Improve your online privacy with this comprehensive guide, developed by the Proton team. Here, we’ll help you determine your threat model and take steps to achieve online privacy that meets your needs.
Updated February 2024
Total internet privacy is impossible, but you can get close by adjusting your online behavior — and a few of your privacy settings. This guide is designed to help you with simple, practical solutions to keep your data out of the hands of companies, governments, and hackers.
Many internet privacy guides promote unrealistic solutions, like using Tor all the time (which will slow your internet) or communicating only through Signal encrypted messenger (which is useless if your contacts aren’t also using it). While such technologies provide a high level of privacy, they may not be necessary under your personal threat model. In other words, you probably don’t need to take the same privacy precautions as a Turkish dissident or an NSA whistleblower. And the best privacy recommendations can be counterproductive if you burn out trying to follow them, like one writer for Slate did(yeni pencere).
So, in this guide to internet privacy, we’ll show you how to understand your own threat model, followed by some practical steps you can take. Each of the sections has a simple recommendation you can follow to increase your online privacy. This page is designed to be a handy, ongoing resource rather than a quick checklist, so consider bookmarking this page to come back to it later when you need a refresher.
Table of contents:
- Why internet privacy matters
- Understanding your threat model
- Browsing online privately
- Communicating privately
- Secure your device
I. Internet privacy is important for everyone
If you use the internet for any reason, then your personal data is vulnerable to being collected and misused by someone. Without internet privacy, someone could steal your credit card number or your identity. Internet privacy keeps hackers from breaking into your online accounts (you don’t want to be this guy(yeni pencere)) or Big Tech companies from monitoring your inbox or browsing activity.
As both citizens and users of the internet, we all have a stake in the quality of our society. Privacy is a fundamental human right and a prerequisite for democracy. For authoritarian governments and profit-seeking companies alike, invasions of privacy are a useful means of control. If you value your freedom or living in a free society, then internet privacy should matter to you.
II. Understanding your threat model
A threat model(yeni pencere) is a method of evaluating security and privacy risks so that you can mitigate them strategically. Since 100% privacy is practically impossible (and perhaps undesirable), defining a personal threat model will help you understand your internet privacy priorities. Start by answering the following questions:
- What information do you generate online? (Emails, searches, file uploads, and passwords are all examples.)
- What information do you want to protect?
- Who might want to gain access to that information? (For example, governments, advertisers, etc.)
- How is that information stored and transferred? (Is it end-to-end encrypted or collected by the service provider?)
This article provides solutions for both low and high threat scenarios. You don’t have to implement all the suggestions, depending on your threat model.
III. Browse the internet privately
Your browsing data is extremely valuable to companies that buy and sell targeted advertising. The largest companies in this space, like Google and Amazon, make so much money from your personal data that it is now more valuable than oil(yeni pencere). But these companies are vague about how they use and store(yeni pencere) your information, and data breaches(yeni pencere) and privacy scandals(yeni pencere) are so common that we’ve come to expect them.
Prying corporations aside, governments also collect huge amounts of data through mass surveillance, and some of them even conduct targeted surveillance (e.g. against journalists or activists). Also, the more data you transmit online and store in the cloud, the more likely hackers are to take advantage of it for financial gain. Increasingly, there are private alternatives to data-hungry companies. For example, Proton Mail is a private alternative to Gmail(yeni pencere). Instead of Google Drive, which can access and scan your files and documents, you could use encrypted cloud storage(yeni pencere).
Learn more: What is end-to-end encryption?
Use a privacy-focused browser
Google Chrome is the most popular browser in the world. But it enables so much data collection that The Washington Post said it “has become spy software(yeni pencere).” That’s because Chrome logs your browsing history and allows third parties to plant tracking cookies that monitor your activity.
We recommend: Use a web browser to block online tracking(yeni pencere). Firefox is the most popular privacy-focused browser(yeni pencere) because of its many features and open source code. If you must use Chrome, you can manage your Google activity(yeni pencere) to limit how much data it can collect.
Encrypt your internet connection with a VPN
A VPN(yeni pencere) encrypts your internet connection between your device and the server owned by your VPN service provider. Using a VPN can help keep your web traffic safe from anyone monitoring the network at the local level: hackers, your internet service provider, and surveillance agencies. A VPN will also mask your true location and IP address, allowing you to browse more privately and access geo-restricted content.
A VPN will not, however, protect your web traffic against the VPN provider. That’s why it’s important to choose a VPN service you trust(yeni pencere) that does not keep logs of your activity.
We recommend: Use Proton VPN(yeni pencere) on your desktop and mobile devices. It offers access to hundreds of servers in dozens of countries, has advanced security features like Secure Core(yeni pencere), and follows a strict no-logs policy(yeni pencere). Proton VPN also has a free VPN service(yeni pencere) to guarantee basic access to the internet to everyone.
Learn more: Your internet service provider is spying on you
Protect your search queries
Google tracks all its users’ search queries and clicks(yeni pencere). If you’re logged in to your Google account while using Search, the company keeps a record of this information connected to your profile. This has helped Google refine its search algorithms, but it also helps the company profit from your private data.
We recommend: DuckDuckGo(yeni pencere) is a private alternative to Google Search that doesn’t store users’ personal data or track their activity.
Limit the information you share publicly
A lot of sensitive information about you is publicly available on the internet. Some of it is a matter of public record, like court records, addresses, and voter registration. But much of it we put on the internet voluntarily, usually via social media, like photos (often location tagged), family members’ names, and work history.
Hackers can use these clues for social engineering and to answer security questions. Photos of you on social media can even be used to create deepfake(yeni pencere) videos of you. Almost all online services and internet-connected devices have privacy settings you can adjust to restrict the amount of information collected and/or shared online. You can also use a Hide-my-email alias(yeni pencere) when signing up for new accounts or newsletters instead of your real email address.
Limit the information you share privately
Online service providers can be vulnerable to data breaches(yeni pencere), which can instantly compromise your privacy, sometimes in embarrassing ways(yeni pencere). Even large services like Google or Facebook are not immune to data breaches. You can mitigate the privacy threat of data breaches by limiting the information you share with these services. For instance, you can use Google Chrome or Google Maps without logging into your account, or simply switching to a more privacy-friendly browser like Firefox.
If the services themselves (and their third-party partners) are part of your threat model, switch to privacy-focused services that do not collect user data. With Proton Mail, accounts are anonymous (not linked to your real-life identity), and we collect as little user information as possible.
Learn more: How to protect your children’s privacy online(yeni pencere)
Make your account safe and secure
First things first: To keep your online accounts private, you must keep them secure. Your password is your first line of defense. Make sure you use strong, unique passwords. A password manager(yeni pencere) can help you generate and store them so that you don’t have to write them down.
Your second line of defense is two-factor authentication(yeni pencere) (2FA). This is a way to secure your account with a second piece of information, usually something you have with you, like a code created on an authenticator app or fob.
Avoid using public computers to access your accounts because keyloggers can record your login credentials. And if you absolutely must use a public computer, be sure to log out of your accounts.
Many services (such as Proton Mail and Proton VPN) allow you to see when and from what IP address your account has been accessed. If you do not recognize one of these logins, you can log out of other sessions remotely(yeni pencere).
We recommend: Use an open-source password manager like Proton Pass(yeni pencere) to help you create and securely store strong passwords. Pass also encrypts important metadata, such as URLs and notes, for further privacy.
Learn more: How to create a strong password(yeni pencere)
Use HTTPS everywhere
Always ensure that your internet connection is encrypted from your device to the company’s servers. You can check that this is the case by making sure the URL of the website begins with “https”.
We recommend: Download the browser plugin called HTTPS Everywhere(yeni pencere) to help you do this automatically.
When to use Tor
If your threat model requires a very high level of internet privacy, you should connect to the internet through Tor. Tor is a technology maintained by the nonprofit Tor Project, which allows you to use the internet anonymously. It works by bouncing your connection through multiple layers of encryption, both protecting your data and concealing its origin. Tor also allows you to access censored websites (such as those offering end-to-end encrypted services) via the dark web. However, the downside of Tor is that it is generally significantly slower compared to using a VPN.
We recommend: Download the Tor browser(yeni pencere) or connect to the Tor network using Proton VPN(yeni pencere) if you have advanced privacy needs.
Learn more: How to use Proton Mail with Tor(yeni pencere)
IV. Keep your communications private
When communicating online, there are several ways companies or hackers can access your private conversations. Without encryption, an attacker monitoring the internet would be able to see the information being transmitted, from credit cards to chat messages.
Of course, the vast majority of online services use some form of encryption to protect the data traveling to and from their servers. But only a few tech companies encrypt your information in such a way that even the company cannot decrypt it. This kind of encryption is called end-to-end encryption(yeni pencere) (E2EE). Whenever possible, use services that offer E2EE and protect your privacy by default.
Use encrypted email
Services like Gmail and Yahoo can scan your mailbox to collect data. Google, for instance, reads your purchase confirmation emails(yeni pencere) to build a database of everything you buy. If you don’t want your email service provider to have access to this kind of private information, you should switch to an end-to-end encrypted email(yeni pencere) provider.
Messages between Proton Mail users are always transmitted in encrypted form. When a user sends an email to another Proton Mail user, the emails are encrypted on the sender’s device, and can only be decrypted by the recipient. All emails sent to/from a Proton Mail account (even if the other side is not using Proton Mail) are stored with zero-access encryption(yeni pencere). Once a message is encrypted, only the account owner can decrypt it.
We recommend: Create a free Proton Mail account(yeni pencere) and download our mobile app(yeni pencere) to start using private email(yeni pencere). When signing up for newsletters or online services, you should provide them with your encrypted email address.
Learn more: Five essential steps to keep your email safe(yeni pencere)
Chat privately with secure apps
For instant messaging, you have many options. WhatsApp is one of the most popular chat apps, and it features E2EE. But Facebook (which owns WhatsApp) can see who you communicate with and when.
We recommend: For better chat security and privacy, we recommend using Wire or Signal.
Phone number apps
Private phone number apps use Voice over Internet Protocol technology to allow you to make and receive calls and SMS with a second phone number. This can offer some privacy benefits because you are not always required to give the app provider any identifying information.
We recommend: Apps like Phoner(yeni pencere) provide anonymous calling and texting. You should keep your main phone number private while providing your second phone number for account verification and to online services that require a phone number.
Learn more: How to protect your privacy with a second phone number app(yeni pencere)
V. Secure your device
Most threat models should include the possibility of your device getting stolen or lost. Often, a compromised smartphone will also compromise many of your online accounts. Other times, device privacy simply means privacy from people looking over your shoulder.
We recommend: Adjust your notification settings so that messages and senders don’t appear on your lock screen.
Keep your device locked down
Because of the differences between operating systems and devices, we will only provide general recommendations here. Always set a password on your device. Biometric authentication, such as fingerprints or facial recognition, should be sufficient for most users. However, people with elevated security concerns may opt to require a password every time.
Those with advanced threat models may also want to encrypt their devices. This is usually an additional step. Follow the links for instructions to do so on Windows(yeni pencere), Mac(yeni pencere), and Android and iOS(yeni pencere).
Additionally, there are apps(yeni pencere) that allow you to wipe, locate, and potentially identify the thief if your device is stolen.
If your device somehow is compromised with spyware, a low-tech privacy solution, ironically popularized by Mark Zuckerberg(yeni pencere), is to cover your webcam with a piece of opaque tape.
Learn more: How to protect your phone or computer when crossing borders(yeni pencere)
Be vigilant for phishing attacks
A phishing attack(yeni pencere) attempts to steal your account credentials or infect your device with malware by tricking you into clicking on a link or downloading an attachment. Email is one of the easiest ways for hackers to get into your computer. So it’s important to be alert and never click on links or download anything from a source you don’t completely trust.
We recommend: Read our article about how to prevent phishing attacks(yeni pencere) to understand what phishing looks like and how you can protect yourself or your business.
Delete unused apps and ensure software is up to date
Another critical part of protecting your device is maintaining its software. You can help prevent attackers from installing malware on your device by keeping your apps and operating systems up to date. Software updates often include security patches for recently discovered vulnerabilities.
Conclusion
At Proton Mail, we believe a more private internet is possible, but it will require a major shift from the current ad-based business model. With your support, we will continue to develop tools that enable privacy, security, and freedom online. In the meantime, everyone can take simple, positive steps in their own behavior to improve their privacy individually. Because internet privacy is a sliding scale, implementing just a few of the solutions in this guide will give you more privacy than you had before.
What are your thoughts? Do you know some online privacy tips that aren’t mentioned in this guide? We would love to hear your feedback. You can find us on Twitter(yeni pencere) or Reddit(yeni pencere) to share your ideas.