Skip to main content
  1. Posts/

A Normie's Guide to Online Privacy

·3078 words·15 mins
all tech privacy
Table of Contents

a foggy scene of a lake with one tree stump sticking out

If you’ve been on the internet much lately, you’ve probably noticed a growing distaste with big tech, corporate-run social media platforms, the huge amount of data they collect about you, and what they do with it. Know that, if that description fits you, you’re not alone. And if not… Well, just know that there are plenty of reasons to dislike the current trajectory of the internet.

However, taking control of your data from these platforms can be a daunting task that can quickly lead you down a rabbit hole of suggestions that all but require a background in cybersecurity to implement and maintain. Turns out, not everyone has the background knowledge, time, or interest to take complete control of every part of every system of your life that might connect to the internet. As someone who has started down that rabbit hole and decided that there’s just too much you could do, I want to provide a guide for people who want to improve their privacy and security without losing their sanity. For those that would prefer to do a deep dive, I recommend checking out Privacy Guides. It’s not perfect, but I find it to be a well-organized and helpful resource.

Now, I’m not going to get into the whys of most of this, there’s just too much there, but I’m guessing if you are looking to start on this journey you already have a grasp on the whys (at least as they pertain to you). Nor am I going to get into the idea of “threat modeling,” something that I found too tedious for my own uses. However, if you want to learn more, this video by Techlore on YouTube is very informative while remaining approachable.

With all of these steps I recommend taking one of two approaches:

  1. The Slow Approach - Taking small bites at a time, seeing how that works for you, adjusting, and then moving on to another bite. The goal is to make meaningful changes without sacrificing your ability to do what you want to do.
  2. The Riskier Approach - Taking a couple of big bites, and then spitting out what you can’t chew. I will say that I originally took this approach, and it did leave me with stress and anxiety around technology, leading to an “all-or-nothing” mindset that I needed to work through. It did, however, mean that I was able to make a good number of bigger changes in a short amount of time, and probably ended up doing more than I would have otherwise.

Whichever route you choose to go, always remember that things are going to keep changing, and that sometimes it’s not worth fighting something you really need or even really want. You’re not going to find perfection and stay there forever. You’re just not. So, don’t get so invested in any of these steps that feeling like you need to change things again adds stress. I still use Google products and services, I still watch YouTube, I still use Windows and Amazon and Instagram… I just use them more mindfully.

With that out of the way, let’s dive into our first step.

Step 1. Wrangle Your Passwords #

via GIPHY

This is the most important step you can take. Admittedly, this step has more to do with security than it does privacy, but the two are quite intertwined. If you only do one thing on this list, do this one.

Consider Ditching Your Browser’s Password Manager #

Please consider discontinuing use of your browser’s built-in password manager (if you haven’t already). They were bolted on as a way to streamline the user experience and get people to tie themselves to their browser of choice. This was popularized by Google Chrome and later adopted by other browsers, as well. And while they have all made great strides, over the years, to make them more useful and more secure, they fall short when compared to a good standalone password manager.

Of course, if you were using just one password everywhere or writing them down on paper, then… Please stop. Even a browser’s built-in manager would be a huge step up for you.

There are several good standalone password managers, but I recommend Bitwarden. It offers a feature-rich free tier and has the benefit of being open source. Bitwarden has browser extensions and apps for basically any browser and platform, making it easy to retrieve and use your passwords just about anywhere. Cool!

Once you have exported/imported your passwords into your new password manager, be sure to delete them anywhere else they are stored. This will ensure that they aren’t floating around in a less-than-secure or rarely-checked account somewhere and also make it easier to manage them, in one place, moving forward.

Setting and Remembering a Master Password #

When setting up your Bitwarden (or other password manager) account, you will need to set a master password. This is the password you’ll use to unlock your account to access your passwords moving forward. Be sure to set this to something very secure and memorize it. You can use Bitwarden’s own secure password generator to make something really secure.

a screenshot of the Bitwarden password generator

Then test it using something like this to ensure it’s passing muster.

a screenshot of the passwordmonster password tester with a passing password inserted

Now, a secure master password will probably be difficult to remember! So, just in case you ever forget, I recommend writing it down. I know I know, I just said not to write them down! But, we’re going to write down just this one, on a small piece of paper, and then we’re going to hide it somewhere where no one is likely to go looking. I mean somewhere even you might forget. Then, we’re going to set a password hint, not for your actual password, but for where to find the piece of paper. No, seriously, write yourself a little scavenger hunt!

Here’s an example. Let’s say you generate and use the secure password: ZvW2UuLXK7ahvP. You memorize it, write it down on a little slip of paper, fold it up, and hide it by taping it to the bottom of your high school soccer trophy, which is on the shelf, on the other side of the house. Then, rather than making the password hint something to help you remember ZvW2UuLXK7ahvP, you make it something to remember where you hid the paper, like: “State champs at kicking butts!”

Now, you have a very secure master password that you’ve memorized, but can find again if you forget. However, if someone else wanted to get into your account they’d need to gain access to your email, get the password hint sent to them, guess that the hint is referring to some physical location and not the password itself, guess the correct location and gain access to that location, and then find the piece of paper with your password on it. By then, you’d surely have seen the password hint email come through and could reset your password, making the original one you wrote down useless, or called the cops on the person invading your space!

Of course, this is just my suggestion, but if you think another way of doing things is better, go for it. The main things here are:

  1. Using a strong password, that’s…
  2. Hard to find, and…
  3. Being notified if someone’s trying to get in so you can take action.

Now that you’ve secured your passwords, it’s time to…

Make Them Better #

This is the least fun part of this step. We need to make your existing passwords better.

Most of us used bad password hygiene at some point or another. This means it’s very likely that, even if you have great password hygiene now, you have accounts out there using weak passwords, the same passwords, or both (yikes!). Both Chrome and Firefox’s password managers have tools to help you spot and secure these accounts, as does the Premium version of Bitwarden (just $10/yr for individuals at the time of writing this). Find those compromised, weak, or reused passwords and change them. While you’re at it, check if those accounts offer updated security features like 2FA and set those up.

Depending on how many passwords you have saved, this could take a long time. I’m still going through all of mine, but it’s an important step and worth the tedious process.

Clean Up Your Accounts #

Last, but not least, while you’re going through and updating all your passwords, it’s worth consider if there are any accounts you have that can be closed/deleted. The easiest way to not get compromised through an account is to not have one!

After that, we can move onto step two!

Step 2. Browsers & Search Engines #

via GIPHY

For a lot of us, I’d be willing to bet that one of the, if not the, first things we do when we turn on our computers are 1. open a browser, and 2. type something into a search engine. For the majority of users in the last decade or so, that’s meant Google Chrome and Google, and I think most of us know how poor those are for privacy. Let’s see what we can do about that!

Browsers & Browser Settings #

I am not here to tell you to use a specific browser(s). I’m not even here to tell you to avoid any specific browser(s). But, what I am going to do is encourage you to consider the following:

  1. Who makes your browser?
  2. How do they benefit from you using their browser?
  3. Do you feel comfortable with that?
  4. If not, maybe look into alternatives.
  5. Regardless of the browser you choose, look through each and every one of its settings and make changes where you can to improve your privacy.
  6. Use an adblocker. I recommend U-Block Origin or U-Block Lite (depending on what your browser supports). This not only blocks ads, but also most trackers.

That’s it! Even in Chrome, you have options. Use them!

Now, I will suggest a few browsers to look into here, in no particular order:

Search Engines & Their Settings #

Google is almost absolutely the search engine you either use now, or have used in the past. It’s the gold standard in terms of results (though, that’s sorta changing), but it’s the bottom of the barrel for privacy. Less creepy options include: Duckduckgo, Brave Search, and Ecosia.

But, if you (like me) have decided getting the information you’re looking for in the quickest way possible is worth a little privacy trade off, that doesn’t mean you’re completely powerless! Let’s look at what you can change to make Google a little less creepy.

Step 3. Google -> Start From Scratch #

If you use any Google software, I recommend parring your privacy settings down to the minimum, and then sprinkling things back in as needed. To do this:

  1. Go to Google
  2. Click your profile image in the top right
  3. Click ‘Manage your Google Account’
  4. Click ‘Data & privacy’
  5. Go through History settings, Personalized ads, and Search personalization, and turn it all off

a screenshot of a Google account Data & privacy management page with some settings turned ‘Off’ or ‘Paused.’

This will basically tell Google not to keep a paper trail of your activity, and not to use anything it does learn about you to serve you targeted ads. This is a really simple step that makes a big difference.

One thing I do turn back on is my YouTube history. I watch a lot of YouTube and there’s nothing I hate more than being recommended a video I’ve already watched.

Alternatives #

Now, I personally don’t actively avoid Google products, but I do look at alternatives from time to time. For example, I don’t always use my Gmail for everything. I also a Proton account and private email through my personal domain. I don’t always use Google Maps over Apple Maps. I don’t always use Google’s apps, like Keep or Photos. Alternatives are out there, and I think it’s worth looking at them from time to time, if only just to see what other’s are offering.

Step 4. Social Media #

via GIPHY

Social media is hard to avoid these days. It’s how we connect with others online, how we share and consume media, and how we keep up with current events. But, social media is a very powerful tool for marketers and data brokers, and the amount they can know about you from your social media usage is… Scary.

Check Your Settings, and More Than Once #

It’s really hard to just drop social media altogether in the name of online privacy! Thankfully, most platforms will give you some control over what data they can collect and what they do with it. For example, in Instagram you can

  • Adjust what information is used to show you ads
  • How your information is shared with Instagram’s partners
  • Whether the ads you see are targeted to you based on your data.

A baseline of privacy would be nice, but it’s important to know that these settings exist and how to change them. Each platform will be a little different, but should allow a similar level of control.

Be Selective #

However, while adjusting those settings is a good step, if you want to go a step further, consider which social media platforms you’re on and how they approach privacy.

For example, Instagram is probably the largest image-sharing platform, but they collect a huge amount of data about you, claim ownership of everything you upload, and use your data to advertise to you across the web. Pixelfed, in contrast, is a newer platform that is ad-free and privacy-first by design, but lacks the large user base and feature set of Instagram.

Alternatives like Pixelfed exist for any of the major social media platforms you probably use, and they’re worth checking out if you want something a little less… Creepy.

Step 5. Operating Systems & Their Settings #

Operating systems, the underlying software that allows you to use the programs and apps you use every day, can also be a privacy nightmare. Sadly, many of the new “features” in operating systems are, in large part, data-collecting tools, and should be treated as such.

Let’s look at each of the major OSs in this regard.

macOS #

Apple loves to tout their priority on privacy, but it’s important to remember two things when it comes to Apple:

  1. They receive $20 Billion (probably more, now) per year from Google to be the default search engine in their software. So even if they’re not collecting your data, they’re profiting off of giving it to someone else.
  2. Apple has their own ad network, which is estimated to be worth billions, and surely uses your data to target ads to you.

If you run macOS, it’s worth going through its settings and adjusting things as desired to reign in some of your data-sharing.

Either way, it’s surely not as bad as the next guy.

Windows #

Ah Windows… Currently my desktop OS of choice, though, not entirely by choice. For those of us who primarily use their desktops for gaming, content creation, and media consumption there’s just not a perfect alternative. Between anti-cheat software, DRM, and proprietary software, Windows is the most flexible of the three major systems. Unfortunately, Windows is easily the worst desktop operating system for privacy.

Still, there are plenty of settings you can adjust to help mitigate the lots-of-data-sharing defaults. Primarily, I’d recommend the following:

  1. Don’t use Copilot. It can be disabled and even uninstalled, as far as I know, but I haven’t gone through the trouble. I just never click on it.
  2. In Settings, navigate to Privacy & security, and go through each section, turning off as many of these “features” as you feel comfortable.
  3. In Settings, under Accounts -> Sign-in options, set up a local account and then remove your Microsoft account (if not needed).

Of course, there’s a lot more you can do, but the above steps provide a baseline to feel a little less like big brother is watching.

However, neither macOS or Windows can come close to the privacy provided by our next option.

Linux #

GNU/Linux can be intimidating, but if you are serious about privacy, this is the OS for you. That said, it’s a whole deep-dive/rabbit-hole that I don’t really want to get into in this post. Just know that most distributions of Linux collect no data by default, or give you easy options to turn any data collection off. The downside is that there is a learning curve and most of your current software probably doesn’t run on it.

If you do want to give Linux a try, I recommend dual-booting to start, which will give you the option to go back to Windows at any time, and using a user-friendly distribution like Pop!_OS or Mint.

Phones & Tablets #

Much like desktop operating systems, mobile operating systems also collect a ton of data about you. Far more than your desktop, in fact. Your phone probably knows most of your online activity, what you listen to, where you’ve been, and more.

Regardless of whether you use Apple products or Android, the main thing you’ll want to do here (apart from everything mentioned under Social Media above) is stop app tracking. There are a few ways to mitigate this, but this article does a better job than I could do here: https://tuta.com/blog/app-tracking.

Apart from that, many apps will have their own privacy settings in the app’s settings. Also, check your phone’s settings from time to time (especially after major updates) and delete apps you don’t use. Without moving to a de-Googled OS or the like, there’s only so much you can do, here.

Step 7. Add Sprinkles #

Those are the basics, the baseline to make your digital wold a little more private and secure. From here, you probably either feel overwhelmed or are ready for more! If you are ready for more, don’t jump in too far too quickly, burnout is real and it’s better to do a little, consistently, than do a lot and give up after a short while.

Things like using a VPN, learning about DNS, setting up Pi-holes, switching email providers, etc… It can all get overwhelming quickly. Do a little bit at a time and see what works/doesn’t work for you. It’s not perfect, but Privacy Guides can be a great resource for someone looking to really tighten up their online privacy.

And have fun with it!

via GIPHY