Table of Contents
How safe is your information online?
Let’s face it; threats to online privacy keep getting worse. This year, for example, has been the biggest so far in terms of data breaches*. Close to 1,000 data breach incidents have taken place. More than 5 billion records have been compromised.
If you’re not careful, it will be just a matter of time before you become part of a similar statistic.
Me? As a long-term digital nomad who frequently uses unsafe wifi and travels in restrictive countries, I had to learn the hard way. That's what prompted me to really get into learning about digital security and online safety. I've spent the last ten years learning the things I have to create this resource for you. I hope this helps you and you don't make the same mistakes I have.
Let’s get started! Here are the steps I've learned that will help you ensure that your online experiences remain private and secure.
Here are the steps to take:
1. Limit what you share with apps, social media, and online services Limit what you share
Alright, here's the top way I use, and it's really the most simple. I limit what I share. The less information that cybercriminals know about you, the harder it will be for them to use your personal data for illegal schemes, especially for trying to scam you.
Limit what you share:
One of my top-secret tips for privacy is to use throwaway email addresses. You’ll find this feature in secure email services. So, for example, I use one email alias for one online service, another email alias for another service, and so on.
A diagram illustrating how email aliases relate to your email address on Proton Mail.
This way, I can sign up as normal, but my real email address doesn’t end up on some email list on the dark web. Your email on such a list makes you a prime target for hacking, identity theft, phishing schemes, and more.
Bottom line: Make every effort you can to remove as much of your information from the internet as you can. The more your personal info is out there on the internet, the easier it is for hackers to find it or for it to be leaked.
2. Use Strong and Unique Passwords Use Strong and Unique Passwords
I also make sure to always use strong passwords. It's super important in online privacy and security. Don't use simple passwords like ‘password' or ‘1234', or any familiar phrases or dates. That's because hackers can guess them easily!
So what makes a strong password?
Also, make sure that each account you have uses a unique password!
Normally, creating good passwords and keeping track of all of them would be a lot of work. Well that’s because it is—if you do everything manually. The good news is that you don’t have to. You can use a password manager to create all these random passwords for different sites, and then safely store them for you.
Screenshot showing a strong 20-character password created using 1Password’s password generator
I used to think that paying for a reliable password manager wasn’t really worth the cost. But once I did try it (after a lot of hemming and hawing), it certainly made managing my online accounts much easier, and more importantly, safer. Now I just need to remember one master password and I’m all set.
Bottom line: Strong, unique passwords are a fundamental defense to online security. Make sure that you have good passwords for all your online accounts. Use a password manager to help create, store, and manage your passwords.
3. Enable Two-Factor Authentication (2FA) Enable Two-Factor Authentication (2FA)
Even with strong passwords and password managers, you need to double-protect yourself! That's because hackers are crafty. They can often fool you into revealing your password through various deceptive schemes like:
- A phishing attack
- A bogus online form that appears to have been sent by your bank, or
- A phone call that allegedly comes from your banks customer support
They could also obtain your password from data breaches. And once hackers get your password, they’ll be able to log in on your behalf.
Luckily, most companies and social media platforms have two-factor authentication nowadays. I always make it a point to enable 2FA whenever a service or app supports it. 2FA is a login method that usually combines password authentication and a second authentication factor. That second factor can be a biometric scan, a physical token or card, or a random number generated by an authenticator app. When 2FA is enabled, you have to log in with your password AND that second factor.
I prefer authenticator apps like Google Authenticator and Microsoft Authenticator because most apps and online services support them. They’re also quite handy because they can be installed on your phone and other mobile devices. .
Screenshot showing how two-factor authentication is enabled on StartMail
I even use an authenticator app for my password manager. That way, even if hackers somehow get hold of my master password and try to log in through my password manager’s website, they still won’t be able to get through. That’s because, in order to log in, they’ll have to enter both my master password AND the random number generated by my authenticator app. My authenticator app is on my phone, and it’s always with me.
Bottom Line: Strong passwords alone won’t keep highly skilled and determined hackers from breaking into your accounts. To prevent hackers from taking over your accounts even if they have your password, enable 2FA whenever possible.
4. Stay alert for phishing emails and other social engineering attacks Stay alert for phishing emails
This one is the most sneaky way people get into your accounts. Basically, hackers and crooks use a technique called social engineering. Social engineering refers to any cyber attack that takes advantage of human emotions like fear and excitement. The most common of these attacks are phishing emails. A phishing email is designed to trick the victim into performing a specific action. In most cases, that action is to click a link.
The email message might appear to come from a trusted source, like your bank, your social media account, or insurance company, and say:
Don't click these! Anything too good to be true usually is. When you click a link in a phishing email, bad things can happen. For example, you could end up downloading malware. Or you can be redirected to a bogus form asking you to share your password or other personal data.
I receive tons of emails every day, so I have to be very careful about clicking links or downloading attachments. Every time I receive an email that seems to evoke fear or excitement, my spidey senses start kicking in. I then start looking for signs of anything suspicious. Here are some of the things you can do:
Telltale signs of a phishing email:
Sample phishing email. Hint: You can find many emails like this in your spam folder.
Bottom Line: Phishing is one of the main causes of data breaches, malware infections, and identity theft. Always be on the alert if you receive an email that asks you to click a link or download an attachment.
5. Make the privacy settings of your online accounts more restrictive Make the privacy settings of your online accounts more restrictive
Have you ever tried checking the default privacy settings of an app or online account you use? If the answer is no, you’re not alone. The reality is that most of us really can’t be bothered to check because, frankly, we don’t even know where to start.
Privacy settings on X
Paying more attention to your privacy settings is an essential step in taking control of your data. Social media sites, by default, permit the sharing of your personal information online with third-party companies. Some info is shared with data broker sites (more on these later).
Regardless of where your data ends up, you are now more vulnerable to data theft and data leaks. When your sensitive personal data—social security number or financial information, for example, gets exposed, the consequences can be dire.
Take the time to make the needed changes in your security settings because your online privacy is at risk. Your location, likes, online shopping habits—basically, any information others could take advantage of, are out there. So, turn off location tracking and consider what information should be made public. Consider what posts you give likes or hearts to, or comment on. You will be safer for it.
Bottom line: The online apps we’re using could be sharing our data without knowledge. Review your privacy settings and take control of what information you want to be automatically shared to others.
6. Uninstall unnecessary mobile apps and browser extensions Uninstall unnecessary mobile apps and browser extensions
This one is really important. Apps and browsers often have access to various permissions and data. Old apps that you no longer use are easy to forget about, but they can often have permissions that we don't know about. Plus, the tech companies behind these apps could suddenly change their privacy policies, and then all the data could be used for unwelcome purposes.
It’s thus worth it to take some time to review your mobile apps and extensions. You’d be surprised at the number of throwaway apps that clutter your phone. Delete all that you’re not using and (you think) won’t be needing in the next month or two. This move may seem trivial, but it can count for a lot in the long run. I can’t stress enough how important it is to leave as small a digital footprint as possible, and this is another way of doing it.
Removing a long-discontinued app
Don’t know how to check what browser extensions you have installed? Follow these instructions on how you can see what tools are still attached to your computer browsers and how to manage them.
- Chrome: Click the three-dot icon on the upper right, go to Extensions, and click on Manage Extensions.
- Microsoft Edge: Click the Extensions icon on the toolbar (puzzle piece icon), then click Manage Extensions.
- Firefox: Click the Extensions button on the toolbar (puzzle piece icon) and all extensions will appear on the panel. Click on the Menu button (gear icon) for the extension you wish to manage, and choose the action you want.
- Safari: From the Safari pop-up on the upper left, scroll down to Settings, then look for Extensions on the tab. You can then see all the current extensions and choose what you want to uninstall.
Bottom line: Our devices may have apps and browser extensions that are unused, but still collecting data. Review all apps and extensions installed in your devices and delete those that you’re not using.
7. Prevent search engines from tracking you Prevent search engines from tracking you
Search engines have the capability to track us each time we use one. That’s right. We give search engines (like Google) that power each time we do a search, click on search results, and browse websites. These search engines have powerful algorithms that build our unique user profile for us based on what they think we like.
Not all search engines are created equal, though. Reports reveal that Google, which also runs Chrome, owns YouTube, and operates Google Analytics (among its many, many other services), can now cross track over 80% of the web. So even when you’re not using Google Chrome, Google’s ads follow you everywhere. That’s pretty invasive (and kinda creepy), if you ask me.
This fact really bothered me so I did some research and it turns out, we’re not completely at the mercy of search engines. There’s a lot you can do to drastically reduce the data they get and protect your online privacy. Here are some of the ways:
Reduce the data that search engines have about you:
Bottom line: Search engines track our browser activities. Implement ways to reduce the data they get: use a VPN, delete your activity history, use anti-tracking tools, and more.
8. Use a Virtual Private Network (VPN) when you connect to the internet Use a Virtual Private Network (VPN) when you connect to the internet
As a global traveler and heavy internet user, VPNs are one of my mandatory tools for internet safety. Read my full ‘what is a VPN?‘ post for all the details, but basically, a VPN ensures my internet activities stay private. That's because using a VPN uses encryption to prevent other people from snooping on my activities. Without a VPN, our online activity can be spied upon by our internet service providers (ISPs), authoritarian governments, and hackers.
Attackers can’t read my encrypted online activities when using one of the best VPNs on my list.
Hackers can lurk in public Wi-Fi, waiting for potential victims to make a connection. That means any time you use Wi-Fi, like in a coffee shop, hotel, or airport, you're putting yourself at risk.
I’m always on the move, so I always find myself connecting to public wifi. I’m most alert when I connect to airport wifi. Airports are busy places, with many users scrambling to connect to the internet at the same time. For hackers, these places are treasure troves of potential victims. So before I connect to the airport or any public Wi-Fi, I make sure my most trusted VPN is switched on.
Bottom Line: Connecting to the internet exposes your online activity to either your ISP or leaves it open to being spied upon by hackers when using Public Wi-Fi. Using a VPN is the best and easiest way to ensure this is not possible.
9. Keep your software up-to-date Keep your software up-to-date
If you want to keep hackers and spies out, don’t make it easy for them to get into your devices. One way of doing this is by keeping your OS and software apps regularly updated. These updates and security patches remove software vulnerabilities that cyber criminals use to infiltrate computer systems and steal information.
Applications waiting to be updated
You can set your computer or mobile device to perform automatic patching. But if the software updates don’t install automatically or if you haven’t changed your settings to allow this, then pay attention to update notifications. I used to just ‘set for later’ any upcoming updates, but that was when I didn’t know any better. Now that I travel regularly (and therefore more vulnerable to online dangers), I ensure my devices are always up-to-date.
Software updates certainly help a lot to protect your privacy. But you can also opt to install antivirus software to better safeguard your online privacy. Anti-virus software checks files for any malicious attachments and scans your computers and mobile devices for suspicious behaviors.
Bottom Line: If your software isn't up to date, your digital privacy can easily be exploited. This won't be possible if you perform software updates on a regular basis.
10. Always consider using end-to-end encryption Always consider using end-to-end encryption
We all use communication apps daily. We email, chat and send text messages. We’re not too worried about what we say because Google and Facebook Messenger should be able to keep our messages secure, right? Wrong. Even the most widely-used apps can’t guarantee our privacy online. Not unless they specialize in end-to-end encryption.
Let me explain why end-to-end encryption is important. Let’s say you’re chatting with someone and you’re using a VPN. The path from your device to your VPN provider’s servers will be encrypted. However, the path from those VPN servers to the other person’s device may or may not be encrypted.
That path won't be encrypted if the other person isn’t using a VPN. Also, if the other person is using another VPN provider, the path from your VPN provider to that VPN provider may not be encrypted.
You can only get an encrypted path all the way from your device to the other person’s device if you use end-to-end encryption. If you want your chats to be end-to-end encrypted, then you and the other party must both use the same encrypted app.
Encrypted messaging apps
The same concept holds true when you're communicating through email. If you want to make sure your email messages are encrypted all the way from your device to your email recipient’s device, then you should both subscribe to the same secure email provider. Secure email providers offer end-to-end encryption for emails.
Email or messaging with end-to-end encryption
Bottom Line: Your connections aren’t completely immune to hackers unless they’re protected from end to end. End-to-end encryption enables you to protect your privacy online by making it impossible for hackers to eavesdrop on any point of your connection.
11. Remove unnecessary third-party connections Remove unnecessary third-party connections
When signing up for new online services or downloading apps, you’re often prompted to create the account using your Google or Facebook account. I won’t be surprised if many of you just choose one of these options. It makes the process quick and easy. But this means that you give third-party apps easy access to whatever personal data is available on your, say Facebook, account. And with our ‘main’ accounts, there’s usually a lot.
Deleting third-party connections when no longer in use can boost your online privacy. If you have to subscribe to more apps, try to keep third-party connections to a minimum. While there are reputable services that are responsible with data, some of them may be prone to data leaks or may deliberately misuse your personal information.
Bottom line: Signing up for new online apps could involve attaching these to your main accounts like Google or Facebook. But these apps don’t really need all the personal data available there. Limit third-party connections so you don’t have to give out more information than necessary.
12. Request data brokers to remove your personal data Request data brokers to remove your personal data
Unless you’ve been living under a rock, it’s likely that many internet-based companies already have copies of your personal data. The most obvious evidence of this fact is getting multiple results when you search for yourself on Google. Less obvious proofs include seeing ads all over the web about products and services you’re actually interested in. How else do marketers know what ads to show you?
I don’t know about you, but I’m not comfortable having my personal info shared all over the place. We can actually do something about this. Marketing companies, researchers, and even search engines get your personal data from what are known as data brokers.
The good news is that you can have your personal data removed from these brokers. Here are some of the steps you can do yourself.
- Find data brokers sites that have your personal data and then opt out or unsubscribe from them.
- If you can’t find an opt-out feature, personally contact and request the data broker to remove your personal data.
- Remove your personal info from publicly available records. Some data brokers get your data from publicly available sources like court documents, property records, and voter registration records. Ask the government agency in question to have your data made private.
- Make settings in your social media platforms more restrictive. Review section #5 in this article to know why.
I won’t be surprised if you find these steps too tedious and time-consuming. I do. That’s why I subscribe to data removal services instead. Data removal service providers will do all these steps for you, except of course step #4.
A portion of a progress report from the data removal service, DeleteMe
Bottom Line: As long as data brokers continue to hold and collect your personal data, you won’t be able to enjoy complete privacy online. Contact data brokers and request them to remove your data or hire a data removal service to do the job for you.
Final Words
I hope this article was helpful to you! If you follow all the steps, you'll be on your way to having rock-solid online privacy!
Your advantage is that, unlike me before, you won’t embark on this journey with no idea what to do or where to start. I've spent the last 10 years perfecting this craft of staying safe online, often learning the hard way. This article can serve as your starting point. And this entire site can serve as your guide. This site is my roadmap and framework for staying safe online. Thanks for reading!
About The Author
Hi! I’m Trevor James, a Canadian YouTuber who travels the world full-time. I make videos about food, travel, and cybersecurity. I have been traveling the world and making videos for over 10 years. You can read more about me here.
Table of Contents