ProtonBlog(new window)
Internet privacy

Improve your online privacy with this comprehensive guide, developed by the Proton team. Here, we’ll help you determine your threat model and take steps to achieve online privacy that meets your needs.

Updated February 2024

Total internet privacy is impossible, but you can get close by adjusting your online behavior — and a few of your privacy settings. This guide is designed to help you with simple, practical solutions to keep your data out of the hands of companies, governments, and hackers.

Many internet privacy guides promote unrealistic solutions, like using Tor all the time (which will slow your internet) or communicating only through Signal encrypted messenger (which is useless if your contacts aren’t also using it). While such technologies provide a high level of privacy, they may not be necessary under your personal threat model. In other words, you probably don’t need to take the same privacy precautions as a Turkish dissident or an NSA whistleblower. And the best privacy recommendations can be counterproductive if you burn out trying to follow them, like one writer for Slate did(new window).

So, in this guide to internet privacy, we’ll show you how to understand your own threat model, followed by some practical steps you can take. Each of the sections has a simple recommendation you can follow to increase your online privacy. This page is designed to be a handy, ongoing resource rather than a quick checklist, so consider bookmarking this page to come back to it later when you need a refresher.

Table of contents:

  1. Why internet privacy matters
  2. Understanding your threat model
  3. Browsing online privately
  4. Communicating privately
  5. Secure your device

I. Internet privacy is important for everyone

If you use the internet for any reason, then your personal data is vulnerable to being collected and misused by someone. Without internet privacy, someone could steal your credit card number or your identity. Internet privacy keeps hackers from breaking into your online accounts (you don’t want to be this guy(new window)) or Big Tech companies from monitoring your inbox or browsing activity.

As both citizens and users of the internet, we all have a stake in the quality of our society. Privacy is a fundamental human right and a prerequisite for democracy. For authoritarian governments and profit-seeking companies alike, invasions of privacy are a useful means of control. If you value your freedom or living in a free society, then internet privacy should matter to you.

II. Understanding your threat model

A threat model(new window) is a method of evaluating security and privacy risks so that you can mitigate them strategically. Since 100% privacy is practically impossible (and perhaps undesirable), defining a personal threat model will help you understand your internet privacy priorities. Start by answering the following questions:

  • What information do you generate online? (Emails, searches, file uploads, and passwords are all examples.)
  • What information do you want to protect?
  • Who might want to gain access to that information? (For example, governments, advertisers, etc.)
  • How is that information stored and transferred? (Is it end-to-end encrypted or collected by the service provider?)

This article provides solutions for both low and high threat scenarios. You don’t have to implement all the suggestions, depending on your threat model.

III. Browse the internet privately

Your browsing data is extremely valuable to companies that buy and sell targeted advertising. The largest companies in this space, like Google and Amazon, make so much money from your personal data that it is now more valuable than oil(new window). But these companies are vague about how they use and store(new window) your information, and data breaches(new window) and privacy scandals(new window) are so common that we’ve come to expect them.

Prying corporations aside, governments also collect huge amounts of data through mass surveillance, and some of them even conduct targeted surveillance (e.g. against journalists or activists). Also, the more data you transmit online and store in the cloud, the more likely hackers are to take advantage of it for financial gain. Increasingly, there are private alternatives to data-hungry companies. For example, Proton Mail is a private alternative to Gmail(new window). Instead of Google Drive, which can access and scan your files and documents, you could use encrypted cloud storage(new window).

Learn more: What is end-to-end encryption?(new window)

Use a privacy-focused browser

Google Chrome is the most popular browser in the world. But it enables so much data collection that The Washington Post said it “has become spy software(new window).” That’s because Chrome logs your browsing history and allows third parties to plant tracking cookies that monitor your activity.

We recommend: Use a web browser to block online tracking(new window). Firefox is the most popular privacy-focused browser(new window) because of its many features and open source code. If you must use Chrome, you can manage your Google activity(new window) to limit how much data it can collect.

Encrypt your internet connection with a VPN

A VPN(new window) encrypts your internet connection between your device and the server owned by your VPN service provider. Using a VPN can help keep your web traffic safe from anyone monitoring the network at the local level: hackers, your internet service provider, and surveillance agencies. A VPN will also mask your true location and IP address, allowing you to browse more privately and access geo-restricted content.

A VPN will not, however, protect your web traffic against the VPN provider. That’s why it’s important to choose a VPN service you trust(new window) that does not keep logs of your activity.

We recommend: Use Proton VPN(new window) on your desktop and mobile devices. It offers access to hundreds of servers in dozens of countries, has advanced security features like Secure Core(new window), and follows a strict no-logs policy(new window). Proton VPN also has a free VPN service(new window) to guarantee basic access to the internet to everyone.

Learn more: Your internet service provider is spying on you(new window)

Protect your search queries

Google tracks all its users’ search queries and clicks(new window). If you’re logged in to your Google account while using Search, the company keeps a record of this information connected to your profile. This has helped Google refine its search algorithms, but it also helps the company profit from your private data.

We recommend: DuckDuckGo(new window) is a private alternative to Google Search that doesn’t store users’ personal data or track their activity.

Limit the information you share publicly

A lot of sensitive information about you is publicly available on the internet. Some of it is a matter of public record, like court records, addresses, and voter registration. But much of it we put on the internet voluntarily, usually via social media, like photos (often location tagged), family members’ names, and work history.

Hackers can use these clues for social engineering and to answer security questions. Photos of you on social media can even be used to create deepfake(new window) videos of you. Almost all online services and internet-connected devices have privacy settings you can adjust to restrict the amount of information collected and/or shared online. You can also use a Hide-my-email alias(new window) when signing up for new accounts or newsletters instead of your real email address.

Limit the information you share privately

Online service providers can be vulnerable to data breaches(new window), which can instantly compromise your privacy, sometimes in embarrassing ways(new window). Even large services like Google or Facebook are not immune to data breaches. You can mitigate the privacy threat of data breaches by limiting the information you share with these services. For instance, you can use Google Chrome or Google Maps without logging into your account, or simply switching to a more privacy-friendly browser like Firefox.

If the services themselves (and their third-party partners) are part of your threat model, switch to privacy-focused services that do not collect user data. With Proton Mail, accounts are anonymous (not linked to your real-life identity), and we collect as little user information as possible. 

Learn more: How to protect your children’s privacy online(new window)

Make your account safe and secure

First things first: To keep your online accounts private, you must keep them secure. Your password is your first line of defense. Make sure you use strong, unique passwords. A password manager(new window) can help you generate and store them so that you don’t have to write them down.

Your second line of defense is two-factor authentication(new window) (2FA). This is a way to secure your account with a second piece of information, usually something you have with you, like a code created on an authenticator app or fob.

Avoid using public computers to access your accounts because keyloggers can record your login credentials. And if you absolutely must use a public computer, be sure to log out of your accounts.

Many services (such as Proton Mail and Proton VPN) allow you to see when and from what IP address your account has been accessed. If you do not recognize one of these logins, you can log out of other sessions remotely(new window).

We recommend: Use an open-source password manager like Proton Pass(new window) to help you create and securely store strong passwords. Pass also encrypts important metadata, such as URLs and notes, for further privacy.

Learn more: How to create a strong password(new window)

Use HTTPS everywhere

Always ensure that your internet connection is encrypted from your device to the company’s servers. You can check that this is the case by making sure the URL of the website begins with “https”. 

We recommend: Download the browser plugin called HTTPS Everywhere(new window) to help you do this automatically.

When to use Tor

If your threat model requires a very high level of internet privacy, you should connect to the internet through Tor. Tor is a technology maintained by the nonprofit Tor Project, which allows you to use the internet anonymously. It works by bouncing your connection through multiple layers of encryption, both protecting your data and concealing its origin. Tor also allows you to access censored websites (such as those offering end-to-end encrypted services) via the dark web. However, the downside of Tor is that it is generally significantly slower compared to using a VPN.

We recommend: Download the Tor browser(new window) or connect to the Tor network using Proton VPN(new window) if you have advanced privacy needs.

Learn more: How to use Proton Mail with Tor(new window)

IV. Keep your communications private

When communicating online, there are several ways companies or hackers can access your private conversations. Without encryption, an attacker monitoring the internet would be able to see the information being transmitted, from credit cards to chat messages. 

Of course, the vast majority of online services use some form of encryption to protect the data traveling to and from their servers. But only a few tech companies encrypt your information in such a way that even the company cannot decrypt it. This kind of encryption is called end-to-end encryption(new window) (E2EE). Whenever possible, use services that offer E2EE and protect your privacy by default.

Use encrypted email

Services like Gmail and Yahoo can scan your mailbox to collect data. Google, for instance, reads your purchase confirmation emails(new window) to build a database of everything you buy. If you don’t want your email service provider to have access to this kind of private information, you should switch to an end-to-end encrypted email(new window) provider.

Messages between Proton Mail users are always transmitted in encrypted form. When a user sends an email to another Proton Mail user, the emails are encrypted on the sender’s device, and can only be decrypted by the recipient. All emails sent to/from a Proton Mail account (even if the other side is not using Proton Mail) are stored with zero-access encryption(new window). Once a message is encrypted, only the account owner can decrypt it.

We recommend: Create a free Proton Mail account(new window) and download our mobile app(new window) to start using private email(new window). When signing up for newsletters or online services, you should provide them with your encrypted email address.

Learn more: Five essential steps to keep your email safe(new window)

Chat privately with secure apps

For instant messaging, you have many options. WhatsApp is one of the most popular chat apps, and it features E2EE. But Facebook (which owns WhatsApp) can see who you communicate with and when. 

We recommend: For better chat security and privacy, we recommend using Wire or Signal.

Phone number apps

Private phone number apps use Voice over Internet Protocol technology to allow you to make and receive calls and SMS with a second phone number. This can offer some privacy benefits because you are not always required to give the app provider any identifying information.

We recommend: Apps like Phoner(new window) provide anonymous calling and texting. You should keep your main phone number private while providing your second phone number for account verification and to online services that require a phone number.

Learn more: How to protect your privacy with a second phone number app(new window)

V. Secure your device

Most threat models should include the possibility of your device getting stolen or lost. Often, a compromised smartphone will also compromise many of your online accounts. Other times, device privacy simply means privacy from people looking over your shoulder. 

We recommend: Adjust your notification settings so that messages and senders don’t appear on your lock screen.

Keep your device locked down

Because of the differences between operating systems and devices, we will only provide general recommendations here. Always set a password on your device. Biometric authentication, such as fingerprints or facial recognition, should be sufficient for most users. However, people with elevated security concerns may opt to require a password every time.

Those with advanced threat models may also want to encrypt their devices. This is usually an additional step. Follow the links for instructions to do so on Windows(new window), Mac(new window), and Android and iOS(new window).

Additionally, there are apps(new window) that allow you to wipe, locate, and potentially identify the thief if your device is stolen.

If your device somehow is compromised with spyware, a low-tech privacy solution, ironically popularized by Mark Zuckerberg(new window), is to cover your webcam with a piece of opaque tape.

Learn more: How to protect your phone or computer when crossing borders(new window)

Be vigilant for phishing attacks

A phishing attack(new window) attempts to steal your account credentials or infect your device with malware by tricking you into clicking on a link or downloading an attachment. Email is one of the easiest ways for hackers to get into your computer. So it’s important to be alert and never click on links or download anything from a source you don’t completely trust.

We recommend: Read our article about how to prevent phishing attacks(new window) to understand what phishing looks like and how you can protect yourself or your business.

Delete unused apps and ensure software is up to date

Another critical part of protecting your device is maintaining its software. You can help prevent attackers from installing malware on your device by keeping your apps and operating systems up to date. Software updates often include security patches for recently discovered vulnerabilities.

Conclusion

At Proton Mail, we believe a more private internet is possible, but it will require a major shift from the current ad-based business model. With your support, we will continue to develop tools that enable privacy, security, and freedom online. In the meantime, everyone can take simple, positive steps in their own behavior to improve their privacy individually. Because internet privacy is a sliding scale, implementing just a few of the solutions in this guide will give you more privacy than you had before.

What are your thoughts? Do you know some online privacy tips that aren’t mentioned in this guide? We would love to hear your feedback. You can find us on Twitter(new window) or Reddit(new window) to share your ideas.

Secure your emails, protect your privacy
Get Proton Mail free

Related articles

passwordless future
With the advent of passkeys, plenty of people are predicting the end of passwords. Is the future passwordless, though? Or is there room for both types of authentication to exist side-by-side?  At Proton, we are optimistic about passkeys and have int
At Proton, we have always been highly disciplined, focusing on how to best sustain our mission over time. This job is incredibly difficult. Everything we create always takes longer and is more complex than it would be if we did it without focusing on
is icloud keychain safe
If you’re on any Apple device, you’re familiar with the iCloud Keychain, the Apple password manager. It’s a handy tool that stores passwords for you and helps you manage your logins.  For a program that stores all your most sensitive data in one pla
We recently announced that Proton Pass now supports passkeys for everyone across all devices. Universal compatibility is a unique approach to implementing passkeys, unfortunately. Even though passkeys were developed by the FIDO Alliance and the Worl
How to upload and share private video
Your private videos are for your eyes only. However, not all cloud storage services are good at storing videos securely, let alone privately. In this article we explain what you can do to keep file sharing companies from having access to the videos y
Many email services, citing security reasons, require a phone number for identity verification. This creates an unfortunate paradox in which you must give up a highly sensitive piece of personal data to Big Tech. But there are simple ways to create
Can you password-protect a folder in Google Drive?
Protecting a folder with a password is a simple yet effective way of securing files. You may wonder whether you can password-protect a folder in Google Drive. We explain what access controls Google Drive offers and what you can do to improve your sec