Data Privacy Checklist

[Updated: Feb 5, 2022]

I’ve removed the introduction to this list. If you’re not already convinced that privacy is a basic human right and that we (as consumers and as citizens) need to actively demonstrate our desire for privacy, read this.

Here’s your action plan for Data Privacy Week. You can probably do most of this in a single week, but you don’t have to. Pace yourself – slow and steady wins the race. And if you’re in a position to help others to do these things, please do so. The more of us that do these things, the better off we’ll all be.

Get Educated and Inspired

If you’re not already worked up, or if you need ammo to convince your friends and loved ones, here are a few great resources. Everyone learns in their own way. Pick the ones that work best for your audience.

Upgrade to Kick-Butt Privacy

I’m going to tell you right now… while many of these things are free, some of them cost money. Actual money. You have to pay for them. But that’s a good thing. Paying for privacy shows that you care about it, supports organizations that are providing it, and encourages other companies to offer new privacy-respecting products.

  • Use Firefox. Chrome is a secure browser, but you simply cannot convince me that it’s private. Google makes 90% of their revenue on ads, and they want to know as much about you as humanly possible. Be sure to set the privacy settings to “Strict” mode. (Safari is good for privacy, too, but is Mac-only. Brave is an option, too.) You can use Firefox on mobile phones, as well – or you might look at DuckDuckGo’s mobile browser.
  • Install privacy plugins. For Firefox’s desktop browser:
    • See also my guide to safe surfing.
    • NOTE: Plugins can track you – be sure to delete all browser plugins you don’t absolutely need.
  • Use a privacy-respecting DNS service. DNS is basically the internet’s phone book – converting names (like to IP addresses (like By default, our devices use the DNS service of our internet service providers. This lets them track your web surfing habits, which they’re more than happy to sell. I recommend Cloudflare’s You should also enable DNS over HTTPS (DoH). Cloudflare and Firefox support this, and you can learn how to enable it here. This isn’t perfect privacy, though, due to reverse IP lookup. For full privacy from your ISP, you’ll need to use a VPN.
  • Use a VPN. You should use a Virtual Private Network (VPN) on any public network (wired or WiFi). But your ISP is watching you, too, so you might want to use it even at home. You should do this for both computers and mobile devices. Here are my suggestions. However, there’s a lot of things to consider and these services change often. You might have a look at these reviews from Restore Privacy and WireCutter.
  • Use an encrypted messenger. There are several, but I recommend Signal. They are laser focused on privacy, unlike WhatsApp (which is owned by Facebook). Signal has apps for desktop and mobile.
  • Use a secure, private email service. This one is harder… email was never designed for privacy, so it has to be bolted on. This leads to inconvenience and incompatibility. I’m not gonna lie, private and secure email isn’t as easy as it should be. But make the investment, and companies will get the message. NOTE: it takes two to tango! If you’re not using Gmail, but your recipient is, then the entire conversation is compromised. So get your friends to switch, too! Note also that all of these recommended services have built-in calendars and contacts, as well.
  • Use a password manager. While this is more of a security thing than a privacy thing, it’s still crucially important today. I recommend LastPass, but BitWarden and 1Password are also very good.
  • Use two-factor authentication. Again, more security than privacy, but still crucial. Use a time-based PIN authenticator app wherever possible. I would avoid Google Authenticator and use Authy instead.
  • Shut your Pi-Hole. If you want a fun geeky little project that’s not nearly as hard as it looks, check out the Pi-Hole project, based on the tiny Raspberry Pi mini computer. It’s basically a whole-home internet filter designed to block ads and prevent tracking.

Adjust Your Privacy Settings

  • Update privacy settings. There are way too many to cover, but the StaySafeOnline site has a lot of helpful info, along with this amazing list for finding the privacy settings on dozens of services.
  • Dial back app permissions. This is mostly for mobile apps, but really applies to any software you install. They should be on a strict need-to-know basis with things like your location, address book, credit card numbers, and your personal info. You also need to limit access to the camera, microphone and photos. Be very wary of “accessibility” access, as well – this can be used to scrape sensitive info from your screen.
  • Give the gift of privacy. You should also be careful about what you buy for yourself and others. Check out my Best & Worst Gifts Guide.

Cut Way Back on Social Media

Yeah, I know. This is a tough one. We’ve been using social media for so long now… they already have so much info on you, what’s the point in changing now? The point is that you can still control what information you share going forward – and your old data will actually become less useful to advertisers over time. But perhaps more importantly, you can strongly convey the message that you care about privacy. If I could make one particular plea, though, it would be to delete Facebook. But short of that, here’s what you can do…

Go to your profile on each of your social media accounts and crank up your privacy settings till it hurts. You can always dial them back a bit later, if necessary. Oh – and keep checking these settings every so often. These companies change their terms of service and privacy settings all the time, usually in favor of sharing more, not less. (Oversharing information is a very real problem – read this article if you’re skeptical.) Click the links below for help in changing your privacy settings.

If you want to know what data they have on you, check out JustGetMyData. If you’re ready to delete your data, try the sister site JustDeleteMe.

Make Yourself Heard

Doing all the above will enhance your privacy right now. The whole reason we have to do all this crap is because our elected officials feel no pressure to represent our interests. Instead, they listen to corporations who use highly-paid lobbyists and campaign donations to push an agenda that guts privacy in favor of profits. But at the end of the day, these officials serve at your pleasure… if they don’t please you, make it very clear that you will remove them from office at your next opportunity.

The Electronic Frontier Foundation (EFF) has a wonderful tool for finding and contacting your representatives. They also have a guide on setting up a face to face meeting with your representative. Seriously. They’re there in Washington representing you. They meet with constituents all the time. Be one of them. Bring friends.

There are several other great organizations like the EFF who are out there fighting for your rights zealously every day. If you don’t have time to get politically active yourself, then give money to groups that are already doing it on your behalf. When they send you a T-shirt, a hat or a sticker, display it proudly where others will see it and ask questions.

This is how real change happens. This is what it takes. Stop sitting idly on the sidelines. You can make a difference!

Other Privacy Guides

If you’re looking for more ideas or perhaps more detail, you have several great options. First, of course, is my book: Firewalls Don’t Stop Dragons. It’s chock full of ideas (170 of them) and has step-by-step instructions with pictures. But here are several wonderful websites and guides that I often refer to myself:

Need practical security tips?

Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.

Don't get caught with your drawbridge down!

Scroll to Top