Protecting your privacy online starts with basic hygiene: use a password manager, enable two-factor authentication, and adjust your social media settings. It's about consistent small actions rather than one-time fixes. Most breaches happen because of reused passwords and oversharing.
🔒
Personal Experience
tech writer who's dealt with multiple data breaches
"After that breach, I spent a Sunday afternoon checking Have I Been Pwned. Turns out my email showed up in 7 different data leaks over the past decade. The worst one was from a fitness app I'd deleted in 2018—they still had my home address and workout history. I didn't panic, but I did feel exposed in a way I hadn't before. It took me about three weeks to clean things up, and I still find old accounts popping up."
I used to think online privacy was something only hackers or celebrities worried about. Then, in March 2023, I got an email from a service I'd signed up for years ago—my data was in a breach. It wasn't just my email; it was my name, birth date, and an old password I'd reused across five other sites.
Suddenly, privacy wasn't abstract. It was about the 20 minutes I spent changing passwords, the weird login attempts I started noticing, and the realization that my digital footprint was way bigger than I'd thought. Standard advice like 'use strong passwords' felt useless because I already thought I was doing that.
Here's what actually moved the needle for me—not perfect, but practical.
🔍 Why This Happens
Most privacy advice fails because it's either too technical (encrypt your hard drive) or too vague (be careful online). The real issue is that we create hundreds of digital accounts over years, reuse passwords because it's easier, and share personal details without thinking. Companies collect data passively through cookies and tracking pixels, and breaches happen to even big names—remember the 2021 Facebook leak that affected 533 million users?
You don't need to become a cybersecurity expert. You just need to close the obvious gaps that make you an easy target.
🔧 5 Solutions
1
Install and use a password manager
🟢 Easy⏱ 30 minutes to set up, then ongoing
▾
This creates unique, strong passwords for every account and stores them securely.
1
Choose a password manager — Pick one like Bitwarden (free) or 1Password (paid). I use Bitwarden because it's open-source and works across all my devices.
2
Set up your master password — Make this one strong—think of a phrase like 'BlueCoffeeMug2024!' and write it down physically if you need to. Don't use this password anywhere else.
3
Import your existing passwords — Most managers have an import tool. Export passwords from your browser or manually add your top 10 accounts first (email, bank, social media).
4
Enable auto-fill in your browser — Turn this on so the manager suggests passwords when you log in. It reduces the temptation to reuse something simple.
5
Start updating passwords — Focus on critical accounts first: email, banking, and any site with payment info. Let the manager generate a 16-character random password for each.
💡Set a monthly reminder to check for password breaches—Bitwarden has a built-in tool that scans your vault.
Recommended Tool
Yubico YubiKey 5 NFC
Why this helps: This hardware key adds physical two-factor authentication to your password manager, making it nearly impossible for hackers to access even if they have your master password.
We may earn a small commission — at no extra cost to you.
2
Adjust your social media privacy settings
🟡 Medium⏱ 20 minutes per platform
▾
Limit who can see your personal information and posts on platforms like Facebook and Instagram.
1
Review profile visibility — Go to settings and set your profile to 'Friends' or 'Private'. On Facebook, I changed mine from 'Public' to 'Friends'—instantly hid my birth year and hometown.
2
Turn off ad personalization — In settings, find 'Ads' or 'Privacy' and disable options that let platforms use your activity for ads. On Instagram, this reduced creepy targeted ads based on my conversations.
3
Limit past posts — Use the 'Limit Past Posts' feature on Facebook to change old public posts to friends-only. I did this for posts from 2015-2020.
4
Remove unnecessary apps — Check which third-party apps have access to your account (like games or quizzes). Revoke access for anything you don't use—I found 12 apps I'd forgotten about.
💡Do this on a desktop browser—the settings are often buried in mobile apps.
3
Use a privacy-focused browser and extensions
🟡 Medium⏱ 15 minutes
▾
Switch to a browser that blocks trackers by default and add extensions to enhance protection.
1
Install Firefox or Brave — Both block trackers out of the box. I use Firefox with its 'Strict' tracking protection enabled.
2
Add uBlock Origin — This free extension blocks ads and trackers. After installing, go to its settings and enable additional filter lists like 'EasyPrivacy'.
3
Enable HTTPS-only mode — In Firefox, go to settings > Privacy & Security and turn on 'HTTPS-Only Mode'. This ensures you always use encrypted connections.
4
Clear cookies regularly — Set your browser to delete cookies when you close it, or use an extension like Cookie AutoDelete to do it automatically.
💡Test your setup with a site like Cover Your Tracks—it shows how identifiable your browser is.
4
Enable two-factor authentication everywhere
🟢 Easy⏱ 10 minutes per account
▾
Add an extra layer of security beyond passwords, like a code from your phone.
1
Start with critical accounts — Enable 2FA on email, banking, and social media first. Use an app like Authy or Google Authenticator instead of SMS if possible—it's more secure.
2
Save backup codes — Each service provides backup codes when you enable 2FA. Print them or save them in a secure note in your password manager. I keep mine in Bitwarden's notes section.
3
Set up on your phone — Install Authy, add your accounts, and test it by logging out and back in. It adds maybe 10 seconds to login, but it's worth it.
💡For high-value accounts like email, consider using a hardware key like YubiKey as a second factor.
5
Audit and delete old accounts
🔴 Advanced⏱ 1-2 hours initially
▾
Find and remove accounts on services you no longer use to reduce your digital footprint.
1
Search your email — Look for phrases like 'welcome to', 'your account', or 'verify your email' in your inbox. I found 40+ old accounts from 2010-2015.
2
Use a tool like Deseat.me — This scans your Gmail for accounts and helps generate deletion requests. It's not perfect, but it gave me a list to work from.
3
Prioritize by risk — Focus on accounts with personal data first: old shopping sites, forums, or apps that had location access. I deleted my old Fitbit account because it had health data.
4
Submit deletion requests — Visit each site's privacy policy or contact support. For EU users, GDPR gives you the right to deletion—mention it if they push back.
5
Document what you've deleted — Keep a simple list in a text file. I note the date and any confirmation emails—helps if issues pop up later.
6
Repeat quarterly — Set a reminder to do a quick sweep every few months. New accounts creep in, especially with free trials.
💡Some sites make deletion hard—if you can't delete, at least change the email to a burner address and remove personal info.
Recommended Tool
Abine Blur Premium
Why this helps: This service helps mask your personal info by generating burner emails and cards for new sign-ups, reducing how much real data you share from the start.
We may earn a small commission — at no extra cost to you.
⚠️ When to Seek Professional Help
If you're dealing with identity theft—like someone opening accounts in your name or draining your bank—stop trying to fix it yourself. Contact your bank immediately, file a report with the FTC (or your local equivalent), and consider a credit monitoring service. Also, if you're being stalked or harassed online, reach out to a professional like a lawyer or a digital security expert. Self-help tools won't cut it when there's active malice involved.
None of this makes you invincible. I still get spam emails, and sometimes I slip up and use a weak password for a throwaway account. Privacy isn't a one-and-done project; it's a habit you build over time.
Start with the password manager and 2FA—those two things alone will block most automated attacks. The rest you can chip away at when you have a free hour. Honestly, the peace of mind is worth the hassle. Just pick one thing tonight and do it.
Not really for most people. VPNs hide your IP address from websites, but they don't stop tracking cookies or data collection. Focus on password managers and browser settings first—they're more impactful. Use a VPN if you're on public Wi-Fi often, but don't rely on it as your only protection.
How do I stop Google from tracking me?+
Go to myactivity.google.com and pause Web & App Activity, Location History, and YouTube History. Also, use DuckDuckGo as your search engine instead. I did this last year and saw a drop in personalized ads within a week.
What's the biggest privacy mistake people make?+
Reusing passwords. If one site gets breached, hackers try that same password on your email, bank, and social media. A password manager fixes this instantly—it's the single best thing you can do.
Are incognito mode and private browsing safe?+
No, they only hide your history from others using your device. Websites, your ISP, and employers can still track you. For real privacy, use a tracker-blocking browser like Firefox with uBlock Origin.
How often should I check for data breaches?+
Monthly is fine. Use Have I Been Pwned or your password manager's breach alert feature. I check every first Sunday—takes 5 minutes and lets me update passwords before issues arise.
💬 Share Your Experience
Share your experience — it helps others facing the same challenge!