Some tips.

Use an ad blocker.

Turn scripts off in your PDF reader.

Disable images in your emails (you’ll have to manually click ‘download images’ in any individual email if you want to see them). Having images enabled can help the sender know whether you opened the email and when.

Use a browser that lets you block trackers and cookies, etc. Firefox and duckduckgo are two examples.

Set your main browser to block all http sites.

If you want to visit an http site, search the URL in archive.org and open a snapshot of it instead.

If you must use http sites, only do so in another browser set to delete all cookies when you close the browser. Never use this browser for banking, shopping, personal or work email, etc.

Use different browsers for different things, and don’t mix up what you use each browser for.

Never open PDFs with personal details at the same time as other PDFs. PDFs can have trackers and send info back to the creator. This can also be used to send info back that is in other open PDFs. So if you open a tracked PDF and a bank statement, the tracker-creator might get your bank details.

Don’t use random public WiFi.

Turn off Bluetooth when not in use.

Use strong passwords. And never the same password for different accounts.

Immediately distrust every email you receive. Do not trust an email just because it says it comes from someone you trust.

Use a different alias for every website.

Do not tell people online where you live or work. Don’t give similar information out about your relatives or friends.

Don’t trust the ‘anonymity’ of anonymous surveys, etc. Especially if it’s from work.

Assume that everything you do online is public. Only do things in public online.

Don’t trust encryption to keep your communications safe. It’s the other person you have to worry about.

Try only to log into your services (especially banking) on certain devices. Don’t log on to your accounts on other people’s computers or, if you can help it, their WiFi.

Don’t use Google/twitter/Facebook/etc to sign up to other services. Create a separate account for every service.

Assume VPNs are compromised. At best, they can only protect your IP from random individuals and small- to medium-sized companies.

If you don’t trust a website or company, do not engage with it while you are out and about as it may be possible to triangulate your position.

Assume that the owner of any website will get your IP if you visit the website, at the very least. For example if you’re on Lemmygrad and someone from a dodgy instance wants your IP, they could give you a link to their blog and harvest data when you visit that site.

When you do want to open a link, ‘copy link’ or ‘copy link address’ then open a new tab, window, or browser, paste it, and go. Clicking links can reveal where you were when you clicked it.

If you don’t want different websites to know what other websites you visit, always open a new tab/window/browser when you type in the address.

Don’t give your socials to companies when they ask for them.

Don’t post your photos unless you know how to strip the meta data.

Don’t post pictures, even with the meta data stripped, if there are any identifiable features in the image.

Don’t tell people specific places where you’re going or where you’ve been.

Don’t share intimate details on your [political] social accounts.

Don’t share your [political] socials at work or with close friends or family.

Assume that using tor will put you on a watch list.

Don’t take your phone to protests.

Tape over your camera.

Go through every app on your phone/computer and disable permissions that you don’t want it to have. If it doesn’t work without those permissions disabled, don’t use it.

Close unused tabs in case they can read the info in the used-tabs.

Don’t use smart appliances.

Don’t use any Amazon devices. If you must, assume Amazon is logging every conversation that the device can hear. Same goes for other smart devices, doorbell cameras, etc.

Assume your phone/computer/etc is logging every conversation that it can hear.

Give the minimum information needed to use any service.

If you use things like a games console, turn off the option that lets people find you unless you want to add a particular person as a friend.

Don’t use store ‘points’ cards unless you’re happy for the store to learn everything about you.

Assume that somebody with bad intent will, one day, get access to the data that you do give to someone you trust.

Be careful where you sign up to credit score monitoring. Avoid it if you can.

If you’re thinking of giving sensitive data to a company, first search for the company name + privacy/security/beaches/violations, etc.

You may be able to request that people who hold your personal data delete that data from their system.

Assume that someone is watching your online/digital activities, just waiting for you to slip up so they can steal your identity, empty your bank account, arrest you, have you fired, have you kicked out an organisation, etc. They can build up a profile of you over time by piecing together all the little bits of ‘insignificant’ data that you give away.

Search your name, phone number, and address (current and previous) (separately and together) on a few search engines and see what information about you is already online. If there’s something up there you don’t like, work out how to get it deleted.

Hope these help! You can’t do everything perfectly. The safest thing is to not use the internet or give away any data, but that’s not really feasible. So instead, you need to work out a ‘best practices’ guide for yourself and follow it when you can, knowing that you will slip up. Lots. And all you can do is try.