18 top tips to protect your online privacy in 2022

Start protecting your digital life now.
A light bulb in a speech bubble, which somehow means internet privacy?

Take your internet privacy seriously. With cybercriminals stalking the internet and social engineering attacks on the rise, it’s prudent to keep yourself safe and guarded on the web.

Protecting your privacy online does require some work, but it will keep your personal information the way it should be—personal. You’ll also be protected from cybercrime and monitoring by advertisers. What’s more, online privacy protection can prevent strangers on the internet from tracing your actual location.

Here are 18 online privacy tips that can help keep your data protected online.

Want these tips as an infographic? Of course you do! Check it out here.

1. Cover your webcam

Whether it’s with a band-aid or a sticker, choose when you want to be seen with some low-tech tape to stop anyone from looking through your computer or phone camera.

You may also want to consider blocking your headphone jack too, as one Big Tech CEO was found doing on his laptop a few years back.

2. Lock your screens

First off, you absolutely should have a password or passcode on your computer, tablet, or phone so no one can access your information in case your device gets stolen.

If you’re living with other people, locking your screen when you leave it unattended stops anyone from not just looking at what’s on your screen, but also looking through your files.

Maybe you have a very adventurous cat that just really likes sitting on your keyboard, and “you” end up sending a nonsensical string of letters to a friend or coworker.

To lock your screen on Mac, press “Command + Control + Q” or “Windows + L” on Windows. And if you’re outside, do not leave your devices on their own—take them with you.

3. Check your surroundings

If you’re working in a public space, it’s a good habit to check who may be close enough to get a good look at your screen or even your keyboard when you’re logging in to accounts.

If you don’t want to give away your location, be wary of what’s in the background when you’re taking a photo or video.

When you’re making video calls, also check that your background is clear of any items you might not want your friends or colleagues to see.

Read more: How to be incognito in real life

4. Update your devices

It’s easy to ignore those pesky alerts reminding you of the latest software update, but they serve a critical purpose. Hundreds of thousands of new malware strains are released into the wild every day, which is why we urge you to guard against zero-day exploits by keeping your devices up to date.

It’s not just your online privacy that will benefit from an updated app or operating system either. You can also expect improved functionality, more features, and probably a better user experience too.

5. Don’t access personal accounts on public networks or devices

It’s best that you don’t log in to your social media or online bank accounts at all when you’re using a public Wi-Fi network such as those in libraries, coffee shops, airports, and malls. Such networks routinely gather and send your data to third parties, and rogue networks can snoop on your traffic and passwords or inject malware onto your device.

But if you have to (or really really want to) use a public network, you should…

6. Use a VPN

Connecting your device to a VPN redirects all of your device traffic through a secure and encrypted tunnel. This means internet service providers or malicious entities trying to peek at your online activity will only see meaningless garble.

What’s more, using a VPN allows you to access content that is blocked in certain countries and can even help you save money while shopping. When you’re connected to a VPN, third parties will only see the IP address of the network you are connected to instead of your real IP address. Be sure to use a VPN before logging on to unsecured public Wi-Fi networks, where hackers might lie in wait.

7. Turn off location tracking on your devices

Sharing is rewarding. After all, who doesn’t want to show off their vacation on Facebook or pictures of a fancy dinner on Instagram?

However, doing sharing your location also makes it easy for advertisers to target you with ads and, in the case of stalkers, can potentially lead to actual physical harm—and there are more apps that have trackers than you think.

We recommend that you turn off your phone’s GPS and don’t allow apps to access your location unless absolutely necessary, or simply allow the app to use your GPS when you’ve opened the app. This helps minimize your digital footprint.

8. Ignore suspicious emails

Receiving the occasional fishy email or spam is almost guaranteed, no matter how closely you guard your email address. But how you treat them is what matters.

The first (and only) thing you should do is to delete the emails. By opening the email or clicking any links inside it, you are also likely to invite malicious attacks on your device and personal privacy.

Never reply to suspicious emails either. Don’t give in to the temptation to reply and ask to be removed from the mailing list, as that will likely confirm to the spammers that your email address is indeed active—inviting more messages in the future. Find the unsubscribe button in the email and use it. Or, mark the email as a phishing attempt so it never reaches your inbox again.

Replying to spam also indicates to your email provider that you actually find these emails useful, making it less likely that they will be labeled as spam moving forward. In short, ignore and delete any emails you consider spam and click “report spam” for any spam emails that have not been identified as such by your email service.

9. Use strong, unique passwords

Three of the most common passwords are “QWERTY,” “password,” and “111111.” Don’t use these. The least you can do to guard your online privacy is to rely on strong passwords.

Start by using a mix of numbers, letters, and special characters. If you want help coming up with a long and random password (the best kind), use a random password generator. Other tools to improve your password protection include implementing two-factor authentication (see below), password managers, and Diceware.

10. Enable two-factor authentication on your personal accounts

From G Suite to social media to task management apps, you should at least be using two-factor authentication (2FA) to secure your accounts with an additional one-time password. This greatly reduces the risk of someone brute-force hacking their way into your accounts to steal your personal information.

You can normally set up 2FA under the Account or Security tab of your account settings. You can take it a step further and use a hardware key like a Yubikey for additional security. While you’re at it, maybe strengthen your passwords (see above) and save them in a password manager.

11. Manage your cookies

Cookies: Not only do they go great with milk, they’re also used to de-anonymize you online. Broadly speaking, websites use cookies to construct a virtual identification. This allows companies to track your movement and behavior across websites and feed you targeted ads.

To protect yourself against cookies, you can get browser add-ons that block third party cookies.

12. Browse with greater anonymity

Use tools that allow you to use the web with a higher level of anonymity. For a browser that is great for privacy, try Tor. Read our ranking of best (and worst) browsers for privacy.

If you’re looking for tracking-free web search, use DuckDuckGo, our top pick on our ranking of search engines for maintaining privacy.

13. Don’t click untrusted links

Beware of shortened links, and don’t open them unless you’re using a private browser such as Tor. The problem is you can’t tell exactly where a shortened link leads.

With the huge transition of people moving their work away from the office, you may expect more emails about how your company, your bank, and the apps you’re using are updating or changing in some way to make working from home, well, work.

Be careful of emails asking you to update your password or change information on a website; it could very possibly be an attempt to phish for your company credentials and passwords or prompt you to install malware or ransomware onto your laptop.

Unless you’re 100% sure about the content of the email you received, go to the official website directly to make changes and communicate with their support staff if needed. If you get a suspicious email purporting to be from your company, confirm its legitimacy by forwarding it to the appropriate department.

14. Only use end-to-end encrypted messaging apps

Encryption might be under threat in the U.S., and that’s primarily because it’s a powerful method of ensuring that you keep your personal chats private. When choosing a chat app, inspect whether it offers end-to-end encryption (the gold standard) or merely encryption in transit.

If you’re stuck and unsure of which messaging app to pick, check out our list of the most secure messaging apps.

15. Avoid unsecured sites

See that little padlock icon on the top left corner of your browser, next to the URL? That indicates that the connection between your device and the website is encrypted using Transport Layer Security (TLS), preserving the integrity of your data against things like man-in-the-middle attacks.

While HTTPS doesn’t guarantee safety, it’s still the best option to maximize your privacy. Stick to browsing on HTTPS secured sites and try to limit browsing on unsecured sites—never engage in any online transactions on such pages. Additionally, you can also use the HTTPS Everywhere browser extension (which also comes with ExpressVPN’s browser extensions for Chrome, Firefox, and Edge) that forces the site to deploy HTTPS if it’s available.

16. Keep your social media accounts private

If you’re trying to guard your online privacy and security, you should do all you can to prevent search engines and crawlers from indexing information about you. Change your account settings to ensure your feed isn’t included in search engines.

Unless you’re a public figure or influencer who wants as many followers as possible, you should ideally set your account to private so only verified friends and family can see what you post.

Read more: How to make your photos more private on social media

17. Remember to log out of all websites when done

Logging out of your social media, email, and online bank accounts after using them is akin to locking your front door when you leave home. It’s quick and simple and prevents intruders from gaining entry.

It’s a common misconception that closing the browser tab or window is enough to prevent others from accessing your account. The truth is that you may still be signed in to your account on that device, leaving you vulnerable. The only way to stay safe is to log yourself out when you are done using an online service. And clear that browser’s history.

18. Think twice about what you share online

Finally, remember that you are the one who controls what information you share online. If you don’t share it, they can’t get a hold of it. In keeping with this idea:

  • Do not give away your “real” email address for online giveaways or for websites that might engage in dubious marketing practices. Get additional email addresses that are just for such signups.
  • Do not share any personal data on public/unsecured computers and networks.
  • Even if you are on a secure device or network, remember that anything you share online effectively becomes permanent, and can be shared or manipulated without your knowledge. A good way to see if this is happening is to Google yourself periodically.

Read more: The ultimate guide to mobile security for iPhone and Android devices

Phone protected by ExpressVPN.
Take the first step to protect yourself online

30-day money-back guarantee

A phone with a padlock.
Enjoy a safer online experience with powerful privacy protection
What is a VPN?
Caleb enjoys reading technology news, playing football, and consuming unwholesome amounts of steak. Preferably at the same time.