail. Companies like Google offer services like Gmail for free because you’re the product, not the customer. Your data is sold to advertisers, data brokers, and even governments. As a pioneer of this business model, Google is one of the worst offenders, but they’re far from alone.

There’s only one way to be 100% sure your email is secure: use a service that offers the gold standard of private communications – end to end encryption.

End-to-end encryption is a method of securing communications where only the sender and the intended recipient can read the message, as the data is encrypted on the sender’s device and only decrypted on the recipient’s device, ensuring that no third party, including the service provider, can access the content.

The best way to test if a company is actually using true end-to-end encryption is to see what happens if you lose your account password. End-to-end encrypted services use a seed phrase, which is a string of words that only you know, as the only method to restore your account. If you lose that and your password, no one can recover your account. If the company can recover your account for you without a seed phrase, then it’s not encrypted, and not secure. While this might sound intimidating, a good password manager makes it almost impossible to lose access to your account.

Encryption is critical, but it’s not enough by itself. Any email service provider also needs to be dedicated to privacy first technology, and their business model can’t be based on selling data or advertising.

There are only two major providers of encrypted email that I recommend: Tuta and Proton. Both providers are large, well known, easy to use, and offer free plans. I personally use Proton and they’ll come up a lot in this guide. While they started out as an email provider, they’ve become the leading privacy tech company. They offer email, cloud storage, cloud docs/office, VPNs (more on that later), and continue to add new services. Think of them as the ethical alternative to Google. Another major benefit is that they’re based in Switzerland which has some of the strongest privacy laws in the world, and is outside the American, Russian, and Chinese surveillance systems.

While Proton offers free plans for all its products, it’s important to understand that it won’t be as generous as Google’s. You should expect to pay for services that don’t use your data to fund their operations. Proton’s paid plans start at $4 a month, and when bundled with their other products, they offer an incredible value.

Communications

Securing your other forms of communication (messages, voice/video calls) with end-to-end encryption is just as critical as protecting your email, for the same reasons. Traditional SMS messages and phone calls are completely insecure, and easily intercepted by anyone who wants to see them. Apps like iMessage, WhatsApp, and Facebook Messenger are more secure, but you’re left taking the companies word that they aren’t snooping.

By far the best privacy-centric communication tool is Signal. Signal is identical to most messenger apps, but it’s built around end-to-end encryption, and it’s run by a nonprofit foundation. Signal is one of the most influential and well known players in the privacy tech space, and at this point they’re mainstream.

Signal offers you everything you would expect in a messenger app: voice and video calling, text messages, images and video messaging, voice messages, etc. Another great feature is the option to make a message disappear after it’s viewed, and this works for images and videos as well. I’ve used signal to replace text messages, FaceTime, phone calls, and Snapchat. It also makes communications between iPhone and Android way more convenient , private, and secure.

Web Browsers and Search Engines

Internet browsers and search engines are our gateway to the internet, and they’re both currently dominated by Google. To use the internet privately, you need to use both a privacy first browser and a privacy first search engine. Browsers are the programs you open to access the internet, and search engines are the programs that actually execute searches. For example, Chrome is a browser, and Google is a search engine; Edge is a browser, Bing is a search engine. Luckily, this is another area where privacy tech has made massive gains over the past decade, so making the transition is easy.

To start, you need to choose a browser. While there are an increasing number of privacy focused browsers, the two leaders are Firefox and Brave. Firefox is an older and better known browser, but unlike Brave, it doesn’t have it’s own search engine.

Brave is the new kid on the block and has been aggressively rolling out features, including private AI, it’s own search engine, and integrations with cryptocurrencies.

Both browsers are highly customizable and intuitive to use. If you want to take full advantage of their privacy protection capabilities, you’ll need to make some changes in their settings. If you don’t know what you’re looking for in the settings, start by restricting cookies, limiting tracking, and setting your data to be cleared when the browser closes. There are also good guides on the internet showing how to use more advanced privacy settings.

There are dozens of privacy focused search engines out there, but the biggest is Duck Duck Go, although Start Page is another good option. Historically Duck Duck Go search results were closer to Bing’s, while Start Page results looked more like Google’s. These days there isn’t much of a difference.

I personally use both Brave and Firefox for my browser, and Duck Duck Go, or Brave’s for search engines.

Password Managers and Authenticator Apps

As you add more encrypted services to your life, managing your passwords and seed phrases is critical. Most browsers, phones, and computers offer built in password managers, but from a privacy perspective most of these suck. If you’re going to go through the effort of migrating to encrypted, privacy respecting services, then it doesn’t make a lot sense to trust Google with all your passwords and usernames.

I use Bitwarden as my password manager. It’s one of the most well known encrypted, privacy first password managers on the market and at $10 a year it’s very affordable. Bitwarden supports passkeys, secure notes (great for storing your seed phrases) and can also save and autofill credit card information. Proton also offers a password manager with similar capabilities. The only reason I don’t use Proton’s password manager is to avoid putting all my eggs in one basket.

The same logic applies to authentication apps, which offer more secure two factor authentication than text messages. Proton offers a good authenticator, but I prefer to use the free and open source app Aegis.

Default settings

Pay more attention to default settings! Any product or service that can connect to the internet is a privacy risk, but they should also have settings allowing you to limit your exposure. By default, settings will usually be set to the most invasive configuration, so it’s on you to go in and adjust them.

For apps, browsers, websites, and programs, this means blocking cookies and location tracking, refusing or revoking consent to share data, and making sure that you opt out of data collection wherever possible. This includes seemingly innocent sounding things like “personalized recommendations” and “anonymous usage statistics”. Sometimes this is as simple as checking a box, and other times you may need to download an ad blocking browser plugin, or contact customer service and ask them not to share your data.

Your first thought when downloading a new program, signing up for a new account, or using a digital product should be, “How can I limit the data I share?”

We’ll get to smart devices in the intermediate section, but the rules for any kind of hardware are the same. Opt out and restrict sharing whenever you have the option to and if possible, don’t let your home appliances or devices connect to the internet.

Demographic info

This one may seem obvious, but you should never share your demographic info. This includes, but isn’t limited to, your race or ethnicity, gender, sexual orientation, age, disability status, veteran status, immigration status, nation of origin, genetic information, etc.

There’s no service that’s worth revealing this information. These types of questions are common on job applications and for creating social media accounts, but you might be hit with them in other unexpected places as well. In most jurisdictions, you can’t legally be required to share this information, but if you don’t have an option to opt out then lie. Where possible, refuse to answer. Never give this information out willingly!

AI tools

The most recent threat to your privacy is growing exponentially, and of course I’m talking about AI. Behind the scenes, AI is making it easier to connect data with your identity in ways that would have been impossible just a few years ago. This means we have to be even more cautious about limiting what data we generate, because AI can increasingly do more with less.

But for someone beginning their privacy journey, the biggest thing they need to worry about is the proliferation of AI tools.

I want you to deeply internalize this sentence: Anything you say or ask a chat bot like ChatGPT is not private, ever. That goes for all the models built by companies with a history of exploiting your data (Google, Meta/Facebook, etc.) and all the new companies that want to exploit your data (OpenAI, Anthropic, xAI).

The solution to AI privacy problems is twofold. First, reduce the amount of data you generate and make publicly available, which you’re already doing by working through this guide.

The second is to not use AI from disreputable companies, which are most of the major players in this space. Luckily, there’s a ton of work being done on open source and privacy respecting AI models. Brave and Duck Duck Go both offer solid AI search features, and Proton has rolled out an AI assistant called Lumo. While privacy first AI is usually a year or two behind the most cutting edge models, I suspect that we’ll see that gap shrink in the years ahead.

Data Deletion Services

One of the many places your data ends up is with data brokers, aggregators, and people search sites. These companies collect public information and other sources of your data so they can build a profile on you. They then sell this information to corporations, insurance companies, credit agencies, governments, and even the general public.

Hopefully we’ll get legislation banning this practice, but in the meantime you have two options. You can search your name on the internet and then manually submit take down requests to any company that shows your information, or you can use a data deletion service.

You’ve probably seen ads for companies like Delete Me or Icogni. These companies automatically scan the internet for your information, and submit take down requests on your behalf. These services definitely work, but they cost money. It’s also important to choose a reliable and trustworthy company, because you need to provide them with the information you want them to look for and remove.

There’s an important reason why I put these services as the last part of the “Easy” category. They definitely work, but if you implement the more advanced measures that we’ll discuss next, they’re largely unnecessary. So if you want to end your privacy journey here, then I think they’re a reasonable investment. But if you want to go farther, they might be unnecessary.

Bonus

Blur your house on Google maps. It takes five minutes, and no one should be able to casually view your house from anywhere on Earth.

Intermediate – “I Want to Live a Private Life”

Welcome to your new private life. While the tools and techniques in this section are somewhat advanced, I believe this is the ideal level of privacy for most people. It’s not that much harder to fully implement, but the small amount of extra effort will mean you’re more private than 99% of people.

Aliases

To live a private life, you need to get in the habit of using aliases for everything. The simple definition of an alias is a name you choose to go by that isn’t your own. Using an alias is incredibly easy, but I put it in the intermediate section because we’ve been conditioned to hand out our names, email addresses, phone numbers, and addresses without thinking. Sign up forms are ubiquitous and we don’t think twice about filling them out. We basically give away our most personal information, for free, to anyone who asks.

From now on, I want you to stop using your real name online. There are only three circumstances where you should ever give out your real name: for medical purposes, banking/finance, and applying for jobs. That’s it. Anytime you sign up for an account, make up a fake name. Use a different fake name for every account, and don’t ever use your real name as a username. If you want to buy things online, you’ll have to provide the real name that’s on your credit card, but you can use fake names for shipping and for the name on the account. Payment information is usually stored separately anyways, so this will make it much harder to match up your data across sites.

Email Aliases

In the context of online privacy, aliases also extend to email addresses. Email aliases work in a similar way to PO boxes for real mail. You can use an email alias service to generate a random or custom email address that’s connected to your real address. You then use this email address just like a normal email address.

Example:

Say you use a service to create the email alias salacious.fox@naughtyaliases.com. You can use that alias on Amazon, but when email is sent to that address, it will show up in your real inbox.

By using a different alias for every account, publication, or sign up form you have, it becomes much harder to track your identity across the internet. Aliases also provide you with security. Data breeches are inevitable, and if hackers get your email address (which they will), then they already have half your login information.

Most email alias services have a burn feature, which allows you to instantly delete the address. So instead of having to rebuild your email account after every data breach or accept that your login information is permanently compromised, you can leave hackers with a random email that leads nowhere. The burn feature is also handy for when companies won’t let you delete an account or keep sending you emails even though you unsubscribed 7 times already!

To create my email aliases, I use Simple Login. they have a solid free and since they were recently acquired by Proton, if you have a Proton Mail account, then the integration is pretty seamless.

Other Aliases

Once you’ve gotten into the habit of using aliases for your name and email, you can take it a step further by using fake or “burner” phone numbers, and renting a PO box for deliveries. There are many apps, both paid and free that can give you alternate phone numbers, and renting a PO box is pretty simple. While these options are bit more expensive and inconvenient, they provide the same benefits as using aliases in other areas of your life.

Fully implementing aliases means that you’re no longer giving away your most sensitive information, and tracking you across the internet becomes much harder.

Account Management

Signing up for an account on social media, an e-commerce store, or a web browser is convenient, but problematic for privacy. If it seems like every website and business is desperate for you to sing up for an account or download their app, it’s because they are. Accounts represent a great way for companies to bypass our data defenses. In exchange for product recommendations and keeping track of our search history, accounts allow our every move to be tracked while we’re singed in. To make matters worse, activity outside the account can also be tracked and traced to us.

In short, online accounts negate most of the time and effort we’ve put in trying to reclaim our privacy.

Here’s how to deal with accounts:

1. Wherever possible, don’t use accounts. Check out as a guest, visit site as a guest, avoid signing up for anything! This is the easiest and most effective way to protect your privacy.

2. If you must use an account, sign up with aliases, provide as little of your real information as possible, and change any available settings to maximize privacy. Do whatever you need to do while signed in, and then immediately sign out. Download a browser plugin, or adjust the settings in your browser to delete cookies from inactive sites and whenever a tab or the browser is closed. This will prevent cross site tracking. Never leave your accounts signed in!

3. Regularly delete your accounts. The longer you have an account, the easier it is to piece together your data. By regularly closing your accounts and reopening them with new information, you make it much harder to build a clear picture about you.

Some accounts are necessary, and create big problems if you delete them. These are mostly related to medical care and financial services. Since these organizations already have all your information, and are subject to separate privacy laws (like HIPAA), don’t sweat it too much. But you should still use best privacy practices like limiting what data they collect, not using your real name as a username, using a separate email alias for each account, and staying singed out when you’re not using them.

VPNs

Virtual Private Networks (VPNs) are one of the most powerful tools in your privacy toolbox, if you choose the right one. A good VPN will do two things; it will encrypt all of your internet traffic on your device, and it will mask your physical location.

Traffic encryption addresses the key flaw in more basic privacy protection efforts. You can use all the privacy tools you want, but your Internet Service Provider (ISP) has full visibility into any of your unencrypted internet traffic. That means that Comcast knows when you’re steaming Netflix, when you’re shopping on Amazon, and when you’re watching porn. Your ISP can use this information along with your IP address to monitor your physical location, and build a disturbingly accurate picture of your life.

When you use a VPN, your internet traffic enters a tunnel on your device, and comes out on the VPN’s server. So if you’re using a VPN, all your ISP sees is the VPN’s server.

Here’s an example:

I live in Boston Massachusetts, and and want to watch YouTube. Without a VPN, my ISP can see my IP address, which identifies my approximate location in Boston, and they can see that I’m on YouTube and for how long I’m on YouTube.

However if I use a VPN to set my location in Slat Lake City Utah, the only thing ISP can see is the server in Utah. That’s it. They definitely know I’m using a VPN, but they can’s see what websites I’m visiting, and they don’t have access to my real location.

When combined with other privacy tools, a good VPN can almost eliminate online surveillance. But there’s one big problem with VPNs – the operator of the VPN can in theory, see all of your online activities. This is because you’re routing all of your traffic through their servers, which protects you from your ISP, but exposes you to your VPN provider. In most countries, VPN providers can be forced through national laws or court orders to log your browsing history. This is why it’s absolutely critical to choose a trustworthy VPN that actively works to not know what you’re doing.

There’s really only one country in the world with no way to force your VPN provider to spy on you, and that’s Switzerland. Any VPN provider based outside of Switzerland is probably not worth trusting. Be especially careful with the many “free” VPNs you see advertised all over the internet. Since a good VPN is so critical to your privacy and security, you should expect to pay for it. Services that don’t offer paid plans are likely cutting corners, based in countries with weak privacy laws, or even selling your data themselves!

The only VPN service I use and trust is Proton VPN. They do offer a very basic free plan, which is fine if you want to change countries to stream anime. But if you want their advanced privacy features, you need a paid plan. Luckily, you can bundle email, cloud storage, and VPNs from Proton for a very reasonable price.

Social Media

Never, in the history of mankind has their been such an effective tool for mass surveillance as social media. I’m going to save you some time and tell you something you probably already know. There’s no way to privately use most social media. The entire business model of social media is built around spying on you and selling your data.

Permanently deleting (not deactivating) your social media accounts is the single best thing you can do today for your privacy, your mental health, and the betterment of the human species. That being said, I know most of you aren’t going to do that. While all social media is bad, the worst platforms are built around sharing every little detail of your life, while the best ones allow passive and anonymous consumption, without encouraging you to share your own information with a network of strangers.

The Worst Platforms for Privacy

• Meta - Facebook, Instagram, Messenger, Threads, anything else they touch

• TikTok

• LinkedIn

• Snapchat

Not Terrible Depending On How You Use Them

• YouTube *Only if you take the special precautions we’re about to discuss

• Pintrest

• Reddit

• X

I’m not going to bother much with advice for the worst platforms. If you’ve made it this far, you should delete them. If you want to mitigate some of the risk, you can try applying the advice below, but it will only be partially effective.

If you must use social media, start by only using ones that allow you to be totally anonymous. Sign up with aliases, give out as little personal information as possible, and where information is required, make it up. Fake names, fake addresses, fake pictures, etc. Never upload media revealing your real voice, face, friends and family, or even your house and workplace. If you do upload media, make sure your remove any meta information, which is gold mine for people who want to dox you.

As a further precaution, you can sign up for these sites while using a VPN, and only ever access them from the server you signed up on.

Ex. I make an account on X from a VPN server in Germany, and I only ever login while I’m connected to that server. X may know I’m using a VPN, but it won’t know I’m an American.

It’s also important to only ever access any social media sites from private browsers. NEVER use the apps! Apps have privileged access to your device and can’t be trusted.

The safest way to use social media is to lurk. Avoid posting, and make sure your likes and/or playlists are set to private. As with any other account, logout as soon as your done. You’re privacy respecting browser should be automatically deleting cookies and site data once you close a tab. While signing in and out can be inconvenient, password managers make it easier. And besides, it’s wise to make using social media inconvenient so you don’t waste your life on it.

Work Accounts

If you need to use social media for work, make separate personal and work accounts and don’t connect them. For example, I love to watch YouTube, and I think it’s one of the few platforms that can be a net positive if used correctly. My personal YouTube account was created through a VPN with aliases, and is only ever accessed through a separate profile on my phone (more on phone profiles in the advanced section).

I also have totally separate account to run an YouTube channel for my business. While I’ve knowingly compromised some of my privacy for income, my work channel is only for work. My work account is only accessed from my designated work computer, and is never used on my phone. YouTube has no way of connecting it to my personal channel, which has all my search and viewing history.

Private Social Media?

For the more adventurous among you, there are truly private versions of social media out there, but they’re very niche. While there’s only a few right now, we may see more in the future. Examples include:

• Nostr - a decentralized and private social media protocol that replaces Twitter/X.

• NewPipe – an anonymous YouTube front end. Add free and no login required. Can’t watch age gated videos.

• Signal – technically a messaging platform, but it can be used to replace most of Snapchat

Apps and Programs

Apps on your phone, and programs on your computer typically have privileged access to your data, which is yet another way to get around all the privacy defense we’re building. Inside an app, all of your activities can be monitored and sent back to the company that created the app. Even if you’re using a VPN, your in-app activities can still be tracked. Apps can also track what hardware and operating system you’re using, and they can also monitor what other apps or programs are on your device.

While we already talked about adjusting default settings and using aliases, the best way to eliminate the risk is to use privacy respecting alternatives to traditional apps and programs. This generally means open source software, or apps from privacy-centric companies.

*A quick note on open source software and privacy. Open source software (OSS) is software whose source code is publicly accessible, allowing anyone to view, modify, and redistribute it under an open source license. While this doesn’t necessarily make all open source software private by default, it means that anyone can read the code and find any trackers or security vulnerabilities. This means OSS is usually more secure and private. However, if you don’t know how to read code, then you’re relying on others to catch these things for you. So the more eyes on the code, the better. When choosing open source software, try to stick to well known, large projects.

These days you can find a privacy respecting alternative to most apps and programs. Here are a few examples of privacy respecting alternatives to popular apps:

• Google Chrome → Brave, Firefox

• Outlook → Proton Mail, Proton Calendar

• Google Drive, Google Photos, OneDrive → Proton Drive

• YouTube → NewPipe, PeerTube

• Weather apps → Open weather

• Play Store → F-Droid (for exclusively open source phone apps) Aurora Store

• Google Notes → Standard Notes

• Microsoft Office →LibreOffice

• Google Docs, Google Sheets → Proton Docs, Proton Sheets

• Adobe Photoshop → GIMP

• Adobe Premier →DaVinci Resolve

In some cases privacy focused alternatives may be a little buggy, or have slightly less features than their surveillance based counterparts, but in most cases the gaps are closing pretty quickly. If you decide to use privacy focused operating systems and hardware (more on this in the advanced section) you might find that these privacy first apps actually work better than their surveillance based counterparts.

Smart Devices

Smart devices are a privacy nightmare, and should be avoided. Every camera, microphone, and sensor you bring into your life and connect to the internet can and will be used to spy on you. They’re also a juicy target for hackers.

When buying appliances, make sure they don’t have the ability to connect to the internet. Avoid smart TVs, smart home products, and smart electronics for the same reason. As a general rule, you don’t want anything in your home connecting to the internet except your phone, computer, and gaming consoles.

Voice assistants, and surveillance cameras like Ring are also out. Unfortunately, smart devices are one of the few areas where privacy tech is still behind, and it’s almost impossible to find smart devices that come out of the box supporting end-to-end encryption or privacy. If you’re good with tech, there are alternatives that you can DIY. For example, Home Assistant is doing some very exciting things for open source, privacy first smart homes. Hopefully we’ll see more options in the years ahead, but for now the simplest choice is to opt out of smart devices.

A note on cars:

You should make sure your car can’t connect to the internet or use GPS to track your location. Since most modern cars come configured to do this, you usually either need to remove the parts that allow this (usually a modem or antenna), or pull the fuses that power them. This can get technical fast, so a simpler approach is to avoid high end models or cars loaded with tech. Never sign up for could based services, and restrict data sharing, over the air updates, and location tracking in your car’ settings.

Bonuses

Wherever possible, avoid cloud based services. You should strive to have local control and local storage. So instead of using Spotify, buy the CD and upload the music to your phone. Instead of streaming Netflix, buy the DVD. Don’t read on your Kindle, buy the book or borrow it from the library. There are many good reasons to go analog besides privacy. Consider the fact that you’re paying for all these services, but you don’t actually own anything you consume.

If you need to use cloud based services for photo and file backups, choose a privacy tech company like Proton.

Advanced – “Now You See Me . . .”

Congratulations, you’ve made it to the big time! You’re not content to live the private life of a mere mortal. You want to be able to disappear on command. At this level, we’re talking Edward Snowden levels of privacy. The only data available on you will be what you allow to be seen. You can pick and choose where you want to compromise. If you really want to, you can make yourself invisible to everything but the most determined government efforts to track you.

That being said, most of this section is available to normal people who just want to opt out of mass surveillance, which includes me. I’m going to present the following tools from that perspective. I’ll mention the more advanced ways you could go, but if you’re trying to completely disappear, you’ll need to do some serious research that’s outside the scope of this guide.

Cell Phones

Cell phones are both ubiquitous and essential to operating in the modern world. But they’re also the single biggest threat to our privacy. We’ve danced around this issue throughout this guide, but since most people access the internet through their phones, and keep them within a few feet of their body 24/7, they need to be addressed directly.

There are so many disturbing ways your phone can and does spy on you that it would take another 10,000 word guide to cover all the details. The simple fact is that everything your device does to make your life easier is also a route to surveillance. Your camera and microphone can record you, your phone knows your precise location in real time (even if you use a VPN), your phone can identify other electronics that are near you, your phone’s operating system can observe every app you use, everything you type, every message you send – essentially anything you do on your phone could be visible to whatever company or government wants to know.

While every major phone company say’s they don’t do most of these things, you’re expected to just take their word for it. And of course, hackers and governments are free to take advantage off all these vulnerabilities whenever they want.

To solve this problem, you have a few sub-optimal options available:

Use the least bad phone

For normies, this is the iPhone. Apple is first and foremost a hardware company. This means they make money by selling devices, not data. It’s in their interest to protect user privacy, because people who are paying over a $1,000 for a phone will expect that to some extent. Apple is not perfect, and the apps on your iPhone can still harvest a lot of data. You’re also taking Apple’s word that it isn’t interested in spying on you, and that it won’t change its mind in the future. Because Apples software is closed source, there’s no way to verify any of this either. Another downside of Apple’s closed ecosystem is that most private and open source apps aren’t available on iPhone.

Avoid Android phones

Android is an open source software that powers the majority of the world’s devices. While Android itself is an open source project maintained by many developers around the world, the primary developer is Google. Google is a company that makes money off of data. I’m sure you can see the problem here. Like Chrome, Android is actually the foundation of most privacy respecting alternatives (we’ll get to this in a second), but any Android phone sold out of the box at a store is going to be worse for your privacy than iPhone.

Don’t bother with flip phones

While great for encouraging you to spend less time on your smartphone, flip phones don’t have many privacy benefits anymore. Basically all modern flip phones have the ability to connect to the internet, and thus all the issues that come with that

They also present the same location tracking challenges as traditional phones. And since they can’t download encrypted messaging apps, all your phone calls and texts are completely vulnerable to interception.

No Chinese Hardware

Finally, and I really hope this is obvious, don’t use Chinese phones. The entire country is built around mass surveillance and social control, and using their hardware is just plain stupid.

The Best Solution

Since you’re in the advanced section, let’s focus on the best(only?) solution. The best phone for privacy and security is a Google Pixel phone with GrapheneOS installed.

GrapheneOS is a non-profit, open source operating system focused exclusively on privacy and security. It uses a Android, but it removes all the problematic code from Google and modifies Android to increase privacy and security. With GrapheneOS, basically every privacy vulnerability is eliminated, with the notable exception of location tracking through your SIM card.

GrapheneOS also goes through great efforts to prevent apps on your phone from seeing what’s happening elsewhere on the device. That being said, if you download and Facebook on GrapheneOS, you’re still going to have the privacy issues that come form using the platform itself.

I’ve used GrapheneOS on multiple pixel phones for years, and it’s also recommended by Edward Snowden. The project has come a long way, and today I can use basically any app that you would normally use on other phones, with the exception of some banking apps. The operating system includes a few simple apps, and you can download free and open source apps from F-Droid. If you’re looking for more traditional apps, you need to use Aurora Store, which allows you to privately download apps in from Play Store without a Google account.

A key feature of GrapheneOS is the ability to use profiles on your phone. Profiles act like a separate phone, that lives on your device. You profiles can have different apps, different PINs, and different settings. The phone treats these profiles as completely separate, and apps don’t have access to other profiles on the phone. As I mentioned earlier, this is how I deal with my love of YouTube. I have a specific profile on my phone where the only apps I have are YouTube and a VPN.

GrapheneOS makes it possible to run Google apps by sandboxeding Google Play, but since I only use YouTube on a separate profile while a VPN is running, nothing related to Google has access to my main profile where my day to day apps are. I find it incredibly amusing that Google thinks I live in in Czechia.

While GrapheneOS is usually a little behind Google’s version of Android on some features, it’s often ahead on privacy and security features. Google actually implements many of the project’s changes into their own version of Android. I’ve also noticed significantly better battery life and device lifespan with GrapheneOS installed. The best part about this operating system is how customizable it is. It’s built for you, not a corporation, which is an incredibly refreshing change to see in consumer technology.

How to Get GrapheneOS

Currently, you have to manually install GrapheneOS on your device, and the only phone that’s supported is the Google Pixel. This might seem ironic, given everything we’ve said about Google, but there’s actually a good reason for this. Pixel has been identified by the team as the only phone that meets their hardware security requirements. Installing the operating system isn’t super hard, and there are a ton of guides showing you how to do it. GrapheneOS can only be installed on unlocked Pixels! Make sure that the Pixel you buy is unlocked from your carrier, or you won’t be able to install GrapheneOS.

There are confirmed rumors that GrapheneOS is looking to release its own hardware with the operating system preinstalled, but the won’t be until at least 2027. Either way, using GrapheneOS with the other measures discussed in this guide is the key to almost complete privacy.

An honorable mention

Even GrapheneOS has a privacy vulnerability: precise location tracking through your SIM card. The only way to fully avoid this is to not use a cell phone. Obviously this isn’t practical for most people. But if you want the benefits of abstinence with only half the trade offs, you can use a Pixel with GrapheneOS installed, but without a SIM card. This means you won’t have cell service, but it’ll be impossible to track your location through your nonexistent SIM.

Instead of using cell service, you use WiFi to access the internet. Of course , you would run a VPN or use Tor, but you would otherwise be able to do everything you normally would on your cell phone. You can send messages via Signal, watch YouTube on NewPipe, and browse the internet with Brave. There’s still a trade off here, but with public WiFi becoming more and more common, it’s not nearly as bad is it used to be.

You also could choose to still have SIM card, but only actually put it in your phone when you need it. As an example, you could spend most of the day using WiFi at your house or if you’re in an area with a public network, but if it’s an emergency, or you’re going on a road trip and need a GPS you put your SIM card in.

Computers

Privacy respecting computers and laptops are essential for all the same reasons as cell phones. And once again, there are two dominant players in the industry; Apple and Microsoft. Apple is an ok option for normies, and Microsoft, (who is more profoundly evil than Google, and that’s saying a lot) is the alternative that should never be used.

However, unlike cell phones there are a ton of privacy options for computer hardware and operating systems. In fact, there’s so many that covering them all in this guide is impossible.

As a general rule, the best operating system is going to be some version of Linux. If you haven’t heard of Linux, it’s an open source operating system that underlies most of the world’s IT infrastructure, a ton of other applications (including Android), and has been around since the early 90s. Because it’s open source, there are many different versions of Linux, which are called distributions or distros.

Ubuntu is generally considered the most user friendly distro. Any Linux distro can be installed on most hardware, but all distros will require some use of the command line to install and operate. While this can seem intimidating, there’s plenty of information out there on how to use basic commands, and it’s an incredibly useful skill to have.

My go to Linux operating system is Pop!_OS by System 76. System 76 is an amazing company that builds, beautiful PCs, workstations, and laptops in the US. POP!_OS is their custom version of Ubuntu, although you can install it on any device you want. System 76 sources hardware that is as privacy respecting as possible, and builds their systems to be compatible with Pop!_OS. If you’re new to Linux and want to mimic the “works out of the box” that you get with big tech, you should buy your computer from System 76. Pop!_OS is incredibly user friendly, and requires basically no use of the command line if you don’t want to. System 76 also has amazing how to guides and great tech support.

Because Linux is open source, a properly configured Linux system has no bloatware and runs far lighter than Windows. There’s also no planned obsolescence, which every major tech company uses. This means that your computer will last longer and run better than a comparable system running Windows. And all those eyes on the code means the major Linux distributions are far more secure and private than Windows, or even MacOS.

The biggest problems you’ll have with Linux are compatibility issues, occasional bugs, and the overwhelming power the user has.

Compatibility is a perennial problem, because most closed source software companies don’t bother making their programs compatible with Linux. The user base is too small and there are too many systems running different distros to make it worth their while. There are many free and open source programs you can use on Linux, but these are created and maintained by mostly unpaid volunteers. So you may find an program you relied on is no longer maintained because developer gave up on the project and no one took over. Thankfully,as Linux continues to gain popularity, this is becoming less of an issue.

*A note on gaming: Steam dominates the PC gaming market, and they’ve made huge strides on Linux gaming. These days, I can play basically any modern game on my Linux PC thanks to Steam’s compatibility engine.

With Linux, your computer is truly yours. You have total control, but with great power comes great responsibility. Windows and MacOS deliberately lock you out of critical parts of the system. With Linux, you have access to everything and can completely brick your system if you aren’t careful. This isn’t likely if you use a user friendly OS like Pop!_OS, and stick to the graphical user interface, but be cautious if you’re messing around in the terminal.

Finances

Your financial data contains some of your most sensitive information, but securing it can require painful trade offs. To start, we need to split your finances into two categories: investing and saving.

Investing

To participate in most forms of investing, you’ll need to compromise on privacy. There are strict laws around investing, mostly related to taxes. To comply with applicable laws, you’ll need to give out all your personal information to any investing firm you use, and you’ll need to report all your taxable activity to the government.

That being said, best practices still apply. You should still use email aliases and separate login information for each account. Most financial service providers have a way for you to limit sharing your information for nonessential purposes, although this often involves calling customer service. If you find yourself no longer using an account, make sure you request deletion of your data. Sometimes there might be a waiting period, usually because of pending tax forms, but eventually you should be able to delete the account.

I’m not advocating for any kind of tax evasion, nor am I recommending you break any laws. But the most private way to invest is to buy and sell gold with cash in person. There are many risks to this approach, and it becomes impractical and even dangerous if large sums of money are involved. Again, don’t break any laws, be safe, and report any capital gains the IRS!

If you have a high enough net worth, there are other ways to increase your privacy, or at least shield your investments from prying eyes. But seeing as I’m not rich enough to have ever used these methods personally, I’ll leave that to your financial advisors.

Spending

It’s much easier to protect the privacy of your shopping habits, and there’s far less legal protection for this type of data.

For online shopping, you should already be following the best practices of account management, but using a credit card can give away your real information. To shop privately online, you need to use gift cards that you purchase in person with cash. Have your packages shipped to a P.O. box addressed to a false name. If your not a big spender this is actually very easy, and using only prepaid gift cards doubles as a great budgeting tool. If you like to shop at smaller or niche sites that don’t offer gift cards in physical stores like CVS, then you may have to compromise.

Shopping in person is even easier. Only use cash! Avoid signing up for any rewards programs, unless you can do so without having to provide any of your real information. If you avoid ecommerce altogether and only buy things with cash, you’ll essentially disappear from the surveillance capitalist system!

In full disclosure, this is an area where I knowingly choose to comprise my privacy. There are many amazing, but small ecommerce sites that I buy from regularly, and I enjoy the financial benefits I get from my credit cards. That being said I still take some common sense precautions. I use unique email aliases for every ecommerce site, don’t give out my real name, and I close accounts regularly. I typically avoid buying things from large corporations like Amazon or Walmart, and I make sensitive purchases in person, using cash.

Because I rigorously implement almost every other practice in this guide, my data is much harder for companies I buy products from to exploit. There’s no Google search history or Facebook profile to link my spending to, and it’s impossible for merchants to trace my purchases to any online account or activity.

Public Records

We’ve already talked about data deletion services, and while they’re useful for treating the symptoms, they don’t address the root cause. Public records are a gold mine for all kinds of sensitive data. Exactly what goes into the public record varies by state, but it almost always includes your physical address, court records, voter records, tax records, DMV records and deeds to properties. It also sometimes includes things like records of your birth, death, and your home phone number. While some of this information is easily accessible through database searches, all of it can usually be obtained by requests to the government body that holds the information.

The biggest one we’re concerned with is your address, especially if you own a home or other real estate. I have no doubt that in a 100 years, everyone will think it was totally insane that you could find out exactly where a person lives in seconds.

Real estate leaves a massive paper trail because the system we use to legally document transactions was built long before the internet. In the old days, if you wanted to stalk someone, you’d need to find out what city they lived in, physically go to city hall, and pull the deed to their home. You’d then need to search a physical map for the street they lived on, and go from house to house checking the door numbers. Today, you can find this information in a few minutes online, and have Google Maps deliver you to the precise location. It’s completely insane!

Unfortunately the law moves incredibly slowly, and the current solutions are somewhat expensive. The best option is to never purchase real estate in your name, and to instead use an anonymous LLC. The LLC is a legal entity that holds the property, and because it’s anonymous, owner information is not publicly disclosed. As of 2026, the states that permit anonymous LLCs are Delaware, Wyoming, New Mexico, and Nevada. If you live other states, you can still form an anonymous LLC. You can then use that anonymous LLC to form a regular LLC in your home state, so that the anonymous LLC will be listed as the owner of the normal LLC, which would own your property!

Since the LLC, is a separate legal entity that owns the property, it’s information is what would be recorded in the deed. You can then live at the property without exposing your real information in the public record.

The problem with this approach is that LLCs are not eligible for the conventional mortgages, and instead require commercial loans. These loans have much higher interest rates and down payments, and are generally for shorter terms than a conventional mortgage.

While you may not be able to do this when you’re just starting out, in 30 years when you pay off your mortgage, you can always sell your house to your own LLC. You can also use LLCs to buy other kinds of property that leave paper trails in the public record, like cars. The same pros and cons generally apply; your name won’t be in the public record, but there are administrative costs for creating the LLC, and loan terms are usually less favorable.

Other Advanced Tactics

We’ve now covered most of the major tactics you can take to protect your privacy, but before we finish up, here’s a few bonus tactics you might want to consider.

Disinformation

Disinformation goes a step further than using aliases. Instead of trying to make your data invisible, you work actively to pollute your data with false information. While it is always preferable to minimize your digital footprint, I personally use disinformation to punish companies and services that won’t let me delete my information or account.

A good example is real estate websites. When I bought my home, I was shocked to find my home’s intimate details still up on dozens of real estate websites like Zillow and Realtor.com. I don’t want the floor plan, high def photos, the and specs of my house popping up if you search my address, and there’s no way to force these companies to hide your home. So I made accounts on these sites (using aliases of course), claimed my home, and entered all kinds of hilarious, false information. I dramatically altered sq footage, room counts, etc. Now, my data is not only useless, it’s actively polluting their data pool, distorting any kind of aggregate finding their algorithms use.

I hope this is obvious, but don’t submit false information to the government in a way that would be considered illegal.

Internet access

If you’ve followed this guide, the devices you use to access the internet should be protected, but there’s still a vulnerability at your modem and WiFi router. If you want to protect all data flowing into and out of your house, you’ll need to replace your ISP’s router and modem with one that allows you to install a VPN directly on it. A VPN that runs on your router will protect any device that connects to your network automatically.

If you’re using Proton VPN, they’ve got a guide on how to do this here. Just make sure that any router you purchase is compatible with your VPN service and your ISP.

Congratulations!

If you made it to the end of this monstrous guide, then you’re now a privacy legend! I’m sure I missed some stuff, so if you have a privacy tool or tactic, share it in the comments! I’ll post updates at the bottom of the article periodically with any new or interesting suggestions.

Thanks for reading!

-Sam