How to Protect Your Privacy Online
Most privacy advice is either too basic to be useful or too technical to be actionable. This is the version that sits in the middle — concrete things that make a real difference, explained without assuming you have a computer science degree.
Start with your internet connection
Everything you do online travels through your internet connection first. If that layer isn't protected, everything else is built on a weak foundation.
Use a VPN. A VPN encrypts your traffic and masks your IP address. Your ISP can see that you're connected to a VPN, but not what you're doing inside that connection. Websites see the VPN server's IP, not yours. On public Wi-Fi — coffee shops, airports, hotels — a VPN is the difference between your traffic being readable by anyone on the network and it being encrypted end to end.
Not all VPNs are equal. Free VPNs almost universally log and sell your data, which defeats the purpose entirely. A paid VPN with a verified no-logs policy and solid encryption is what you're looking for.
Use DoH (DNS over HTTPS). When you type a URL, your device sends a DNS query to translate it into an IP address. By default those queries are unencrypted and visible to your ISP — meaning even with a VPN, a DNS leak can expose the sites you're visiting. DoH encrypts those queries. Good VPNs handle this automatically. If you're not using a VPN, you can configure DoH directly in most modern browsers.
Lock down your browser
Your browser is the thing doing most of your internet activity, and the defaults on every major browser are set for convenience, not privacy.
Switch to Firefox or Brave. Chrome is Google's product and it behaves accordingly — it's built to feed data into Google's advertising infrastructure. Firefox with the right settings, or Brave out of the box, blocks trackers by default and gives you meaningful control over what gets through.
Install uBlock Origin. It's the most effective ad and tracker blocker available. It blocks the scripts that ad networks use to follow you across websites, which meaningfully reduces the amount of data collected about you. It also makes most websites faster.
Understand browser fingerprinting. Cookies get most of the attention, but fingerprinting is harder to block. Websites collect dozens of data points about your device — screen resolution, installed fonts, browser version, time zone, hardware specs — and combine them into a profile that identifies you even if your IP changes and you've cleared your cookies. Privacy browsers actively work against this. Standard Chrome does not.
Your accounts and passwords
Weak or reused passwords are the most common way people get compromised. This is also the most fixable problem on the list.
Use a password manager. LastPass, Bitwarden, 1Password — pick one. A password manager generates and stores unique, complex passwords for every account so you don't have to remember them or reuse them. Reusing passwords means one breach on a low-security site gives attackers access to every account where you used the same credentials.
Turn on two-factor authentication everywhere it's offered. An authenticator app (Google Authenticator, Authy) is stronger than SMS-based 2FA, which can be intercepted through SIM swapping. But SMS 2FA is still meaningfully better than nothing.
Use a separate email for accounts you don't care about. Signing up for things with your primary email address means that address eventually ends up in data broker databases and breach lists. A throwaway address for newsletters, free trials, and low-stakes accounts keeps your primary inbox cleaner and your real email off more lists.
What you share and where
Privacy isn't just about what's collected without your knowledge. A lot of it is what you hand over voluntarily.
Audit your app permissions. Most apps request far more access than they need. A flashlight app doesn't need your location. A recipe app doesn't need your contacts. Go through your phone's app permissions periodically and revoke anything that doesn't have an obvious reason to exist.
Be careful with Google and Facebook logins. Using "Sign in with Google" or "Sign in with Facebook" is convenient, but it ties your activity on that third-party site back to your Google or Facebook profile. Those platforms can see which services you've connected and use that data. A separate account for each service with a password manager is more private.
Think about what's in your photos before sharing them. Modern photos contain EXIF data — metadata that includes the time and GPS coordinates of where the photo was taken. Most social platforms strip this when you upload, but not all do. If you're sharing photos directly or through messaging apps, tools exist to strip EXIF data before sending.
Data brokers and your digital footprint
Data brokers are companies that collect, aggregate, and sell personal information. They pull from public records, social media, purchase history, and hundreds of other sources to build profiles that include your name, address, phone number, relatives, income estimates, and more. These profiles are sold to advertisers, employers, landlords, and anyone else willing to pay.
Removing yourself from data broker databases is tedious but doable. Sites like Spokeo, Whitepages, BeenVerified, and Intelius all have opt-out processes. Services like DeleteMe automate this for a fee. It's not a permanent fix — the databases get repopulated — but regular removal requests meaningfully reduce your exposure.
Searching your own name periodically tells you what's out there. It's worth knowing.
How Veilock fits in
Veilock covers the network layer — the part of your privacy that most tools don't touch. It encrypts your traffic, masks your IP through its global server network, and handles DNS through DoH so your queries aren't leaking to your ISP. The no-logs policy means there's no record of your activity stored on Veilock's infrastructure.
Vortex, Veilock's obfuscation layer, makes the VPN connection itself harder to detect — useful on networks that actively try to block or throttle VPN traffic, including in countries with heavy censorship.
For most people's threat model, a properly configured VPN handles the most significant privacy vulnerabilities. Everything else on this list builds on top of that foundation.
Common questions
Is a VPN enough to protect my privacy?
For network-level privacy, yes — it covers your ISP, public Wi-Fi exposure, and IP-based tracking. It doesn't protect you from tracking at the application layer (logged-in accounts, cookies, browser fingerprinting). A complete approach uses a VPN alongside a privacy browser and good account hygiene.
Does using private browsing mode protect my privacy?
Only on the device itself. Incognito mode stops your browser from saving history locally, but your ISP, network administrator, and the websites you visit can still see your activity. It's not a privacy tool in the broader sense.
What's the fastest way to improve my privacy right now?
Install a VPN, add uBlock Origin to your browser, and turn on two-factor authentication for your email and any financial accounts. Those three changes cover the most significant vulnerabilities for most people.
Should I use Tor instead of a VPN?
Tor provides stronger anonymity but is slower and less convenient for everyday use. For most people's needs — ISP tracking, public Wi-Fi security, location masking — a VPN is the right tool. Tor is better suited for situations where stronger anonymity is specifically required.
How do I know if my VPN is actually working?
Run a DNS leak test and a WebRTC leak test with your VPN connected. Several free tools online do this — they check whether your real IP address or DNS servers are being exposed despite the VPN. If they are, your VPN has a configuration problem worth addressing.