I started off writing about de-Googling because Google is often the most difficult to disentangle from. Assuming you’ve done at least the 101-level tips (using an ad-blocker and anything other than Chrome), you’re now in a good place to move off of Amazon.
The easiest and most obvious place to start is to stop ordering physical goods from them. Delete the app from your phone, remove all your payment methods from your profile, and block the website. Make it a hassle to pull up the site to browse. I know all big box stores are problematic and there’s no ethical consumption under capitalism, but this is a step in fully divesting from Amazon. We do local grocery stores, direct websites, and yes, Walmart when we need to. It’s practice in shopping with intent, and in asking yourself if you really need the thing if you have to pay $5 more for shipping or leave your house to buy it.
The next thing is my primary focus for the post: finding alternatives for your Kindle and Audible content. I know this is a small segment of the general population, but avid readers tend to be creatures of habit, and I think this is a task that people abandon too quickly because it feels so insurmountable.
Kindle devices lock you into an ecosystem and, like Google, it can be really difficult to break free. At the very least, Amazon used to offer a way to download your Kindle purchases to your computer and transfer via USB, but they restricted that earlier this year, making it even harder to take your books elsewhere. If you haven’t already downloaded your Kindle library locally, it’s nearly impossible to do now.
That said, before we get into anything else, resolve to stop buying ebooks and audiobooks from Kindle and Audible today. You do not have to abandon your Kindle to continue reading. You can use Overdrive/Libby to borrow ebooks from your local library.
For audiobooks, Libro.fm is a great alternative to Audible, allows you to download your audiobooks DRM-free so you can play them in any app, and shares profits with a bookstore of your choice. Bookshop.org is a similar alternative for ebooks, but you can also opt to get ebooks straight from the author or publisher. They will likely be more expensive than Amazon, but you will be getting files that you can use in any ereader or app of your choice and you will be supporting local bookshops or authors. To get these onto your Kindle, you can either use the regular Send to Kindle feature, or use Calibre.
Calibre is a library manager that you will need to download to your computer. Drop your books into the app, download the metadata to clean it up, then connect your Kindle to your computer to transfer. It’s not gorgeous by any means, but it’s a great way to deal with your ebooks without having to rely on Amazon.
With your library in Calibre, your books will be much easier to transfer to other devices. So WHEN YOU ARE READY (or whenever your Kindle finally dies), I implore you to look into the world of non-Kindle ereaders. Look up Kobo, Boox, or Pocketbook. Some ereaders run on Android, through which you’ll still be able to download the Kindle app and read your previously purchased books, but you won’t have to stay locked in the Amazon ecosystem.
I’ve had a couple of Boox devices and have been very happy using BookFusion (an awesome Caribbean company that just provided Jamaican students with free access to any of their textbooks) as my main reading app. BookFusion is also compatible with ebook/audio files for immersive reading.
None of this is sponsored; I’m just recommending things that have worked really well for me. These seem to be a couple of the biggest hurdles in people getting Amazon out of their lives, so hopefully this is helpful to some of you!
I don’t know if I ever really dug into the details of my own journey of freeing myself from Big Tech. I’m aware that I lean more Tinfoil Hattie and my kids always tell me I’m doing too much, but I still want some level of convenience. These are the caveats that have informed my choices so far:
When it comes to my kids, I can set up some limits on their devices and inform them of risks and give advice (and I do, to an annoying extent), but ultimately I can’t control everything they do.
My family is in the Apple/iCloud ecosystem. We are making use of all the privacy and security tools they offer, but I’m not going to try to force them to adopt other tools.
While my partner and I are reasonably tech savvy, we don’t have the time or money to put into a home server to self-host everything. We will probably start to dabble in the future, but not now.
School and work still run on Google Workspace. We’re still using Apple products. But I am trying to disentangle us from these services as much as I can, and I am pretty happy with my progress so far.
On desktop, I’ve found Freetube to be a great replacement frontend, and I’ve been able to subscribe to all my favorite channels without having to hook up a Google account. Initial video loading is not as snappy, and occasionally YT breaks their code, but the devs are pretty quick to fix those issues. Outside of that, I haven’t had any issues watching everything I’ve wanted to watch.
For iOS, Unwatched for Youtube is a decent app for watching videos, but probably not suitable if you use Youtube to listen to music.
Bringing down the cloud
As mentioned, my family is on the Apple ecosystem for the foreseeable future. I acknowledge this is ethically not great, and is only marginally better than Google in terms of privacy as far as we’re aware, but I’m working to mitigate our dependence on iCloud so that we can gradually leave the service as our devices age out.
Part of that is backing up whatever we have stored in the cloud, which is Computer Ownership 101, but somehow I don’t know a single normie actually practicing this. Between my partner and I, we have external drives on drives on drives in our house and redundant backups.
Self-hosting Vaultwarden as a password manager has so far been a good experience. You get all the features of a paid Bitwarden account like TOTP, you can use all the regular Bitwarden apps and extensions, and it’s easy enough to get up and running through RepoCloud, PikaPods, or any similar types of services.
Using SearXNG has also been very cool. It’s a private metasearch engine that returns results from any major search engines of your choice, and removes all tracking from URLs. It’s self-hostable but there are also lots of public instances you can use. I’m testing it against Kagi for effectiveness, and so far have had no complaints.
And lastly, analog and self-hosted media are starting to make a comeback. Spotify’s ethics (rather, lack thereof) have been heavily scrutinized these past few weeks, and all the varied subscriptions have basically amounted to an old cable bill, so we’re all looking for ways to “own” our media. My partner has been an avid vinyl collector for years now, and my kids have gotten into CDs from going on all these crate-digging journeys with their dad. And everything I know about tech I learned from sailing the high seas, so I’m now learning how to update my methods from the skills I used back in college.
When I first wrote my Privacy 101 post, I thought it might be a little overkill for most regular people, but we’re about three months into the new regime and I’m now having to update to stricter advice.
It’s been widely reported that people returning to the US from international travel are being stopped by CBP and having their devices searched, regardless of whether or not they are citizens or green card holders. I wrote in my previous post that you cannot be compelled to give up your password to your device, but if you go this route, you risk having your device(s) confiscated and being denied entry to the US.
Instead, I will tell you what I plan on doing for my next trip (and I’m happy to note that this Wired article had very similar recommendations). Some disclaimers:
I am not a lawyer, and I have not had an opportunity to test this in the real world. This is just advice culled from different sources online, including lawyers and journalists, that I plan on taking.
These are loose guidelines meant for regular degular low-profile people who are just trying to gain entry as smoothly as possible. If you are an activist, journalist, or are otherwise a target of the administration, I urge you to look into stronger safeguards and have a lawyer. This is probably not enough.
Finally, this advice is intended to only address the issue of coming back into the United States – NOT for traveling to another country where your digital privacy might be violated. That is beyond the scope of this post.
Best practice: Use a dedicated device for international travel and leave your primary devices at home.
The second part (leaving your real devices at home) is more important than the first, primarily because Customs is a liminal space that’s not actually inside the US, where your regular rights don’t apply and they might just search everything on you.
The real point of the dedicated device is to give you a way to make and receive calls for a temporary period, and that’s it. This means no social media or email or anything else. But that’s a tall, unrealistic expectation for 2025 – people are going to take photos on their trip with their phone, and they’ll want to post those photos while they’re vacationing, I get it.
So in this 2025 scenario where you’re still a regular person who’s just going on vacation but wants to maintain a little privacy, here’s the protocol:
Use one of your old phones, or a really cheap phone, with a throwaway SIM. The best option is obviously a dumb phone, but I’m assuming no one wants to deal with that.
The temporary number from your throwaway SIM is only for people who might need to reach you in an emergency.
Do not log into your regular iCloud or Google account on this phone. If you must log into an account to sync photos, use a new, clean account that will only be used for the duration of your trip, and do not keep any sensitive data on it.
Do NOT set up biometrics on the phone while you’re traveling. That means no FaceID or TouchID. Set up a passcode to your phone (make it as long as you can remember).
Use Signal to text message, and go to Signal’s settings to force the messages to delete after a certain amount of time, like an hour. (The recent scandal should be a testimony to how secure it can be, as long as you don’t accidentally add strangers to your group text like a bobo.)
If you have logged into any of your primary cloud accounts while on your trip, back up whatever needs to be backed up, and LOG OUT AND REMOVE DATA before leaving for the airport for your return flight.
If you are going to use social media apps while on your trip, DELETE these apps from your phone before leaving for the airport.
Power down your phone before you get to CBP.
Rationale: You can do everything right that day and they can still just decide to confiscate your device, and we don’t really know the tools available to law enforcement to get into your phone. Maybe they can crack your phone, maybe they can’t.
If you travel with a burner phone, then at least it’s not your primary device being searched or confiscated, but again, this precaution relies on you leaving your primary devices at home and ensuring you do not leave any of your data on the travel device. No officer, I only use this device to call and text my family. No officer, I am old and washed and have no social media.
The other option: back up your phone and erase everything before transport.
This is being floated as a good enough option, but you still run the risk of CBP just taking your phone. I don’t feel great about this, but if you don’t have access to a spare device, this is what I’d recommend doing with your primary phone.
Before embarking on your trip (meaning when you’re still at home) back up all of your current data to the cloud.
Erase your phone/restore it to factory settings.
Set up your phone as new and log into a new, clean iCloud or Google account, which you will use for the duration of your trip.
Follow steps 3-8 above.
Restore your phone to your last, pre-travel backup when you get home.
If you must travel with a laptop…
My best advice is that if you have any data on your machine that can get you in trouble (and in today’s landscape, that can mean a lot of seemingly innocuous things – photos, downloaded media, bookmarks to websites not approved by the administration like MSNBC probably), leave your laptop at home.
If you’re traveling for business and/or otherwise need to keep it on you, my best suggestion would be to back everything up to cloud and log out of your accounts before crossing the border. Clear all history and cache, and delete all sensitive data from your machine and redownload it when you get home.
If your 9-5 job is sending you abroad and you are traveling with their equipment, I strongly feel this is something you should bring up with your cybersecurity team and leadership. They should understand that this is a possibility, and should advise on what employees should do if they are traveling with trade secrets, personally identifiable information or personal health information, or any other sensitive data that can affect the business. If nothing else, corporations should understand that CBP is messing with their money too.
Anyway, I’m hoping this is enough to get each of us home safely from our travels with the least amount of fuss, and I hope you all find this helpful. The problem is, if there’s no due process – if a CBP officer can just tell you that you’re not a citizen and act accordingly– then it doesn’t really matter what kind of precautions you take, unfortunately.
They’re enthusiastically bending to fascism before even being asked
It’s time for you to leave them. It’s daunting and scary — Gmail was my primary mode of email for about 20 years — but you gotta do it. They already removed Black History Month from their calendars and changed their maps to reference Gulf of America before being asked. They’re bending the knee and they have all your data to just give to the regime if they wanted it.
Before we dive in, though, it’s best to be clear about the goals of de-Googling your life and the reality of your digital footprint.
You cannot take back the decades of data you’ve already given them. G knows you exist and probably has a clear profile of who you are. The point of all this is to try to mitigate the amount of data they collect on you going forward and to try to stop contributing to their revenue as much as you possibly can.
This is going to inform your choices in services. Maybe this project encourages you to stop using big tech services altogether. Maybe you even take it a step further and seek out the most private options. Or maybe you have a job that lives on Google Workspace so you can only de-Google your personal life. Or, like me, you have a family with shit to do, and you just need an easy off-ramp and can’t go full hermit mode.
My personal de-Googling journey was mostly informed by convenience. My family is already in the Apple ecosystem, so it was easy for me to just switch over to the tools I was already paying for. I won’t get into whether or not Apple is a more ethical choice (not really), but Advanced Data Protection is sufficient enough for my privacy needs. Also, I am the Tin Foil Hattie in my family, and these people were not going to follow me to a service nobody’s heard of, so it is what it is.
However, this is not the situation nor the best approach for everyone, so I’m going to take the principles here and expound. I won’t lie – de-Googling is a long and annoying process, but it’s not impossible. And because the point here is mitigation and not having to scrub yourself from the internet entirely, I’ll give you different levels of approach and you can choose to do all of them or just some of them.
Easy: Change your default search engine
The easiest place to start is to change your default search engine in your desktop and mobile browsers, as this is usually just one setting you have to adjust, and you never have to think about it again. Here are some alternatives:
DuckDuckGo: This has long been the standard in privacy, but some users say the search results have tanked in recent years. The advantage is that it comes with most modern browsers and can be chosen as the default without having to install any extensions.
Startpage: This is another anonymized search engine that gives you both Google and Bing results allegedly without tracking you. However, they are now owned by an advertising company, so proceed with caution. You may have to install an extension in certain browsers to be able to use this as your default.
Brave Search: This is the search engine used within the Brave browser, which I use as my default in Safari. It has its own indexing and gives the best results, IMO.
Easy: Change your default browser
Please, for the love of all that is holy, stop using Chrome. It’s not just a privacy nightmare; it’s inefficient and there are far better browsers out there. Switching your default browser is another thing that you can just set and forget, as most modern browsers have easy ways of importing all your bookmarks and other preferences. My recommended alternatives:
Firefox: As an iPhone/Mac user, I use Safari with AdGuard primarily, but have Firefox installed as a backup. It’s highly extensible.
Brave: I waffle back and forth about whether or not I should be using this browser, mostly because the CEO has shitty politics and it’s still built on Chromium, but Brave Shields work really well on ad and tracker blocking. Of all the Chromium browsers, it is the best one.
Medium: Move out of GDrive
This one is a little more time consuming (to transfer data) and will likely cost you money, so I’ve set it at a medium effort.
I use iCloud Photos and Drive because it’s something I already pay for. For people not in the Apple ecosystem, I’ve seen Dropbox and Ente most often recommended. I have also personally moved out of Dropbox because it’s expensive and I feel some type of way of putting all my data in another American tech company, and I’ve moved on to the following cloud providers:
Filen: This company is run out of Germany and touts end-to-end encrypted cloud storage. Its desktop app is pretty smooth, and they also offer lifetime plans that are stackable.
pCloud: Another cloud company based in Switzerland that also offers lifetime plans that are often discounted. Do be careful to use separate encryption (like Cryptomator) before uploading content here, though.
Medium: Transition to another email provider
Most of us on Gmail have been using it for literal decades, and the thought of moving onto something else is going to seem like a gigantic hassle no one has time for. So we do this one in steps:
First, choose another mailbox provider and set up a new account.
Remember: the primary goal here is to move data off of Google and prevent them from tracking you going forward. You just want a service that won’t be scanning all of your emails to serve you ads. Proton and Tuta are secure options, if that’s what you need, but do note that for fully secure email, whoever you are communicating with must also be using encryption. I’m using a combination of Proton and iCloud.
A quick caveat before you move forward:
The best practice is to configure every service you use with a different alias/email address, so you can easily kill that alias if the service sells your data and you start getting spam. There are many services out there that do this and will route all of your email to your primary inbox, so it’s a lot easier to do this than it sounds. With iCloud, they offer Hide My Email. Proton integrates with Simplelogin, which is a similar service. There’s also addy.io which integrates with Bitwarden.
Second, start changing your email in the services you use the most.
Again, you’re ideally going to do this with a different email alias for each service, but it’s entirely your choice. I have all my utilities and important accounts going to one email address, and I use a different Hide My Email alias for every other service, including shopping and media. For social media, I use a different alias for each account, and have that forwarding to Proton.
This is not something you need to do in one sitting. As you log into different websites over the course of a week or a month or several months, just change your contact/login info as you go along.
Third, set up a separate alias for Gmail to forward to.
Proton has a service configured outside of Google that automatically forwards all your future email to your new inbox. If you aren’t using Proton, I recommend using one of the aforementioned alias services to set up a new one only to be used within Google’s settings for forwarding (thus, you aren’t giving Google your real email address).
Fourth, download all of your old email from Google Takeout.
This is a good practice, but not super necessary if you don’t plan on deleting your old email and still want to be able to search through your archive in Gmail. If you want to be ready to leave Google for good, though, just grab all of your .mbox files and move them into another database or email app. I moved my stuff into DEVONthink and Apple Mail, so I can still look for important emails in the app of my choice.
Hard: Find decent alternatives to everything else
This is really the most difficult part of de-Googling because you have a ton of different options for other services, and none of them are that great.
I know the easiest transition for calendars and office tools is Microsoft 365, but I would never recommend them as an alternative to Google if the whole point is keeping your data from being used and sold. I’d sooner recommend the Apple tools for everything (including Maps), but they work best on Apple devices and I have no idea how they function on Android or Windows.
The r/degoogle wiki has the best list of alternatives I can find, but you can also refer to these European alternative lists, as they are bound by GDPR which is marginally better than whatever bullshit we have going on here in the States.
Hard: Completely de-Google on your Android device
I don’t have an Android device outside of my e-readers, so I don’t really know how to do this, but I know it’s not impossible. r/degoogle is a great resource for information on how to do this.
I’m here to hold your hand through improving your digital footprint in 2025. Think of me as your privacy auntie.
My creds: I am a technical writer in the identity/cybersecurity space. I have always been a tinkerer and reasonably technically savvy, but I am also very aware that most people aren’t trying to do too much. I want to give you easy and accessible ways to think about your threat model and harden your security, without having to set up bespoke solutions and freaking you out about snipers in the bushes.
Why?
Why should you want to improve your privacy and security controls?
You want the internet to stop feeding you creepily specific ads.
You don’t want strangers finding your private pictures or reading your diary.
You are currently applying to jobs and you don’t want your personal information easily googleable.
Data breaches happen super frequently in the US. Your information is already out there, and you can do something today to mitigate your risks and not freak out every time you get a letter in the mail about a new breach.
In some online spaces, it can feel like privacy and security control is an all-or-nothing scenario, that if you don’t spend tons of time setting up servers to self-host all of your files and using Tor for everything, you’re basically selling your soul to Google.
This is patently untrue. There are levels to hardening your privacy and security, and I’m going to help you address a reasonable few concerns. Toggle each heading for more details.
Level 1: The Bare Minimum
These things are less about privacy and more about security, but will set you up for success for everything else on this list. If you do nothing else on this page, at least do these three things. They’re basically set-and-forget, and will save you lots of anxiety in the long run.
Start using a password manager
No more using an easily guessible password on multiple websites, and no more storing your logins and passwords on a simple note or document. It is a HUGE pain in the ass to get an alert that your login information has been compromisedand then have to change your password on dozens of sites.
If you’re in the Apple ecosystem, the passwords app is free and is automatically implemented on your devices. Bitwarden is another solution that is also free, end-to-end encrypted, and has cloud sync so it’ll be available on all of your devices. 1Password is another easy-to-use solution. All of these options will generate unique passwords for each site you visit, and automatically store them so you don’t have to remember or paste them into another document.
Freeze your credit
Visit Equifax, Experian, and Transunion online and sign up for free accounts on each of their sites. You do not need to upgrade any memberships or pay for this service.
On Equifax, click Freeze from the sidebar. From Experian, look for Security Freeze. From Transunion, log into their Service Center. Enable a credit or security freeze on all three bureaus. This prevents anyone from opening any new accounts with your social security number, while still allowing you to monitor your credit. This can be managed entirely online, and you only need to go to those same links with to unfreeze your credit if you need to open up an account.
Stop answering your phone
Basically, just ignore all unexpected communication because they only want to separate you from your money. This one is so easy because all you have to do is nothing. If a phone call comes from someone not already saved in your contacts, send it to voice mail. If you get a text message or email from an unfamiliar sender, immediately delete it. If it’s reallyimportant, they will leave a message or find you somehow.
And this is something you really need to train your elders and children on. If you get an email that seems like it’s from Apple or Google or Chase Bank asking you to log in, unless you are already in a verification or two-factor authentication flow that you initiated, DO NOT CLICK THE LINKS IN THE EMAIL. Instead, type that shit in your browser manually and log in with your password manager.
Level 2: Baby Steps
Now that you’ve gotten your feet wet, let’s take things a step further and start working on your internet privacy.
Enable multifactor (MFA or 2FA) authentication
Multifactor authentication ensures that even if someone were to guess your password or somehow gain access to your password manager, they would not be able to log in to your accounts without an additional key on your person. The most secure way to do this is with an actual physical device like a Yubikey, but for most people, an authenticator app or a code sent to your mobile device is decent enough protection.
It can be a pain to do this for all of your existing accounts, so I recommend starting with the most important ones, which are typically your email accounts and bank accounts. The next tier you might want to address are your shopping accounts (anything that might have a payment attached to it) and your social media accounts.
And to make this easy for future you, starting today, just turn it on for any new accounts you sign up for going forward.
Start using tracking blockers and ad blockers
There are a gajillion adblockers out there, so use whatever works for you and your browsing habits. I’ve personally been using AdGuard for several years now and it’s been great, but I’ve also paid for a lifetime subscription and they don’t pay me to recommend them. The AdGuard desktop app works globally, so I don’t have to install an extension on each browser.
Additionally, tracking blockers help stop trackers from gathering data on you based on your browsing habits. If you’re on the Apple ecosystem, Safari has a built in feature (Settings > Privacy) to prevent cross-site tracking.
If you’re not in the Apple ecosystem, then I recommend installing uBlock Origin as a browser extension, but this comes with caveats. First, don’t use Chrome, full stop. It’s bad, it’s bloated, and it is not privacy-friendly. If you must use a Chrome-adjacent browser, I recommend Brave above anything else, and just disable Brave Rewards and Wallet in the settings. Otherwise, Firefox with uBlock Origin is also a great option.
This browser hardening not a difficult step, but it probably has the biggest impact in making browsing a more pleasant and less annoying experience.
Level 3: Do More
Now we’re cooking with gas. Here are ways to further protect yourself from prying eyes.
Encrypt your data
Apple and Google’s solutions for data protection are marketed for people at a high risk of a targeted attack (think journalists or politicians), but I’m seeing more outlets recommend taking these steps. And you should assume surveillance will ramp up and consumer data protections will decrease in the next admin, so it’s worth setting this up. These settings will encrypt your data in the cloud.
Apple calls this Advanced Data Protection and it’s can be found in System Settings > your main profile > iCloud. This requires you to set up a recovery contact or key, but can be done pretty quickly. Google calls it Advanced Protection Program and more details can be found here.
Have a plan in case your devices get stolen
Within the Apple ecosystem, Find My has an option to remotely erase any device tied to your Apple ID. I believe Google Find My Device has a similar feature for Android. The catch with both of these methods is that Find My needs to be turned on and your devices need to be tied to an ID before they get stolen, so you should set these up as soon as you get your device.
Because I also have an Apple Watch, I’ve also set up an automation so that a certain focus profile triggers the screen lock, turns the brightness to zero, and turns off Airplane Mode so my phone can be tracked and not used. I may not be able to recover the phone, but the thief will also never be able to use it.
De-Google/De-Microsoft your personal life
This is often feels like an impossible task — many of us rely on Google or Microsoft apps for work or school and are not allowed to use any other platform — so why do I recommend it at all?
Google exists to gather data on users and serve ads. Its apps are free because it’s actually selling you as the product. It tracks your searches and browsing habits and scans your email. And Microsoft is spyware, full stop. It has been known to rat on you to your employers regarding your own activity on its apps. If you must use them in your professional life, then I recommend not giving them any additional data on your personal life as well.
But this is its own project with its own levels, and not all levels need to be accomplished to make a difference.
Easy: Change your default search engine to something other than Google or Bing. DuckDuckGo is an alternative built into most modern browsers.
Easy: Switch from Chrome or Edge to another browser, like Brave or Firefox (which you should’ve already done).
Medium: Set up a new email address outside of Gmail or Outlook (proton.me or tuta.com are commonly recommended in privacy circles) and start changing your email address on your most important accounts, like banks and government stuff. Then gradually change your email address as you log into shopping and social media accounts. Let the junk go to Google or Outlook.
Medium: Find alternative apps for your photos and cloud drive. Dropbox, Ente, and iCloud are decent alternatives to just get out of the Google or Microsoft ecosystems, but you can also research more privacy- and security-centered alternatives.
Hard: Find alternatives for all other apps, including Workspace, Office, Maps, and Youtube. This is a level I personally do not bother with — I still use Youtube — but there are alternatives to all of these things. The user experience is usually just not very polished.
Hard: This one is not necessarily difficult, but it will mess with the convenience of all of your browsing. Go to Google Takeout to export and download all of the data they keep on you. Then go to Manage My Account > Data & Privacy, and pause all history and turn off all personalized options. If you still want the convenience of suggestions on Youtube, then at least turn off Personalized Ads. This is also a good page to just review all the data Google is keeping on you.
💡
Is Apple that much better? Apple loves to market its privacy and security measures on its own services and devices, but the jury is still out on whether or not it’s actually safer and more secure than Microsoft or Google if we’re talking about government backdoors or whatever. What I do know is that it’s convenient for me, and does not serve me ads on any of its services, which is good enough for my own personal threat model. Your mileage may vary.
Lock down your social media
The best recommendation here is to just not be on social media, but that’s not really a reasonable expectation in 2025. At the very least, be intentional about the social media platforms you engage with, and DEFINITELY delete your profile on the bird app, as that is now inarguably a data harvesting operation.
If you must give into the FOMO, and you have to keep a job outside of social media or entertainment, then don’t make your full government name visible on your profiles (with the exception of LinkedIn), and don’t post anything public, especially not anything stupid. IT WILL ONLY HURT YOU. Make your personal profiles private and be mindful of who you allow in.
This is generally good advice to keep yourself employable at the very least. There’s a larger philosophical discussion to be had about how to exist in the world without having an audience, and how social media has rotted our society, but that’s beyond the scope of this post.
Level 3.5: Your Work/Life Separation
These are additional steps you should take if you work in America.
Do not use personal devices for work
Do not ever allow your employer to install a managed profile on your personal devices. If they require a managed profile to be installed, they need to provide you with a separate device (laptop and phone) that they own.
Once they provide you with a work device, the best practice is to not access any of your personal life on it. Assume at all times that your employer is watching what you do on their devices, and also assume they will take ownership of any data on your device at the time of your termination.
Do not disclose your social media
I’d tell you to never take a job that requires you to give them access to your social media accounts, but I know we’re living in hard times. The reason why I tell you not to use your government name on sites like Instagram or TikTok is because it gives you plausible deniability. As far as they’re concerned, you don’t use social media at all; you’ve never even heard of her.
Level 4: Do Too Much
The following things might seem tinfoil hatty to regular people, but you’re smarter than that!
REALLY lock down your social media
This section goes beyond what you post and what is public, and is about what social media companies can track about you. There isn’t a whole lot you can do about a platform like Instagram, since you have to download the app to your phone if you want to post anything.
But for all other platforms like Facebook, LinkedIn, Bluesky, Reddit, etc. use them in your browser and don’t install the mobile apps. This way you can at least mitigate ads and tracking, and even install extensions for a better experience. Firefox has a Facebook Containers extension, which containerizes tabs you’re using for any Meta products. Safari has the Sink It extension for Reddit, which hides promoted posts.
Remove your personal data from search engines
Data brokers have made it alarmingly easy to get doxxed. Your home address, phone number, and closest confidants only take seconds to find online. One actually cool thing Google has done is make it easy to remove search results about you. Additionally, this is a great resource for removing information about you on a host of other sites.
Get a good VPN and use it
Essentially a VPN hides your IP and browsing habits from your ISP and other devices on whatever WiFi you’re on. It’s also handy for bypassing region locks on certain websites like streaming providers. It’s more important to make sure all the other services you use are secure through other means, but VPNs are commonly recommended as a next level of protection, especially if you use public WiFi networks (like at the airport or a coffee shop) with any regularity.
Schedule regular security reviews
Schedule security hygiene checks on your calendar. Like one hour every quarter to revisit all of the permissions on your phone and laptop (like what apps have access to your location, camera, microphone, etc.). Another hour every quarter to download one of your credit reports and review and address any changes. A different hour every quarter to check any identity monitoring services you have and change any leaked passwords (many password managers have a monitoring functionality built in). A different hour every quarter to google yourself and remove whatever needs to be removed.
Level 5: DO THE MOST
These are only a couple of steps you can take to protect yourself from scams, theft, or unlawful search. I’m sure there’s more I’m missing but I’m not a lawyer and this is intended to be cursory, 101-level type stuff.
Encrypt all the things
If you have really sensitive shit you want to keep in the cloud, but don’t really trust any cloud services to keep it safe from, say, a search warrant, you can use an app like Cryptomator or Veracrypt to encrypt your files before uploading to the cloud. This at least makes those files harder to crack.
Use E2EE communications only
More recently, the FBI has been recommending using Signal for cross-platform (iPhone to Android and vice versa) communications because foreign actors have been using the same backdoors insisted on by the US government to lurk around in our telecom systems.
iMessage and Google Messages are fine within their own ecosystems. Allegedly messaging within the Meta umbrella (Facebook, Instagram, Whatsapp) is E2EE as well, but I generally don’t trust them as a company and would recommend you divest from Meta platforms completely.
Have a plan in case you get nabbed by LEO
Probably consult a lawyer on this but it’s my understanding that passwords and passcodes fall under fifth amendment protection, and so law enforcement can’t compel you to give it up. Biometrics are another story, so you should understand how to turn this off quickly and require a passcode on your phone in case you ever get stopped by cops. (On the iPhone, you can do this by pressing the wake-up button five times).
LEO has tools to get into your phone if it gets seized, but the amount of data they can extract is pretty limited until you first unlock it. Thus, you want to implement a way to remote restart your phone. Apple has recently baked this into a software update, and will restart your phone if there hasn’t been any activity in a few days. You can also do this through an automation, either at a set time every day, or when some other focus or state is triggered (similar to what I previously recommended doing when your phone is stolen).
Additional Resources
Cover Your Tracks: This tool tests your browser against trackers and fingerprinting.
Privacy Guides: Why Privacy Matters: This is a super in-depth knowledge base on all things privacy, and can help you with an even more secure configuration on any of your devices.
