Before choosing any tool, it helps to understand what you're actually trying to protect, and from whom.

A few questions worth thinking about

• What information about you feels most sensitive right now?
• Who or what are you most concerned about having access to it?
• Is your concern about targeted surveillance (someone specific is interested in you) or passive data collection (companies building profiles for advertising)?

Most people's concerns fall into the second category. The good news is that common, practical steps address this well. You don't need to become a technical expert to meaningfully reduce your exposure.

If you'd like a more structured way to think about this, the Threat modeling page walks through a useful five-question framework.

Your browser is the window through which most of your internet activity happens. Most default browsers, Chrome, Edge, Safari, include tracking features or are built by companies with advertising business models.

For most people Switch to Brave. It blocks trackers, ads, and some fingerprinting by default. It works like a normal browser. You don't need to configure anything to get the basic protections.

If you prefer Firefox Install Firefox, then add the uBlock Origin extension. In Settings → Privacy & Security, switch Enhanced Tracking Protection to Strict.

You don't need to do anything else for now. Either of these setups is a meaningful improvement over using Chrome with no extensions.

If you use the same password on more than one site, or if any of your passwords are short, simple, or memorable, a password manager is the most impactful security improvement you can make.

When one site is breached and passwords leak, attackers try those credentials everywhere else. Unique, generated passwords for every site stop this entirely.

For most people Bitwarden is free, open source, and works on all your devices. Install the browser extension. Create an account. Start saving passwords as you log into things naturally, you don't need to change everything at once.

If you want passwords stored only on your device KeePassXC keeps your database as a local file. More control, more responsibility for backup.

Whichever you choose, the most important step is picking a strong master password you don't use anywhere else. Write it down and keep it somewhere safe physically.

Standard SMS is not private. Your carrier can see every message. Standard iMessage is better, but depends on Apple's infrastructure. WhatsApp has end-to-end encryption but is owned by Meta.

For most people Signal is the most trusted, most widely used option. It's free. The messages are end-to-end encrypted, meaning only you and the recipient can read them, not Signal, not your carrier.

The limitation is that your contacts need to be on Signal too. That's normal, start with the people you communicate with most, or those conversations that feel most sensitive.

Most people use Gmail or another free service that scans email content to target advertising. Switching email providers is one of the more disruptive changes, so it's not the first step, but it's worth considering when you're ready.

When you're ready Proton Mail is based in Switzerland and uses end-to-end encryption for email between Proton users. The free tier works for getting started.

Also worth considering SimpleLogin lets you sign up for websites with alias addresses rather than your real email. You can use it without changing your email provider at all. Every site gets a different address. If you start receiving spam, you delete that alias.

You don't need to

• Switch to Linux
• Use Tor for everything
• Delete all your social media accounts immediately
• Buy a new phone
• Use a VPN (unless your ISP or network is the specific concern)

These might be appropriate steps eventually, depending on what you're protecting. But they're not necessary for the basic improvements, and trying to do everything at once usually leads to doing nothing.

Privacy tools only help if you use them consistently. The most effective approach isn't having the best tools, it's developing a baseline habit of asking, does this service need this information?

• Do I need to sign in with my real email, or can I use an alias?
• Should I use this browser on this device for this task?
• Is this conversation one where I'd prefer Signal?

Over time, these decisions become automatic. You don't need to have perfect answers immediately.

• What is privacy?, the basics, clearly explained
• Threat modeling, a framework for thinking clearly about what you need
• Choosing a browser, more detail on browser options and tradeoffs
• Getting started with a password manager, step-by-step setup
• Choosing a messaging app, Signal vs Session and when each fits