Privacy problems often become recovery problems. The more data an attacker can learn about you, the easier it is to phish you, impersonate you to support teams, and abuse password reset flows.
Start with the control plane: the accounts and settings that can reset everything else.
Start here: a privacy hardening checklist
- Secure your primary email account first. Use a strong, unique password and enable two-factor authentication (2FA) or passkeys.
- Use a password manager and unique passwords everywhere. Privacy collapses fast when one reused password unlocks multiple accounts.
- Reduce reliance on SMS for account recovery. If someone can take your phone number, they can often take your accounts.
- Remove or hide personal details that enable impersonation (birthdate, hometown, employer history, public friend lists).
- Turn off app permissions you do not need, especially location, microphone, and contacts.
If you only do one thing: Lock down your email inbox and your phone number. Those two surfaces decide whether most account takeovers are recoverable or catastrophic.
Separate device security from account privacy
Most people focus on malware and ignore accounts. In practice, attackers often take over accounts without touching your device by using password reuse, phishing, and recovery abuse.
Device basics still matter because they protect saved sessions and password manager access:
- Keep iOS, Android, Windows, and macOS updated.
- Use a long device passcode, not a 4-digit PIN, and enable full-disk encryption (modern phones do this by default when locked).
- Turn on device location and remote wipe features in case of theft.
Reduce what is public and searchable
Attackers do not need deep intelligence. They need enough details to sound like you to a help desk or to craft a believable message to your friends and coworkers.
- Make your social profiles private where possible and hide your email address and phone number from public view.
- Remove public birthdate, address history, and family relationships when the platform allows it.
- Do not publish images of travel documents, boarding passes, or ID cards.
If you want a structured approach to lowering exposure, see reduce your digital footprint.
Control the phone number
Phone-number takeover (SIM swap and port-out fraud) is a privacy and account recovery problem. If an attacker controls your number, they can intercept SMS codes and password resets.
- Ask your carrier what account takeover protections are available and ensure your account has a strong, unique PIN/passcode.
- Move critical accounts away from SMS-based recovery if you have better options (authenticator app, passkeys, hardware keys).
- If you suddenly stop receiving calls or texts, treat it as urgent and contact your carrier using a known-good number or official app.
Browser and app tracking controls that actually matter
Most tracking is not sophisticated. It is a collection of defaults: third-party cookies, ad identifiers, and overbroad permissions.
| Change | What it reduces | Tradeoff |
|---|---|---|
| Block third-party cookies and clear site data periodically | Cross-site tracking and persistent logins on shared devices | Some sites may log you out more often |
| Review app permissions quarterly | Silent collection of location, microphone, and contacts | Some apps lose convenience features |
| Disable ad personalization where available | Behavioral targeting tied to your device and accounts | Ads become less "relevant" |
Public Wi-Fi and VPNs
On public Wi-Fi, assume the network is hostile. A VPN can reduce some risks by encrypting traffic between your device and the VPN provider, but it does not make you anonymous and it does not fix compromised devices.
- Use a VPN on open or untrusted networks, especially when traveling.
- Prefer HTTPS sites and avoid logging into sensitive accounts on unknown networks when you have safer alternatives.
- Do not install "security certificates" or profiles from captive portals or pop-ups.
If you suspect a targeted situation
If your risk includes stalking, intimate partner surveillance, or workplace monitoring, privacy steps can have safety consequences. Prioritize personal safety, preserve evidence, and get help before taking actions that could escalate the situation. For device-level checks and safe next steps, start with how to check if your phone is hacked.
Privacy is not a single setting. It is a habit of shrinking the surfaces that can be used against you: your inbox, your phone number, your public profile, and the devices that hold your sessions. If those are controlled, most attacks become noisy and recoverable instead of quiet and permanent.