How To Protect Your Privacy Online

How Do You Take Control of Your Online Privacy?

Every app, website, and company that you have an account with is tracking you. Advertisers, data brokers and government agencies use online tracking tools to gather information about who you are, what you’re interested in, and which activities you pursue online. 

This level of data collection puts your online privacy at risk in many ways.

For instance, if fraudsters get hold of your personally identifiable information (PII) — like your name, phone number, and Social Security number (SSN) — they could hack your accounts, scam you, or even steal your identity. 

In April 2024, the U.S. Congress proposed the American Privacy Rights Act (APRA) to limit the types of consumer data that companies can collect, retain, and use [*]. However, it’s not law, yet — and the internet remains a risky place for your personal information.

{{show-toc}} 

How Websites, Apps, and Companies Collect Your Personal Information

Your online activity provides companies — and potential hackers — with a wealth of sensitive information. Whether it’s contact details and personal updates on social media sites or browsing data collected via cookies, pixels, and device fingerprinting, it’s harder than ever to maintain online privacy. 

Here are some common ways that your personal information gets collected online: 

• Website tracking tools collect information about your browsing history. For example, e-commerce stores can analyze page visits, clicks, and cart content to personalize experiences and deliver targeted ads.
• Data brokers collect, aggregate, and sell information from public records — including court documents, property records, marriage licenses, census data, and voter registration lists. 
• Mobile apps request access to your location, contacts, and other personal data — including financial information for in-app purchases. They also provide insights into your interests through the types of apps and games you download.
• Credit and loyalty cards help vendors build detailed consumer profiles and tailor their marketing campaigns by tracking your purchases, preferred products, and shopping times. 
• Social networks are a goldmine of personal information — from profile details to a full overview of the people and things that you research, like, comment on, share, and follow.
• Device hacking occurs when scammers infect your device with malware, and can give bad actors access to your files, photos, videos, and passwords. 

While there are data privacy laws in place, companies don’t always follow them. In 2023, many popular tech companies, including Meta and WhatsApp, were fined billions of dollars for violating GDPR data privacy laws [*].

How To Protect Your Privacy and Personal Information Online

1. Share less information with apps and services

The best way to protect your privacy online is to share less of your personal information. For example, only provide the minimal details required on your social media profiles. Skip any “optional” information, like a middle name or phone number, that will only add to your digital footprint.

It’s safe to assume that any information you share online can fall into the wrong hands. 

Before you sign up for a service, post an update, or give a web page your contact details, ask yourself whether you’re okay with that information being leaked.  

Pro tip: Use a secondary “throwaway” email address when signing up for online services. Protect your primary email address from spam and scams by using an email alias for retail accounts, subscriptions, and newsletters. Aura offers an easy way to do this with email aliases that forward messages to your primary inbox without compromising your email address. 

📌 Related: Digital Security: Your Personal Protection & Online Privacy Guide →

2. Use strong, unique passwords with two-factor authentication (2FA)

If you have weak passwords or reuse credentials across accounts, it can put many of your most sensitive online accounts at risk. Strong passwords are your first line of defense against hacking and internet privacy concerns. 

When you choose passwords for your accounts, make sure they are:

• Unique. Create a different password for every account. This will thwart credential stuffing attempts. 
• Long. Use at least 10–13 characters to protect against brute force attacks. 
• Complex. Opt for hard-to-guess passphrases that combine numbers, symbols, and uppercase and lowercase letters.
• Stored in a password manager. You can create and store unique login credentials in a robust password manager (such as the one included with every Aura plan). These apps give you near real-time alerts if any login credentials are at risk after a data breach.

Make sure you’re using two-factor authentication (2FA) whenever possible. This is a security measure that requires a secondary authentication method to access your accounts — such as a one-time use code sent to an authenticator app. 2FA can protect your accounts even if your passwords are leaked. 

Insider tip: If you get an email about a recent hack or data breach, your personal data may be compromised. Check to see if your passwords are at risk by using Aura’s free Dark Web Scanner.

3. Tighten privacy settings on your social media accounts

Set the privacy settings on social media to ensure that only friends and family are able to view your profile. This prevents unwanted people from researching you, and hackers from using your public profile to target you with phishing scams.

The key settings to consider are location tracking, photos, and content — think about who can see this information. The more you hide, the harder you make it for scammers and identity thieves to exploit you.

📌 Related: How To Properly Set Up Your iPhone's Privacy Settings →

4. Remove unused mobile apps and browser extensions

Outdated or unused apps, web browsers, and browser extensions can continue to collect data about you — and are more susceptible to hacking and data breaches. 

In May 2024, stolen customer data from AT&T was found on the Dark Web. Apparently, this data was originally exposed in a 2019 hack and includes SSNs and account information for approximately 65.4 million former customers [*]. 

Take time to audit the apps and accounts on your devices — delete everything you don’t use, and keep up with software updates on any apps you choose to keep. If you use Chrome, you can see all extensions by typing chrome://extensions/ in your search bar. 

Pro tip: In general, it’s better to browse on websites, not apps. Major browsers like Chrome, Safari, and Firefox won’t allow websites to collect as much information about you as an app might. Still, if you’re accessing your bank or other secure accounts, an app may be better. 

📌 Related: How To Delete Your Digital Footprint →

5. Stop search engines from tracking you

Search engines like Google and Bing collect a huge amount of your personal data — unless you change your settings. 

Here’s what to do: 

• Google: Go to the My Activity dashboard and delete everything.
• Microsoft: You’ll need to clear data separately from Microsoft Edge and Bing.
• Yahoo: You can delete data from search history management.

Unfortunately, there’s no way to eliminate all online trackers on Google —  but you can switch to an online privacy-focused search engine like DuckDuckGo or Brave. 

These browsers block third-party ad trackers, cookies, and fingerprinting. Also, by disabling invasive ads and trackers, many privacy-focused browsers improve loading times on desktop and mobile.

📌 Related: How To Get Your Personal Information Off of Google Search →

6. Use a Virtual Private Network (VPN) to hide your browsing history 

A VPN encrypts your IP address and internet traffic — which stops your internet service provider (ISP), government agencies, and snooping eyes from tracking your activity or seeing what you do online. This is especially important when using public Wi-Fi networks, which can be more easily compromised or hacked. 

Why not just use private browsing? Private browsing or incognito mode prevents your browsing history from showing up in your browser, but it won’t block your ISP from seeing what you do online. Only a VPN can keep your online activity truly private. 

📌 Related: Is a VPN Worth It? What To Know Before You Use One →

7. Don't ignore software or operating system updates

Device security is an overlooked aspect of online privacy. An outdated device or software can include known vulnerabilities that scammers can use to access your most private data. 

As cybersecurity expert Andrew Cardwell explains [*]: 

“Vulnerabilities are like jungle paths — the longer they exist, the more predators find them.”

One of the best things you can do to stay safe online is set your operating system and app store to automatically install updates. 

Here’s how to enable auto updates on: 

• Microsoft Windows
• Apple macOS
• Google ChromeOS
• Apple App Store
• Google Play Store

For added protection, consider installing antivirus software to protect against malicious programs like spyware, which collects data (such as credit card information) in the background.

8. Use a Privacy Assistant to block ad and data tracking

In July 2024, Google did a U-turn on its promise to phase out tracking cookies used for ad personalization. Reuters revealed that advertisers pressured Google to keep cookies in the Chrome browser, putting the onus on users to block trackers [*]. 

Personalized advertising enables advertisers to target and reach users based on interests, demographics, and online behaviors. You can disable this feature in order to protect your private information from being shared or leaked without your consent. 

To start, decline pop-ups and cookie notices on websites whenever possible. If you use an iPhone or other Apple mobile device, iOS versions 14.5+ let you disable cross-app tracking [*].

You can also disable ad personalization across apps, including:

• Google search and other Google services
• Apple
• Facebook ad settings
• Third parties that use Facebook data
• X (Twitter)
• Microsoft
• Amazon

9. Use encryption to keep data hidden from prying eyes

Encryption makes your documents and data unreadable to anyone who doesn’t have the decryption key. All modern Apple and Android mobile devices use encryption by default, but you can also set up encryption on Windows and Mac devices.

Text messages and Facebook Messenger have “back doors” that allow third parties to read what you send. While there are privacy concerns about other messaging apps [*], it’s still best to stick to apps with end-to-end encryption, like Telegram, Signal, and WhatsApp. 

📌 Related: How To Tell If An Email Is From a Scammer [With Examples] →

10. Limit access and visibility on your smartphone

It’s crucial to restrict access to your smartphone, as it’s the entry point to numerous sensitive apps and pieces of data — including your emails, banking details, social media accounts, and photos. 

Here’s what to do:

• Set a screen lock. You can prevent strangers from accessing your phone by setting a facial scan or fingerprint-enabled screen lock to switch on after 10 seconds of inactivity.
• Disable message previews. This measure stops “shoulder surfers” from attempting to steal one-time passcodes or 2FA codes that appear on your phone screen when it’s locked. 
• Wipe devices before you sell or recycle them. Restore your device to its factory settings once you’re sure you have removed any sensitive personal data, photos, and documents.

Pro tip for iOS users: In September 2024, Apple released new safety features, including a separate password app and a way to lock or hide specific apps [*].

11. Revoke unnecessary third-party app connections

While third-party app connections are convenient when you log in or check out of e-commerce stores (such as via Login with Google or Facebook), this level of data sharing can put you at risk. If one company is breached, any connected accounts could be exploited. 

For better online privacy and security, limit the number of third-party app connections to the bare essentials.

Ideally, you should avoid linking any high-value accounts in this way — including your banking, IRS, and medical accounts. 

📌 Related: What Is Cyber Hygiene? 10 Easy Habits That Will Protect You Online →

12. Request that data brokers remove your personal information

Data brokers and people search sites like Whitepages, Spokeo, and Radaris scrape public records for consumer data — including personal details, contact information, and browsing habits. These companies sell the information to advertisers, telemarketers, and even scammers.

California’s DELETE Act allows people to order hundreds of state registered data brokers to delete their personal data with a single request [*]. Unfortunately, many data brokers will re-add your information later.

You can save time with Aura — privacy protection plans include a service which automatically scans data broker databases and sends removal requests on your behalf.

What’s the Difference Between Privacy and Security?

Online privacy refers to your ability to control your personal information and its usage. This control extends to information you share on social media sites and the conditions you agree to in a company's terms of service.

Online security is how a company focuses on protecting your data from unauthorized access or theft. For example, companies should have reliable measures in place to prevent hacking, identity theft, and data breaches.

This distinction is what makes online privacy so complicated.

Even if you do everything you can to protect your personal information online, companies can get hacked, collect more data than necessary, or use what they know about you for questionable — and even fraudulent — purposes.

There are currently 13 states with comprehensive state privacy laws, but the United States still lacks a federal privacy law [*]. Despite recent advances in the law, many companies and government agencies continue to exploit legal loopholes that enable them to collect and share data about Americans.

You can’t put all your trust in everyone else to protect your data —  it’s time to take ownership of your personal information. 

📌 Related: Is Norton Privacy Monitor Assistant Worth It? →

Protecting Your Online Privacy Takes Time — Aura Can Help

As long as you use the internet, you face a constant battle to keep your data out of the hands of companies, government bodies, advertisers, and cybercriminals. 

Now that you know how to protect your online privacy, you can take the essential steps needed to gain control of your information. You can limit what you share, strengthen your account security, and use the internet with a privacy-first mindset. 

However, it’s much easier — and safer — to have a dedicated digital security platform do the work for you. 

Keep your online life private (and safe). Try Aura's privacy-first plans.