The Ultimate Guide to Online Privacy for Non-Techies

The Ultimate Guide to Online Privacy for Non-Techies

Part 1: Strengthen your foundation

• Create strong, unique passwords for every account. A strong password uses a mix of upper and lowercase letters, numbers, and symbols and is at least 12 characters long. Since remembering dozens of unique passwords is difficult, use a reputable password manager like Bitwarden or 1Password.
• Enable two-factor authentication (2FA) on everything. This is a simple but powerful security feature that requires a second verification step, like a code from an authenticator app, in addition to your password.
• Keep your software updated. Software and app updates often contain critical security fixes. Enable automatic updates on your devices, browsers, and applications to protect against the latest vulnerabilities.
• Install antivirus and anti-malware software. Use a trusted security program to protect your devices from viruses, spyware, and other malicious software that could steal your personal data.

• Delete old and unused accounts. Search for old accounts you no longer use and delete them to minimize your online footprint and the risk of data exposure from future breaches.
• Review app permissions. Regularly check the permissions you've granted to apps on your phone. Turn off access to your location, photos, and microphone for any app that doesn't genuinely need it to function.

Part 2: Build safer online habits

• Use a privacy-focused browser and search engine. Avoid search engines like Google that track your searches and browsing history for targeted advertising. Use alternatives like DuckDuckGo or Startpage instead. Consider using a privacy-centric browser such as Firefox or Brave.
• Install a tracker-blocking browser extension. Add-ons like Privacy Badger or uBlock Origin can block unseen trackers and scripts that websites use to follow your activity across the web.
• Avoid public Wi-Fi. Public Wi-Fi networks in cafes or airports are often unsecured and are a prime target for hackers. If you must use one, avoid entering sensitive information like credit card details or bank passwords.
• Use a Virtual Private Network (VPN). A VPN encrypts your internet connection, masking your IP address and protecting your browsing activity from being intercepted, especially on public networks.

• Limit the information you share publicly. Do not post personal details like your phone number, home address, or birth date. This information can be used by hackers to guess your security questions.
• Tighten your privacy settings. Adjust the settings on all your social media profiles to ensure only trusted contacts can see your posts and personal information.
• Be cautious about photo sharing. Many devices automatically embed location data into photos, which could reveal your location when you post. You can turn this off in your phone's camera settings.
• Think before you post. Assume that anything you post online could be seen by anyone and may remain online forever.

Part 3: Take control of your data

• Use end-to-end encrypted messaging apps. For private conversations, use apps like Signal, which offer end-to-end encryption so only the sender and recipient can read the messages.
• Use secure email providers. Consider services like ProtonMail, which encrypt your emails to prevent them from being read by unauthorized parties.

• Don't click on suspicious links. Phishing attacks often use fraudulent emails or messages to trick you into clicking a link that steals your information. Be suspicious of any link or attachment from an unfamiliar sender.
• Verify requests for personal information. Never provide personal or financial information in response to an email, text, or phone call, even if the request appears to be from a company you know. Go directly to the company's website or contact them using a trusted phone number instead.

• Don't ignore privacy policies. While they can be long and complex, a website's privacy policy explains how it collects, uses, and shares your data. If a website lacks a clear policy or makes you uncomfortable, consider taking your business elsewhere.

• Check for breaches. Use a service like Have I Been Pwned? to check if your email address has appeared in any data breaches. This can tell you which passwords to change immediately.
• Monitor your bank and credit statements. Regularly check your financial accounts for any fraudulent transactions to catch identity theft early.
• File a fraud alert. If your identity is stolen, place a fraud alert with a major credit bureau to prevent new accounts from being opened in your name without your approval.