Skip to content
Vinthony

Digital privacy basics

Most adults are at 2/10 on digital privacy and don't know it. The good news: a single afternoon of unglamorous work gets you to 7/10. Beyond 7 requires meaningful trade-offs; getting to 7 is mostly free.

The realistic threat model

Privacy advice often opens with worst-case scenarios — nation-state actors, mass surveillance, sophisticated targeted attacks. These are real for journalists, dissidents, and a small number of public figures. For most adults, the realistic threats are more mundane and more common:

The basics protect against most of these for most people. The advanced stuff is for the small number whose threat model genuinely warrants it.

The one-afternoon protocol

The unglamorous core. Use the digital hygiene checklist to tick items as you go.

  1. Install a password manager. Bitwarden, 1Password, or a built-in browser one. Long unique master password (4+ random words).
  2. Reset every reused password across your important accounts (email, bank, social, password manager itself).
  3. Enable 2FA on every important account. Hardware key (YubiKey) for the most critical; authenticator app (Aegis, Raivo, 1Password) elsewhere; SMS only when nothing else is offered.
  4. Encrypt your devices. Full-disk encryption is on by default in modern macOS and Windows Pro; confirm it's on, set strong device passwords, enable auto-lock under 5 minutes.
  5. Audit connected apps on Google / Apple / Microsoft / Meta. Remove third-party access you no longer use.
  6. Audit email forwarding rules. Make sure nothing rogue is forwarding your email elsewhere — a common compromise that goes undetected for years.
  7. Set up backups. Encrypted cloud backup for phone and laptop. Test that you can restore from them; an untested backup is wishful thinking.
  8. Close accounts you don't use. Old accounts at long-dead services are common attack surfaces. Use jastly an account-deletion service if you have many.

Beyond the basics

For most adults, the basics are sufficient. If you have specific concerns — public role, harassment risk, journalism, dissent — consider:

AI-era specifics

The 2026 update to digital hygiene:

Common mistakes

  1. Reusing passwords because ‘I can't remember unique ones’ (that's what a password manager is for).
  2. SMS 2FA on financial accounts when better options exist.
  3. No backups, or untested backups.
  4. Keeping every old account ‘just in case.’
  5. Treating privacy as paranoia rather than basic hygiene.
  6. Buying a VPN before fixing passwords and 2FA.
  7. Not having a verification protocol with family for urgent financial requests.

Related

FAQ

Why bother — ‘I have nothing to hide’?
Privacy isn't about hiding crimes; it's about not handing personal information to anyone who happens to ask. The cost of breaches has shifted from inconvenience to material — identity theft, fraud, social engineering, deepfake targeting, account takeovers. The investment is small; the protection is real.
Do I need a VPN?
Often less useful than the marketing suggests. VPNs hide your IP from the sites you visit; they don't protect against most realistic threats for ordinary users. Useful in specific contexts (public Wi-Fi, geo-blocked content, hostile networks). Not a substitute for the basics — password manager, 2FA, device security.
Are password managers safe?
Generally yes — the realistic threat model is that you're much more likely to be compromised by reused passwords across sites than by a password manager breach. Choose a reputable manager (Bitwarden, 1Password, or a built-in browser one with strong master credentials), use 2FA on the manager itself, and store recovery codes offline.
What about my kids and teens?
Different threat model. The risks are less about data brokers and more about social engineering, image-based abuse, financial scams targeting teens, and account compromise leading to harassment. Conversations matter more than software. Consider age-appropriate device limits, two-factor authentication on every major account, and clear ‘tell me before you click’ norms.
What's the highest-leverage single move?
Adding 2FA to your email account. Email is the master key for password resets on almost everything else. If your email is compromised, your bank, social accounts, work systems, and identity are downstream. Hardware key or authenticator app for email beats SMS.
Should I worry about AI scraping my data?
Reasonable concern, particularly for adults whose images, voice, or writing are publicly accessible. The realistic threats today are deepfake generation, voice cloning, and impersonation. Defensive moves: be intentional about what voice and video you publish, watch for deepfakes targeting your social circle, agree a verification protocol with family for financial requests by phone.