This doc is likely out of date.

Generally, it's not good practice to keep outdated info like this up without at least mentioning that it's old. Sometimes, what used to be good advice becomes bad advice. This hasn't been looked at in many years at this point but anyone is invited to reach out if you'd like to help us update it.

tl;dr:

The tools to protect you will vary depending on who your attacker is.

If you're worried about random assholes on the internet harassing you, do #3, #4 and #5.

If you want to make it harder for the government to monitor you, do #2 and #5.

And everyone should do #1. It's just way easier.

---

In most cases, you will have to sacrifice some convenience in order to have better privacy & security. This list focuses on steps you can take that are not too inconvenient. Consider this list a foundation that you can build upon.

1) Use a password manager

Password managers are standalone apps or browser extensions that will remember your passwords for you in an encrypted vault that you open with a single master password. We recommend LastPass or 1Password. For more info, check out our password security guide. It's also a good idea to use two-factor authentication on important accounts. Two factor authentication comes in many forms, the easiest are text messages or authenticator apps you can run on your phone. Good password practices can help reduce the chances of important accounts being hacked, but for really critical accounts, using a second authentication factor means that even if your password is somehow compromised, attackers cannot log into your account without also hacking your phone. Critical accounts probably include your banking or credit card websites and your primary email account (whichever one you would use for most of your password reset options on other websites). A password manager can also aid you in using some forms of 2FA.

2) Encrypt your communications

Encryption is primarily for hiding what you're saying from the state or elite hackers (i.e. corporate espionage). Even if these are not major concerns for you, they may be for people you're talking with. We recommend incorporating easy to use encryption into your everyday communications. Some examples:

• Signal - Encrypted chat / SMS.
• WhatsApp - Also encrypted chat / SMS. Owned by Facebook but still widely trusted.
• Protonmail - An email provider that will encrypt messages for you when you email other people who are on Protonmail.

3) Lock down your social media

• Securing your Facebook profile is one of the top things you can do to reduce the risk of doxxing.
• Check out Twitter's privacy options
• Learn about privacy options on Instagram
• On Snapchat you can change who can send you messages, see your Story, or opt-out of "Find friends" if you're concerned about harassment from people who get a hold of your phone number.
• Overall, try to reduce your digital footprint.

4) Clearing data brokers

If a determined person on the internet wants to harm you, your biggest worry should be any personal data currently available on the internet. Unfortunately, most online services and businesses collect data about you, and many sell it to data brokers who are mainly serving the online advertising industry. This data can include your full name, phone number, address, social media accounts, and any number of personal details. This can be used to track or intimidate you. Cleaning up your personal data on the internet can be overwhelming, but our guide to clearing data brokers can help you get started.

5) Hide your identity

Because cleaning data brokers is a never-ending process (thank you, capitalist surveillance state) another good strategy is to spread misinformation about your identity. This is a long term project, and a part of good security hygiene. Check out our guide to obfuscating your identity for ideas.