Take your internet privacy seriously. With cybercriminals stalking the internet and social engineering attacks on the rise, it’s prudent to keep yourself safe and guarded on the web.
Protecting your privacy online does require some work, but it will keep your personal information the way it should be—personal. You’ll also be protected from cybercrime and monitoring by advertisers. What’s more, online privacy protection can prevent strangers on the internet from tracing your actual location.
Here are 18 online privacy tips that can help keep your data protected online.
Want these tips as an infographic? Of course you do! Check it out here.
1. Cover your webcam
Whether it’s with a band-aid or a sticker, choose when you want to be seen with some low-tech tape to stop anyone from looking through your computer or phone camera.
You may also want to consider blocking your headphone jack too, as one Big Tech CEO was found doing on his laptop a few years back.
3 things about this photo of Zuck:
Camera covered with tape
Mic jack covered with tape
Email client is Thunderbird pic.twitter.com/vdQlF7RjQt
— Chris Olson (@topherolson) June 21, 2016
2. Lock your screens
First off, you absolutely should have a password or passcode on your computer, tablet, or phone so no one can access your information in case your device gets stolen.
If you’re living with other people, locking your screen when you leave it unattended stops anyone from not just looking at what’s on your screen, but also looking through your files.
Maybe you have a very adventurous cat that just really likes sitting on your keyboard, and “you” end up sending a nonsensical string of letters to a friend or coworker.
To lock your screen on Mac, press “Command + Control + Q” or “Windows + L” on Windows. And if you’re outside, do not leave your devices on their own—take them with you.
3. Check your surroundings
If you’re working in a public space, it’s a good habit to check who may be close enough to get a good look at your screen or even your keyboard when you’re logging in to accounts.
If you don’t want to give away your location, be wary of what’s in the background when you’re taking a photo or video.
When you’re making video calls, also check that your background is clear of any items you might not want your friends or colleagues to see.
Read more: How to be incognito in real life
4. Update your devices
It’s easy to ignore those pesky alerts reminding you of the latest software update, but they serve a critical purpose. Hundreds of thousands of new malware strains are released into the wild every day, which is why we urge you to guard against zero-day exploits by keeping your devices up to date.
It’s not just your online privacy that will benefit from an updated app or operating system either. You can also expect improved functionality, more features, and probably a better user experience too.
5. Don’t access personal accounts on public networks or devices
It’s best that you don’t log in to your social media or online bank accounts at all when you’re using a public Wi-Fi network such as those in libraries, coffee shops, airports, and malls. Such networks routinely gather and send your data to third parties, and rogue networks can snoop on your traffic and passwords or inject malware onto your device.
But if you have to (or really really want to) use a public network, you should…
6. Use a VPN
Connecting your device to a VPN redirects all of your device traffic through a secure and encrypted tunnel. This means internet service providers or malicious entities trying to peek at your online activity will only see meaningless garble.
What’s more, using a VPN allows you to access content that is blocked in certain countries and can even help you save money while shopping. When you’re connected to a VPN, third parties will only see the IP address of the network you are connected to instead of your real IP address. Be sure to use a VPN before logging on to unsecured public Wi-Fi networks, where hackers might lie in wait.
7. Turn off location tracking on your devices
Sharing is rewarding. After all, who doesn’t want to show off their vacation on Facebook or pictures of a fancy dinner on Instagram?
However, doing sharing your location also makes it easy for advertisers to target you with ads and, in the case of stalkers, can potentially lead to actual physical harm—and there are more apps that have trackers than you think.
We recommend that you turn off your phone’s GPS and don’t allow apps to access your location unless absolutely necessary, or simply allow the app to use your GPS when you’ve opened the app. This helps minimize your digital footprint.
8. Ignore suspicious emails
Receiving the occasional fishy email or spam is almost guaranteed, no matter how closely you guard your email address. But how you treat them is what matters.
The first (and only) thing you should do is to delete the emails. By opening the email or clicking any links inside it, you are also likely to invite malicious attacks on your device and personal privacy.
Never reply to suspicious emails either. Don’t give in to the temptation to reply and ask to be removed from the mailing list, as that will likely confirm to the spammers that your email address is indeed active—inviting more messages in the future. Find the unsubscribe button in the email and use it. Or, mark the email as a phishing attempt so it never reaches your inbox again.
Replying to spam also indicates to your email provider that you actually find these emails useful, making it less likely that they will be labeled as spam moving forward. In short, ignore and delete any emails you consider spam and click “report spam” for any spam emails that have not been identified as such by your email service.
9. Use strong, unique passwords
Three of the most common passwords are “QWERTY,” “password,” and “111111.” Don’t use these. The least you can do to guard your online privacy is to rely on strong passwords.
Start by using a mix of numbers, letters, and special characters. If you want help coming up with a long and random password (the best kind), use a random password generator. Other tools to improve your password protection include implementing two-factor authentication (see below), password managers, and Diceware.
10. Enable two-factor authentication on your personal accounts
From G Suite to social media to task management apps, you should at least be using two-factor authentication (2FA) to secure your accounts with an additional one-time password. This greatly reduces the risk of someone brute-force hacking their way into your accounts to steal your personal information.
You can normally set up 2FA under the Account or Security tab of your account settings. You can take it a step further and use a hardware key like a Yubikey for additional security. While you’re at it, maybe strengthen your passwords (see above) and save them in a password manager.
11. Manage your cookies
To protect yourself against cookies, you can get browser add-ons that block third party cookies.
12. Browse with greater anonymity
Use tools that allow you to use the web with a higher level of anonymity. For a browser that is great for privacy, try Tor. Read our ranking of best (and worst) browsers for privacy.
If you’re looking for tracking-free web search, use DuckDuckGo, our top pick on our ranking of search engines for maintaining privacy.
13. Don’t click untrusted links
Beware of shortened links, and don’t open them unless you’re using a private browser such as Tor. The problem is you can’t tell exactly where a shortened link leads.
With the huge transition of people moving their work away from the office, you may expect more emails about how your company, your bank, and the apps you’re using are updating or changing in some way to make working from home, well, work.
Be careful of emails asking you to update your password or change information on a website; it could very possibly be an attempt to phish for your company credentials and passwords or prompt you to install malware or ransomware onto your laptop.
Unless you’re 100% sure about the content of the email you received, go to the official website directly to make changes and communicate with their support staff if needed. If you get a suspicious email purporting to be from your company, confirm its legitimacy by forwarding it to the appropriate department.
14. Only use end-to-end encrypted messaging apps
Encryption might be under threat in the U.S., and that’s primarily because it’s a powerful method of ensuring that you keep your personal chats private. When choosing a chat app, inspect whether it offers end-to-end encryption (the gold standard) or merely encryption in transit.
If you’re stuck and unsure of which messaging app to pick, check out our list of the most secure messaging apps.
15. Avoid unsecured sites
See that little padlock icon on the top left corner of your browser, next to the URL? That indicates that the connection between your device and the website is encrypted using Transport Layer Security (TLS), preserving the integrity of your data against things like man-in-the-middle attacks.
While HTTPS doesn’t guarantee safety, it’s still the best option to maximize your privacy. Stick to browsing on HTTPS secured sites and try to limit browsing on unsecured sites—never engage in any online transactions on such pages. Additionally, you can also use the HTTPS Everywhere browser extension (which also comes with ExpressVPN’s browser extensions for Chrome, Firefox, and Edge) that forces the site to deploy HTTPS if it’s available.
16. Keep your social media accounts private
If you’re trying to guard your online privacy and security, you should do all you can to prevent search engines and crawlers from indexing information about you. Change your account settings to ensure your feed isn’t included in search engines.
Unless you’re a public figure or influencer who wants as many followers as possible, you should ideally set your account to private so only verified friends and family can see what you post.
Read more: How to make your photos more private on social media
17. Remember to log out of all websites when done
Logging out of your social media, email, and online bank accounts after using them is akin to locking your front door when you leave home. It’s quick and simple and prevents intruders from gaining entry.
It’s a common misconception that closing the browser tab or window is enough to prevent others from accessing your account. The truth is that you may still be signed in to your account on that device, leaving you vulnerable. The only way to stay safe is to log yourself out when you are done using an online service. And clear that browser’s history.
18. Think twice about what you share online
Finally, remember that you are the one who controls what information you share online. If you don’t share it, they can’t get a hold of it. In keeping with this idea:
- Do not give away your “real” email address for online giveaways or for websites that might engage in dubious marketing practices. Get additional email addresses that are just for such signups.
- Do not share any personal data on public/unsecured computers and networks.
- Even if you are on a secure device or network, remember that anything you share online effectively becomes permanent, and can be shared or manipulated without your knowledge. A good way to see if this is happening is to Google yourself periodically.
Read more: The ultimate guide to mobile security for iPhone and Android devices
Take the first step to protect yourself online
30-day money-back guarantee
I have suggested that all my family and friends get ExpressVPN on all their equipment. Great speed, great security, great price. Keep up the good work.👍
Having a highly rated antivirus/firewall should be at the top of the list. Duh
Thanks for sharing such an informative article. My experience with ExpressVPN is really good. I will suggest everyone to used Express VPNs.
Great tips! Internet security should be one of the top priorities these days. As people have nothing else to do other than strolling through digital world and making digital footprint, VPNs can help you with that and my experience with ExpressVPN is really good! Anyhow, the fact that many people don’t have the idea about how necessary it is to keep your social profiles safe.
most secure email: PROTONMAIL.COM
Safest browser: BRAVE
Search Engine: DUCKDUCKGO.com
VPN, TOR a must
Signal Private Messenger
XMPP messenger with OTR encryption
#6 Something I rarely see mentioned. I do not download any links, photos, attachments, or URL type anything when downloading mail headers with my email client. Then I can freely open them (unless something has changed since I last looked into this, of course, it probably has in the last minute writing this), only receiving text versions of mail and links are not clickable. Of course all these “pretty ads” will not look so pretty when you get your Kohl’s add every day *sigh*, but at least you get a header that tells you why they control your mailbox daily. LOL
I can open spam, unknown mail, junk mail or even things I want without anyone knowing I’ve opened it that way because it doesn’t alert the sender that I have opened anything with a hyperlink or attachment. All those pretty emails with pictures and URL’s hyperlinked to everything just alert the spammers that you are alive, even if you do not reply!!! If they can’t tell me something outside of a graphic that is meaningful to me, then I don’t need it anyway.
Examples of free security services to consider:
1) Burner emails: https://temp-mail.org/en/
2) Password strength analyzer: https://passphrase.life/
– In blogs like this one that require an email address to comment, get yourself a disposable email address.
– Round up your online services and review their privacy policies. As a rule, limit or abolish Google and Microsoft products (Gmail, Skype, etc.). While difficult, it can be done. F-Droid offers an open source repository for Android apps, including NewPipe, which allows you to browse YouTube without all the tracking.
– On the note of Google, review your account’s privacy settings. You might be slightly horrified to find how much they know.
– Use end to end encrypted chat apps like Signal, Telegram, or Kontalk with anyone you share sensitive information with. You both have to be using the same app, so it’s probably not practical for every single person on your contacts list, but certainly a spouse, or relatives. On desktop, Kontalk works there, too, or use a LAN messenger like BeeBeep.
– Use a burner email address in places like this one that require an email to comment on blogs or forums
– Round up your online services and review their privacy policies. As a rule of thumb, limit using Google and Microsoft products (gmail, skype, etc) as much as you can. While difficult, it can be done. On your phone, you can install app NewPipe from F-Droid to browse YouTube without all the tracking.
– Also on the note of Google, review your privacy settings at accounts.google.com. You might be slightly horrified how much they know about you. Every time you watch a video, search Google.com, or use Maps on your phone, they log it.
– When texting, use an end-to-end encrypted chat app like Signal or Telegram. However, they only work if your contacts use them, too. So maybe don’t try to get every single one of your contacts to use them, but certainly close relatives or your spouse. Anyone you send sensitive information to. At home, on your destkop, (and in the same network), use a LAN messenger like Kontalk or BeeBeep to send a quick message or share information.
– Actually use those granular app permissions. Why would a weather app need to know your contacts?
– Use 2FA everywhere it’s available to use. Head over to twofactorauth.org to see if web sites you use offers it, as well as the directions to enable it. This way if a hacker has your login, you still have to physically approve it.