Perfect online privacy doesn’t exist unless you disconnect entirely. But you can significantly reduce how much data you share with companies, advertisers, and potential bad actors.

Here are the steps that make the biggest difference with the least effort.

The Browser Is the Starting Point

Chrome is the most popular browser. It’s also made by the world’s largest advertising company, which profits from tracking your online behaviour.

Switching to Firefox or Brave immediately reduces tracking. Both block third-party trackers by default. Brave also blocks ads natively.

If you want to keep Chrome, install uBlock Origin (ad and tracker blocker) and adjust your privacy settings: disable third-party cookies, turn off “Web & App Activity” tracking in your Google account settings.

For sensitive browsing, use a private/incognito window. It doesn’t make you anonymous, but it prevents your browsing history from being stored locally and limits some tracking.

Password Managers (Again)

I’ve mentioned this in the cybersecurity context, but it’s equally important for privacy. Reused passwords mean one breach exposes multiple accounts.

Use a password manager. Generate unique passwords for every site. This limits the damage when (not if) a service you use gets breached.

Enable two-factor authentication on everything important: email, banking, social media, shopping accounts.

Review App Permissions

Open your phone settings and review what permissions each app has. Many apps request access to your location, contacts, camera, and microphone that they don’t actually need.

A weather app doesn’t need access to your contacts. A restaurant app doesn’t need your microphone. Revoke permissions that aren’t necessary for the app’s core function.

Location permissions are particularly important. Set most apps to “While Using” rather than “Always.” Your food delivery app only needs your location when you’re placing an order, not 24/7.

Email Aliases

Your primary email address is your digital identity. It’s linked to dozens of accounts and appears in databases when companies get breached.

Use email aliases or a secondary email for online shopping, newsletter signups, and anything non-critical. Apple’s “Hide My Email” and Firefox Relay create disposable addresses that forward to your real inbox.

This means when a retailer sells your email to advertisers or gets breached, only the alias is exposed. You can delete it without affecting your primary address.

Social Media Privacy Settings

Each social media platform has privacy settings that most people never look at. Spend fifteen minutes on each platform adjusting:

Who can see your posts. Friends/connections only, or public? The default is usually more open than you’d want.

What information is public. Phone number, email, birthday, location. Make these private unless you have a reason for them to be public.

Ad preferences. Both Facebook and Google let you see (and somewhat control) what information advertisers use to target you. It’s worth reviewing and limiting.

Location history. Google tracks your location history by default. You can pause this in your Google account settings. You might be surprised by how detailed the record is.

DNS-Level Protection

This sounds technical but is actually simple. Changing your DNS provider from your ISP’s default to a privacy-focused alternative takes two minutes.

Cloudflare (1.1.1.1) doesn’t log your DNS queries. Your ISP’s default DNS typically does, creating a record of every website you visit.

On most phones and computers, you can change DNS settings in network preferences. It’s a one-time change that adds a layer of privacy to all your internet activity.

VPN: When It Helps and When It Doesn’t

VPNs encrypt your internet traffic and hide your IP address. They’re useful on public Wi-Fi (cafes, airports, hotels) and when you don’t want your ISP seeing your browsing activity.

They’re not useful for everyday browsing at home if you’ve already taken the other steps above. The VPN company can see your traffic instead of your ISP — you’re just shifting who you trust.

If you want a VPN, choose a reputable provider with a clear no-logging policy. Free VPNs almost always monetise your data. You’re paying with your privacy, which defeats the purpose.

Data Breach Monitoring

Register your email addresses at haveibeenpwned.com (a legitimate, well-respected service). It alerts you when your email appears in data breaches.

When you get an alert, change your password for that service immediately. If you’ve reused that password elsewhere (stop doing that), change it everywhere.

The Realistic Approach

You don’t need to do everything at once. Start with the highest-impact items:

1. Switch browsers or install a tracker blocker
2. Set up a password manager
3. Review phone app permissions

These three changes take about an hour and dramatically reduce your digital exposure.

Add more steps over time as you get comfortable. Perfect privacy isn’t the goal. Reasonable privacy with minimal effort is.