Been Ignoring Online Privacy for Years — This Is What Changed My Mind

Been Ignoring Online Privacy for Years — This Is What Changed My Mind

Last year, I realized I had no idea who was actually watching me online.

It wasn't a dramatic wake-up call. Just a casual afternoon scrolling through my Google activity history — the one most people forget exists — and seeing three months of my search history, location data, and every single website I'd visited. Timestamped. Categorized. Ready to be sold.

I used to think privacy protection was paranoid stuff. VPNs felt overkill. Two-factor authentication seemed like security theater. But after spending weeks actually implementing proper privacy practices, I've completely changed my mind. Not because I'm doing anything illegal or secretive — I'm not. But because the amount of data casually harvested about my habits, preferences, and location is genuinely unsettling.

Here's exactly what I did to reclaim my privacy. None of this requires technical wizardry or abandoning the internet altogether.

Start With Your Passwords and Two-Factor Authentication

I know. Passwords are boring. But they're also the first domino that falls when someone gains access to your accounts. I used to reuse passwords across sites (guilty), thinking it was fine as long as I could remember them. Spoiler: it's not fine.

The Password Audit I Actually Did

Here's my exact first step: I went through every account I could remember and wrote down which passwords I'd reused. It was embarrassing. The same eight-character password appeared on 14 different sites. My email password was a variation everyone could probably guess.

The fix was switching to a password manager. I chose Bitwarden — it's free, open-source, and doesn't have the corporate baggage that felt uncomfortable about LastPass. (I used to trust LastPass. Then they had security incidents, and suddenly I wasn't so sure.) Here's how I set it up:

  1. Downloaded Bitwarden on my phone, laptop, and browser (took 10 minutes total)
  2. Created one strong master password — something I could remember but no one could guess. Mine is a mix of a childhood memory, a weird number, and a random word. 16 characters. Not writing it down anywhere.
  3. Let Bitwarden generate unique passwords for every single account — 20+ characters, random, impossible to remember. Which is the entire point.
  4. Updated critical accounts first: email, bank, social media. Then worked through the rest over a week.

This took about four hours total. Worth it? Completely. Now when a site I use gets hacked (and they will), my password there is unique, so my email, bank, and other accounts aren't automatically compromised.

Two-Factor Authentication — The Part I Was Skeptical About

I resisted this forever. The setup seemed tedious. Getting a code every time seemed annoying.

Then I realized I was choosing convenience over security for accounts that actually matter. Here's what I did:

For critical accounts (email, banking, social media), I enabled authenticator-app-based 2FA using Google Authenticator (or Authy — Authy is better because it backs up across devices, but both work). Not SMS-based 2FA. SMS is surprisingly easy to intercept.

The steps:

  1. Opened the account's security settings
  2. Selected "authenticator app" as the 2FA method
  3. Scanned the QR code with Google Authenticator
  4. Saved the backup codes somewhere safe (I stored them encrypted in my password manager)
  5. Tested it immediately to make sure I got a working code

First time felt clunky. Now it's automatic. Takes three seconds to grab my phone and enter a code. The security gain justifies the minor friction.

Pro Tip: Save those backup codes somewhere. Screenshot them, store in Bitwarden, print them out — something. If you lose access to your authenticator app without those codes, you're locked out of your account. Learned this the hard way when I switched phones.

Audit What Data Companies Are Collecting

This part genuinely surprised me. Most services have privacy dashboards where you can see exactly what they know. Most people never look. I didn't either — until I actually opened them.

What I Found (Spoiler: It's a Lot)

Google had my location history from three years of Gmail use. It knew every search I'd made. It had recordings of me saying "OK Google" on my phone. It even had copies of every Google Photo I'd ever uploaded.

I'm not exaggerating. Go to myactivity.google.com and scroll through your data. It's unsettling.

Facebook had categories like "interests," "behaviors," and "demographics" created from my activity. Some were accurate. Some were hilariously wrong (it thought I was interested in cryptocurrency because I'd clicked one ad out of curiosity). But the breadth was stunning.

Here's what I actually did:

  1. Downloaded my Google data using Google Takeout. Took 20 minutes to generate. The download was 8GB. I didn't even look at all of it — just knowing it existed was enough motivation.
  2. Turned off Web & App Activity tracking in Google (Settings → Data & Privacy → Web & App Activity)
  3. Deleted my Location History (Settings → Data & Privacy → Location History → Delete all time)
  4. On Facebook, went to Settings → Your Information → Deactivate Or Delete. I didn't delete (muscle memory is strong), but I restricted ad targeting to bare minimum.
  5. Checked privacy settings on Instagram, TikTok, LinkedIn — made accounts private where they weren't already.

Did this take a Sunday afternoon? Yes. Did it make an immediate difference I can feel? Not really. But knowing companies have less ammunition about me feels good.

The Settings You Actually Need to Change

Service Setting to Change Why It Matters
Google Turn off Web & App Activity; Delete Location History Stops Google from building a detailed profile of your behavior
Facebook/Instagram Restrict ad targeting; Make profile private Limits data sold to advertisers; Controls who sees your posts
Apple/iCloud Disable Siri history; Turn off ad tracking Reduces data Apple collects through voice and ad networks
Email Unsubscribe from marketing emails; Use forwarding addresses Reduces your email address being shared; Limits tracking pixels

Set Up a VPN, But Choose Carefully

VPNs get either absurdly hyped or completely dismissed. The truth is messier.

A VPN encrypts your internet traffic so your ISP (internet service provider) can't see what websites you visit, and it masks your IP address so websites see a different location. That's genuinely useful. But it doesn't make you completely invisible, and a bad VPN can actually expose you more than having none.

I spent way too much time researching this. Here's what actually matters:

Free VPNs are often sketchy. They need to make money somehow. If you're not paying, you're often the product. Your data gets sold to advertisers. I tested three free VPNs. Two were fine. One was actively logging my data. Not worth the risk.

I switched to Mullvad. It's paid ($5/month), open-source (meaning security researchers can verify it's not stealing data), and based in Sweden (decent privacy laws). I could be wrong about this being the "best" VPN — I'm not a security expert. But after reading multiple security audits and actually using it for six months, I trust it more than the alternatives.

How I set it up:

  1. Downloaded Mullvad from their official site (never download VPN apps from sketchy app stores)
  2. Chose a server location — I usually pick one in a different country to mask my IP
  3. Turned on "Block trackers" in settings
  4. Tested it using ipleak.net to make sure my actual IP wasn't leaking

I use this when on public WiFi (airports, cafes), and honestly, all the time now. The performance hit is minimal. Connection is stable. Worth it? For me, yes. For everyone? Probably depends on how much you care about your ISP knowing you visited a particular website at a particular time.

Pro Tip: A VPN isn't a magic shield. It doesn't make you anonymous if you log into accounts with your real name. It doesn't hide what you do on websites you're logged into. It just protects traffic between you and websites. That's useful, but it's not invisibility.

The Browser, Email, and Daily Habits Layer

After the big infrastructure changes, there are smaller habits that actually make a difference.

Browser Privacy Isn't Optional

I used Chrome for years. Google knows my entire browsing history because I was logged in constantly. I switched to Firefox. Sounds dramatic. It isn't.

What I did:

  1. Downloaded Firefox (free, open-source)
  2. Enabled "Strict" tracking protection (Settings → Privacy & Security → Enhanced Tracking Protection → Strict)
  3. Installed uBlock Origin (a proper ad blocker that also blocks trackers)
  4. Installed Privacy Badger (another layer that stops cross-site tracking)
  5. Created a new profile on Firefox and didn't log into Google

The change was immediate. Page load times actually improved (fewer trackers to load). I didn't notice any broken websites. Ads still appear, but at least they're not following me around the internet.

Email Address Hygiene

Every time you sign up for a newsletter or create an account on a random site, you're handing over your email address. That gets sold. It gets leaked in breaches. It gets added to marketing lists.

I started using email forwarding addresses. Services like SimpleLogin or Proton Mail let you generate unique email addresses that forward to your real email. If a service gets hacked, or starts spamming you, you disable that forwarding address. Your real email stays private.

I use SimpleLogin. Took 10 minutes to set up. Now every random signup gets a unique address. If DodgyService.com gets breached three years from now, I turn off that address and move on. My real email is protected.

Phone and Tablet

On iOS, I disable location services for apps that don't absolutely need it (Instagram does not need constant location access). On Android, I use Graphene OS (a privacy-focused version of Android), though that's overkill for most people.

For regular Android users: go through your app permissions. Camera, microphone, location — disable them for any app that doesn't genuinely need access. TikTok doesn't need your location. Spotify doesn't need your camera.

My Take

Here's the honest part: after six months of this, I don't feel dramatically more private. I can't see a tangible change in my daily life. The internet works the same. I'm not hiding anything. But what's different is that I'm not passively handing over my data anymore.

What surprised me most? How little effort these changes actually required. I thought privacy protection meant becoming a hermit or learning Linux. It doesn't. It's mostly settings changes and choosing slightly different tools. Two hours of initial setup, then it's just how I browse.

What disappointed me? That privacy is even necessary. Companies are genuinely trying to track everything. The fact that I have to use a VPN, turn off location history, and use email forwarding just to have a basic level of privacy shouldn't be normal. But it is.

Who is this actually for? Anyone who uses the internet. Students especially — your habits are being profiled and sold. Professionals — your browsing could influence your career in ways you don't realize. Parents — if you're concerned about your kids' data, the same tools apply to their devices.

Verdict

Do these things. Not because you have something to hide. Not because you're paranoid. Because you deserve basic privacy in a world that's increasingly determined to harvest data about everything you do. Start with a password manager and two-factor authentication. Those are non-negotiable. From there, the other steps are easy wins. None of this requires technical skill. None of it costs much. All of it matters more than you probably think.


Published by Dattatray Dagale • 07 July 2026

Post a Comment

0 Comments