Data Privacy Checklist

[Updated: Jan 27, 2024]

I’ve removed the introduction to this list. If you’re not already convinced that privacy is a basic human right and that we (as consumers and as citizens) need to actively demonstrate our desire for privacy, read this.

Here’s your action plan for Data Privacy Week. You can probably do most of this in a single week, but you don’t have to. Pace yourself – slow and steady wins the race. And if you’re in a position to help others to do these things, please do so. The more of us that do these things, the better off we’ll all be. If you’d like to formalize this with a gift, I’ve created some free downloadable coupons you can give to your loved ones.

Get Educated and Inspired

If you’re not already worked up, or if you need ammo to convince your friends and family, here are a few great resources. Everyone learns in their own way. Pick the ones that work best for your audience.

Upgrade to Kick-Butt Privacy

I’m going to tell you right now… while many of these things are free, some of them cost money. Actual money. You have to pay for them. But that’s a good thing. Paying for privacy shows that you care about it, supports organizations that are providing it, and encourages other companies to offer new privacy-respecting products.

  • Use Firefox. Chrome is a secure browser, but you simply cannot convince me that it’s private, even with their recent efforts to block 3rd party cookies. Google makes 90% of their revenue on ads, and they want to know as much about you as humanly possible. Be sure to set the privacy settings to “Strict” mode. (Safari is good for privacy, too, but is Mac-only. Brave is an option, too.) You can use Firefox on mobile phones, as well – or you might look at DuckDuckGo’s mobile browser.
  • Install privacy plugins. Honestly, all most people need is uBlock Origin to block ads. I used to recommend more, but Firefox and uBlock Origin have made most of them obsolete. See also my guide to safe surfing.
  • NOTE: Plugins can track you – be sure to delete all browser plugins you don’t absolutely need.
  • Use a privacy-respecting DNS service. DNS is basically the internet’s phone book – converting names (like to IP addresses (like By default, our devices use the DNS service of our internet service providers. This lets them track your web surfing habits, which they’re more than happy to sell. I recommend NextDNS or maybe Cloudflare’s You can also enable DNS over HTTPS (DoH). Firefox supports this and you can learn how to enable it here. This isn’t perfect privacy, though, due to reverse IP lookup. For full privacy from your ISP, you’ll need to use a VPN.
  • Use a VPN. You should use a Virtual Private Network (VPN) on any public network (wired or WiFi). But your ISP is watching you, too, so you might want to use it even at home. You should do this for both computers and mobile devices. However, you really need to understand what a VPN is and what it isn’t. Here are my suggestions. You might have a look at these reviews from Privacy Guides and WireCutter.
  • Use an encrypted messenger. There are several, but I recommend Signal – it’s considered the gold standard by most security and privacy pros. They are laser focused on privacy, unlike WhatsApp (which is owned by Facebook). Signal has apps for desktop and mobile.
  • Use a secure, private email service. This one is harder… email was never designed for privacy, so it has to be bolted on. This leads to inconvenience and incompatibility. I’m not gonna lie, private and secure email isn’t as easy as it should be. But make the investment, and companies will get the message. NOTE: it takes two to tango! If you’re not using Gmail, but your recipient is, then the entire conversation is compromised. So get your friends to switch, too! Note also that all of these recommended services have built-in calendars and contacts, as well.
  • Use a password manager. While this is more of a security thing than a privacy thing, it’s still crucially important today. I recommend BitWarden, but 1Password is also very good. (I would avoid LastPass, unfortunately.)
  • Use two-factor authentication. Again, more security than privacy, but still crucial. Use a time-based PIN authenticator app wherever possible. I would avoid Google Authenticator and use Authy instead.
  • Use email aliases. You probably only have one email address, which makes it a great way to track you. You can easily have unique email addresses for all your accounts that all route to your single inbox. It’s great for managing spam, too. Check out these two articles for help.
  • Reduce Your Google Footprint. Google owns a ton of popular services like Google Search, Chrome Browser, Android, YouTube, Waze, Gmail, Gcal, and much more. I wrote a whole serious of articles on this – start here.
  • Reduce Your Tracking Surface. In security, we like to talk about reducing your attack surface: minimizing the ways in which you could be hacked, often by removing devices and software entirely. The same is true about tracking – the fewer apps and devices you have, the fewer opportunities for them to monitor you and collect your private data. This article can help.

Adjust Your Privacy Settings

  • Update privacy settings. There are way too many to cover, but the StaySafeOnline site has a lot of helpful info, along with this amazing list for finding the privacy settings on dozens of services.
  • Dial back app permissions. This is mostly for mobile apps, but really applies to any software you install. They should be on a strict need-to-know basis with things like your location, address book, credit card numbers, and your personal info. You also need to limit access to the camera, microphone and photos. Be especially wary of granting “accessibility” access, as well – this can be used to scrape sensitive info from your screen and even click on things on your behalf.
  • Just say no. Many companies ask us to install phone apps – that’s probably so they can collect data. Even if the app owner doesn’t collect data, many app developers use software development kits (SDKs) from third parties that contain trackers. Just use their website and avoid installing a dedicated app. And delete apps you don’t need.
  • Give the gift of privacy. You should also be careful about what you buy for yourself and others. Check out my Best & Worst Gifts Guide as well as this article with free downloadable coupons you can give to friends and family.

Cut Way Back on Social Media

Yeah, I know. This is a tough one. We’ve been using social media for so long now… they already have so much info on you, what’s the point in changing now? The point is that you can still control what information you share going forward – and your old data will actually become less useful to advertisers over time. But perhaps more importantly, you can strongly convey the message that you care about privacy. If I could make one particular plea, though, it would be to delete Facebook. But short of that, here’s what you can do…

Go to your profile on each of your social media accounts and crank up your privacy settings. You can always change them later, if necessary. Oh – and keep checking these settings every so often. These companies change their terms of service and privacy settings all the time – usually in favor of sharing more, not less. (Oversharing information is a very real problem. Read this article if you’re skeptical.) Click the links below for help in changing your privacy settings.

If you want to know what data they have on you, check out JustGetMyData. If you’re ready to delete your data, try the sister site JustDeleteMe. Or you can even pay DeleteMe to do it for you.

Make Yourself Heard

Doing all the above will enhance your privacy right now. The whole reason we have to do all this crap is because our elected officials feel no pressure to represent our interests. Instead, they listen to corporations who use highly-paid lobbyists and campaign donations to push an agenda that guts privacy in favor of profits. But at the end of the day, these officials serve at your pleasure… if they don’t please you, make it very clear that you will remove them from office at your next opportunity.

The Electronic Frontier Foundation (EFF) has a wonderful tool for finding and contacting your representatives. They also have a guide on setting up a face to face meeting with your representative. Seriously. They’re there in Washington representing you. They meet with constituents all the time. Be one of them. Bring friends.

There are several other great organizations like the EFF who are out there fighting for your rights zealously every day. If you don’t have time to get politically active yourself, then give money to groups that are already doing it on your behalf. When they send you a T-shirt, a hat or a sticker, display it proudly where others will see it and ask questions.

This is how real change happens. This is what it takes. You can make a difference!

Other Privacy Guides

If you’re looking for more ideas or perhaps more detail, you have several great options. First, of course, is my book: Firewalls Don’t Stop Dragons. It’s jam packed with ideas (over 200 of them) and has step-by-step instructions with pictures. But here are several wonderful websites and guides that I often refer to myself:

Need practical security tips?

Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.

Don't get caught with your drawbridge down!

Scroll to Top