How to Protect Your Privacy Online: Five Tips from Tech Policy Experts

In today’s digital world, our personal data is more exposed than we may realize. Almost every click, like, or post leaves digital traces that advertisers can collect or buy, governments can access, and hackers could steal. Recently, growing concerns over the Department of Government Efficiency’s (DOGE) repeated access to the protected data of millions of Americans has renewed interest in how our private data is used. 

Improving the security of your data online starts with data minimization. It’s a simple but powerful idea: Only the information needed for a specific purpose should be created, stored, or shared by a platform or service. Platforms are incentivized to collect as much data as possible, even if that’s not in the users’ interest. Of course, to fully enjoy the modern internet, sharing some data is unavoidable. But data that doesn’t exist cannot be hacked, stolen, sold, or misused. Protecting your privacy isn’t an all-or-nothing proposition—even small steps can make a big difference.

In addition to making yourself less visible to advertisers, data minimization can help insulate you from the increasing threat of publicly shared information being used to target, harass, or intimidate people. Taking proactive steps to protect your privacy online, where you can, is more important than ever.

Here are five practical actions to safeguard your privacy online.

1. Use End-to-End Encrypted Communication Tools

End-to-end encryption is the technical term for scrambling data so that only the intended recipients can read it. Encryption might sound highly technical, but many apps that provide encryption for messaging are simple to use.

Messaging apps offer varying levels of encryption, but Signal, an open-source, encrypted messaging service, is generally considered the gold standard by privacy experts. Take two recent examples. After recent revelations of a Chinese operation that hacked American telecommunications systems, the Cybersecurity and Infrastructure Security Agency (CISA) recommended Signal for government employees. Similarly the Swedish armed forces have recommended using Signal for all day-to-day communications, including telephone calls.

Using encryption tools adds a vital layer of privacy, especially when sharing sensitive information.

2. Use Privacy-Focused Web Browsing Tools 

Incorporating privacy tools into your everyday online habits is one of the easiest ways to protect your privacy. These tools limit tracking, reduce data collection, and give you more control over your digital footprint. While few tools are perfect, some are better than others. To start, you should:

• Use privacy-focused browsers: Your browser is often the first point of contact for tracking technologies, including cookies, fingerprinting, and ads. Switching to a privacy-focused browser, such as Firefox, gives you built-in privacy protections, including ad-blocking, tracker prevention, and enhanced security. Note: Browsing in “incognito mode” or “private mode” and using a privacy-focused web browser are not equivalent. While incognito mode has some privacy benefits in that it deletes cookies and browsing history, preventing other users on the same computer from seeing your browsing history, determined websites can still track you.
• Use privacy-focused search engines and browser extensions: Popular search engines like Google track your searches, build detailed profiles about you, and serve targeted ads based on that data. Privacy-focused search engines like DuckDuckGo and Startpage don’t collect your personal data or track your activity. For even more control, you might install privacy-enhancing browser extensions, including uBlock Origin, Privacy Badger, or HTTPS Everywhere.
• Use disposable email services: Every time you sign up for a new service or website, you’re sharing your email address, which can be sold, leaked, or spammed. Using disposable email services—such as ProtonMail, addy.io (formerly AnonAddy), or SimpleLogin—allows you to create temporary or alias addresses, protecting your personal email from being sold or leaked. 

If you want to keep your data secure while accessing the internet, ditch the standard web browsers for one of the privacy-focused alternatives above.

3. Use a VPN

A Virtual Private Network (VPN) sends your internet traffic through one or more servers before sending it on to the wider internet, making it appear as if you’re browsing from a different location. VPNs should always be used on public Wi-Fi networks, which often collect and analyze your data.

Using a VPN consistently everywhere else limits tracking, as many VPNs allow you to select where it looks like you’re coming from, and frequently changing your location can mask your true location. Be sure to choose a reputable VPN provider like Proton VPN, RiseupVPN, Mullvad, or ExpressVPN, as some free VPN services may lack encryption or sell user data, undermining their privacy purpose.

4. Limit Your Social Media Footprint

As major players in the surveillance economy, social media platforms collect massive amounts of personal data, which fuels targeted advertising. Recent Meta content moderation changes and events involving Musk’s own platform, X (formerly Twitter), have only heightened concerns over data misuse. The risks now extend beyond tech corporations, as Musk’s ability to access private user information deepens these concerns—especially as AI makes it easier to target individuals.

To protect yourself:

• Adjust your privacy settings on platforms like Facebook, Instagram, LinkedIn, and TikTok to limit data collection.
• Consider switching to platforms with more user control, like Bluesky or Mastodon.
• Be cautious about what you share publicly. Even seemingly harmless details like your location or your children’s school can be used maliciously—especially if you become a target for harassment.
• Clean up your digital history by deleting old posts. Regularly removing outdated content can help prevent it from being used against you.

Remember: Our social media presence can feel ephemeral, but most of what is shared on these platforms is available unless you delete it.

5. Review Permissions for Websites and Apps You Use (and Those You Don’t)

It’s good practice to get into the habit of reviewing privacy settings on your web browser and favorite websites, including those endless cookie consent pop-ups. Wherever possible, disable features that track your location, monitor your behavior, or collect unnecessary data. (In short, reject the cookies!)

Additionally, apps you no longer use may still retain access to your personal data, including location and camera permissions, so regularly delete unused apps and revoke unnecessary permissions to limit data exposure. If you aren’t using an app, you should delete it—even the ones pre-loaded on your phone. This simple action reduces the amount of data available for apps to collect and share.

For the apps you do keep, take the time to review and disable any unnecessary permissions. Does a weather app really need constant access to your location? Does a simple flashlight app need to access your microphone? Limiting permissions not only protects your privacy, but also reduces the risk of apps exploiting your data. By regularly deleting unused apps and managing permissions, you regain some control over how much personal information your devices expose.

Start Small, Make an Impact

These five steps are a starting point—and while they might not cover every possible privacy measure, they offer impactful actions you can take right now. Privacy experts may debate the “top five,” but the key is to recognize that every small step adds up. These actions are relatively easy to implement and can go a long way in winning you back some privacy. 

The lack of online privacy is by design, driven by tech companies that are trying to extract as much value from your data as possible. With technology billionaires’ growing influence in the government and the ongoing efforts to dismantle institutions and regulations that protect civil liberties, the stakes for our personal information are higher than ever. We must demand more from both technology companies and lawmakers, but in the meantime, these actions can help you regain some control over your digital footprint. 

Follow The Thread! Subscribe to The Thread monthly newsletter to get the latest in policy, equity, and culture in your inbox.