Privacy is not a setting you toggle once. It's a stack of habits and configurations that compound over time. Here are ten concrete actions — ordered from easiest to hardest — that meaningfully reduce your exposure in 2025.
"Privacy is not about having something to hide. It's about having the right to decide what you share, with whom, and when."
Your 10-Step Checklist
Use a Password Manager Easy
Reusing passwords is the single biggest security mistake most people make. A password manager (Bitwarden is free and open-source; 1Password and Dashlane are excellent paid options) generates and stores a unique strong password for every site. You only need to remember one master password. Enable it and spend 20 minutes importing your existing passwords. Use our Password Generator to create new strong passwords as you update old accounts.
Enable Two-Factor Authentication on Critical Accounts Easy
Email, banking, and social media accounts should all have 2FA enabled. Use an authenticator app (Google Authenticator, Authy, or the built-in iOS/Android authenticator) rather than SMS-based 2FA — SMS can be intercepted through SIM-swapping attacks. This single step prevents ~99% of automated account takeover attempts even when your password is compromised.
Switch to a Private DNS Resolver Easy
Your ISP's default DNS logs every domain you visit. Switch your device or router DNS to Cloudflare (1.1.1.1) or Quad9 (9.9.9.9) — both offer strong privacy policies and no-logging guarantees. In Chrome or Firefox, you can enable DNS-over-HTTPS in Settings → Privacy & Security. This takes 2 minutes and immediately stops your ISP from building a browsing profile from your DNS queries.
Audit Your Browser Extensions Easy
Every browser extension has access to your browsing activity. Open your extensions list and remove anything you don't actively use. Check permissions — an extension that "can read and change all data on all websites" is effectively a keylogger if compromised or sold to a new owner. Keep only extensions from verified publishers with clear privacy policies. uBlock Origin is the one extension almost everyone should have.
Process Sensitive Files Locally — Never Upload Them Easy
When you need to compress, merge, convert, or edit a sensitive document — a contract, a bank statement, a medical record — use client-side browser tools that process files in your browser's memory without uploading to any server. All tools on Toolbox Pro Max work this way. The file never leaves your device. Compare this to uploading to a random "free PDF tool" online, which stores your file on their servers indefinitely.
Check Your IP and What It Reveals Easy
Your public IP address reveals your approximate city and ISP to every website you visit. Use our IP Checker to see exactly what information is associated with your connection. If you're concerned, a reputable VPN (Mullvad, ProtonVPN) masks your IP and encrypts traffic from your device to the VPN server. Avoid free VPNs — if the service is free, your traffic data is the product.
Review App Permissions on Your Phone Medium
Go to your phone's Settings → Privacy → Permission Manager (Android) or Settings → Privacy (iOS) and review which apps have access to your location, microphone, camera, and contacts. Revoke any permission that isn't clearly necessary for the app's core function. A flashlight app does not need your location. A photo editing app does not need your contacts. Set location permissions to "While Using" rather than "Always" wherever possible.
Use Encrypted Email for Sensitive Communication Medium
Standard email (Gmail, Outlook) is not end-to-end encrypted — the provider can read your messages. For sensitive communication, ProtonMail and Tutanota offer end-to-end encryption with zero-knowledge architecture. You don't need to switch entirely — use an encrypted account for financial, medical, and legal correspondence while keeping a standard account for newsletters and signups.
Harden Your Home Router Medium
Your router is the gateway to every device in your home. Log into its admin panel (usually 192.168.1.1 or 192.168.0.1), change the default admin password, disable WPS (a known vulnerability), update the firmware, and set the Wi-Fi encryption to WPA3 or WPA2-AES. Create a separate guest network for IoT devices (smart TVs, thermostats) so they're isolated from your computers and phones.
Encrypt Your Device Storage Hard
If your laptop or phone is lost or stolen, full-disk encryption means the data is unreadable without your password. On iPhone, encryption is enabled automatically when you set a passcode. On Android, check Settings → Security → Encryption. On Windows, enable BitLocker (Windows Pro/Enterprise) or use VeraCrypt on Windows Home. On Mac, enable FileVault in System Settings → Privacy & Security. This is the most impactful protection against physical device theft.
Where to Start
If this list feels overwhelming, start with items 1–3. A password manager, 2FA on your email, and a private DNS resolver address the majority of common threats faced by everyday users. Each subsequent step on this list provides diminishing but still meaningful privacy gains. Privacy is not all-or-nothing — every step you take moves you meaningfully closer to digital sovereignty.