In today’s digital world, protecting personal data can feel overwhelming. Our mission is to simplify online privacy for everyone—beginners to experts.
What We Offer
Clear guides on privacy basics, advanced tools, and actionable steps to secure your online presence. Learn to safeguard social media, choose private software, or master encryption.
Our Inspiration
Inspired by platforms like PrivacyTools and PrivacyGuides, we take a distinct, non-tool-centric approach. Instead of overwhelming beginners with complex software or systems, we focus on foundational knowledge and practical habits to build privacy first. Tools come later—once you’ve mastered the basics.
In the digital age, an increasing amount of personal data is being collected about us. This data is collected by various entities for various purposes, but the potential consequences of having so much personal information exposed can be significant. From identity theft to government surveillance, it is crucial for everybody to take steps to protect their personal information and maintain their privacy.
Privacy vs Anonymity vs Security
Privacy is controlling who has access to your personal information.
Anonymity means being unidentifiable, allowing actions without revealing your identity.
Security involves protecting your data from unauthorized access.
“I have nothing to hide. Why should I care about my privacy?”
Just because you have nothing to hide, it doesn’t mean you don’t have anything to protect. Privacy is not just about hiding something, it’s about having control over your personal information and who has access to it. Even if you think you have nothing to hide, your personal information can be used for malicious purposes such as identity theft, phishing scams, and targeted advertising.
“I don’t have time to worry about my privacy”
Protecting your privacy doesn’t have to be time-consuming. There are simple steps you can take to improve your privacy such as using a VPN and being mindful of the personal information you share online.
Unpredictability Of The Future
The unpredictability of the future is a reason to care about your privacy, as personal information can be used in ways that you never imagined. Today, both corporations and governments are already using personal data for various purposes. As technology advances, the unpredictable uses of personal information will only increase. Protecting your personal information now can help ensure it’s not used against you in the future.
Creating a threat model is an important step in your journey toward better privacy and security. It’s all about figuring out who or what you need to protect yourself from and what you’re willing to do to keep your information safe. But here’s the catch: the more privacy and security you want, the more inconvenient things can get. You might find yourself juggling extra steps, using complex tools, or changing your habits. It’s a balancing act—finding the right mix of security that keeps you safe without making your life too complicated.
Developing Your Threat Model
To create a threat model, you can take our theat model assessment.
How sensitive is your typical online activity?
What's your biggest privacy concern?
What lengths are you willing to go to protect your privacy?
Your Threat Model:
You can also do it manually by asking yourself the following questions:
1. What do I want to protect?
Identify the assets that are most important to you. This could include personal data, financial information, intellectual property, or even your online reputation.
2. Who do I want to protect it from?
Consider the potential adversaries. Are you concerned about cybercriminals, government surveillance, insider threats, or even unintentional breaches by friends or family?
3. How likely is it that I will need to protect it?
Assess the likelihood of encountering these threats. Are you a high-profile individual, or do you engage in activities that might attract unwanted attention?
4. How severe are the consequences if I fail?
Evaluate the potential impact of a security breach. Would it result in financial loss, reputational damage, or legal repercussions? Understanding the stakes can help prioritize your efforts.
5. What lengths am I willing to go to prevent potential consequences?
Determine your comfort level with various security measures. Are you willing to invest in advanced security tools, adopt strict privacy practices, or change your online behavior?
I have a threat model. Now what?
Now that you have your threat model, it’s time to decide how far you want to go on the Beginner Privacy roadmap. Here are a few profiles to help guide your choice:
The Casual User: If your main concern is simply hiding your personal information from big corporations and mass surveillance, the Basic roadmap is all you need.
The Privacy-Conscious Individual: If you want to take your privacy more seriously and go beyond the basics to shield yourself from potential threats, you should continue to the Medium roadmap after completing the Basic roadmap.
The Activist or High-Risk Individual: If you’re an activist, a journalist, or someone who is wanted by the government, or if you simply want to ensure the highest level of privacy, you should follow the Advanced roadmap after completing both the Basic and Medium roadmaps.
Regularly Updating Your Threat Model
Your threat model isn’t a one-and-done task; it’s something that should evolve as your life and circumstances change. To keep it relevant, consider setting a schedule to review your threat model regularly. This is especially important after significant life events, such as starting a new job, moving to a different location, or making changes to your online presence.
The Basic Roadmap is designed to provide you with foundational knowledge and practical skills to enhance your online security and privacy. This section covers essential practices that everyone should adopt to protect their personal information and maintain a secure digital presence.
In this roadmap, you will learn about the importance of creating strong passwords, implementing Two-Factor Authentication (2FA), and limiting the information you share online. Additionally, you will explore browser, mobile, and desktop privacy settings, as well as the benefits of using a Virtual Private Network (VPN) for secure internet access. The section also addresses email privacy, the use of privacy-focused search engines, and secure communication methods.
We recommend that you gradually implement these practices into your daily routine, allowing you to become comfortable with each step before moving on to the next. This approach will help you build a solid foundation for your online security without feeling overwhelmed.
Did you know that the most commonly used password is “123456”? This highlights the importance of using strong, unique passwords for each of your online accounts. In this post, we’ll go over the best practices for generating and storing strong passwords.
Common Password Security Mistakes:
Using personal information in your passwords
Using the same password for multiple accounts
Storing passwords in plaintext or in easily accessible locations
How Do I Make Strong Passwords?
A strong password is a password that is difficult to guess or crack. It should be completely random and at least 16 characters long (preferably longer) and include a combination of uppercase and lowercase letters, numbers, and special characters.
To get a strong password you can use a free online password generator:
Password managers are great to use because they allow you to store long and complex passwords, and then simply copy and paste them when needed. It works by setting a master password, which is used to encrypt all of your other passwords. This means that all of your passwords are stored securely and can only be accessed with the master password.
Imagine this: You’ve used the same password for years. Then, an email says someone logged into your bank account from another country.
Passwords alone aren’t enough. Hackers steal them via phishing, leaks, or brute forcing attacks. Two-Factor Authentication (2FA) adds a second layer to stop them.
How Does 2FA Work?
Enter your password.
Verify with a second factor
A one-time code (app / SMS / email).
Biometrics (fingerprint / face scan).
A physical security key.
Even with your password, hackers can’t access your account without the second factor.
Types of 2FA: Which Should You Use?
Not all 2FA methods are equally secure.
Security Keys: Best, physical devices (like YubiKey) that plug into your phone or computer.
Authenticator Apps: Great, these apps allow you to scan a QR code and then generate time-sensitive codes completely offline.
SMS / Email Codes: Convenient, but hackers can intercept these via SIM-swapping or phishing.
Biometrics: Good, fingerprint or face scans are secure but only work on devices you own.
How to Enable 2FA on Your Accounts
Most platforms make it easy. Here’s how to do it on some platforms:
Google: Security → 2-Step Verification → Get Started.
Apple ID: Settings → [Your Name] → Password & Security.
Facebook: Settings → Security and Login → Two-Factor Authentication.
Other: Usually the same steps as the platforms above.
Recommended Authenticator Apps
Here are the authenticator apps we recommend for storing your 2FA codes. Many password managers can also store 2FA codes.
Ente Auth
Local (Codes can optionally be stored in the cloud), open-source
Are you tired of endless spam emails, robocalls, or discovering your personal data was sold to shady data brokers? Every time you hand over your real name, email, or phone number to a random app or website, you’re gambling with your privacy. To avoid this you’ll have to provide fake information.
When Not To Use Fake Information
It’s important to know when you should use fake information and when you should not, as it can quickly backfire.
Long Term Use Accounts: Don’t use a temporary email when signing up for accounts that you plan to use more than 1 time.
Buying things online: You should provide a real address if you’re getting your package delivered to your house. If you are picking up a package at a post office, you should consider using your real name, as they sometime require you to show ID.
Other: Please consider the following two things each time before you provide fake information:
Is this service or account important to my life?
Will I get in trouble if I provide fake information?
Fake Information
Not every website or form deserves your honesty. For non-critical accounts, use fabricated details:
Fake names: Use a pseudonym like “Alex Smith” instead of your real name.
Fake birthdays: Pick a random date (e.g., January 1, 1985).
Fake addresses: Use a random address (e.g., a library or coffee shop).
Temporary Email
Why risk getting spammed on your primary email? Use a burner email for one-time signups or sketchy downloads.
Having a privacy-respecting browser helps protect you from websites that collect more data than they should. It reduces tracking, safeguards your personal information, and minimizes your digital footprint while you browse.
Difference Between Browser And Search Engine
To understand the importance of a private browser, it’s essential to differentiate between a browser and a search engine. A browser is a software application that allows users to access and view websites on the internet, while a search engine is a tool that helps users find specific information by searching through indexed web content based on keywords or phrases. In essence, the browser is the interface for navigating the web, and the search engine is a resource for discovering web content.
What Does Websites Know About You
Websites can gather a lot of information from your browser, which is why using a privacy-focused browser is essential for protecting your personal data. When you visit a website, it can track various details, including:
IP Address: This can reveal your approximate location.
Browser Type and Version: Websites can identify the browser you are using, which can be used to tailor content or track user behavior.
Operating System: Information about your device can be collected, which can also be used for tracking.
Cookies: These small files store information about your preferences and browsing history, allowing websites to recognize you on future visits.
Tracking Scripts: Many websites use third-party scripts to track user behavior across the web.
To see what other information websites can see about you, you can use websites like Webkay, BrowserLeaks, or whoareyou.
The Main Types Of Browsers
When it comes to choosing a browser, the two main options are Chromium and Firefox. Both are open-source projects, meaning their source code is publicly available for anyone to inspect and contribute to. Most modern browsers are built on either Chromium or Firefox, which means they share similar underlying technologies.
Chromium: This is the open-source project behind Google Chrome and many other browsers. While Chromium itself is privacy-friendly, many browsers built on it may include tracking features or data collection practices. However, there are privacy-focused browsers based on Chromium, such as Brave.
Firefox: Developed by Mozilla, a nonprofit organization dedicated to an open and private internet, Firefox is known for its strong commitment to user privacy.
Having a private browser is not enough, you also need to use a private search engine. Fortunately for you it’s very easy to switch to a privacy focused search engine.
How Does A Search Engine Work?
1. Crawlers Scout the Web
Think of these bots as digital librarians, constantly scanning and cataloging websites.
2. Indexing the Internet
All crawled pages get stored in a massive database (the “index”), like a library’s card catalog for the web.
3. Matching Your Query
When you search, the engine scours its index for pages matching your keywords, then ranks them.
Search engines like Google show paid “Sponsored” websites at the top. These ads are bought by companies to appear first—they’re not organic results.
Why Bother?
Traditional search engines like Google or Bing:
Track your queries to build a profile of your interests.
Sell your data to advertisers or use it to personalize results.
Privacy-focused search engines, however:
Don’t store your searches and tie them to your identity.
Serve unbiased results without filtering based on your history.
How To Switch Your Search Engine
Chrome/Edge/Brave:
Click the three-dot menu → Settings → Search Engine → Choose your new default.
Firefox:
Click the three-dot menu → Settings → Search → Select from the dropdown.
Safari:
Open Safari Settings → Search → Pick your engine.
You’ve probably encountered countless VPN ads on platforms like YouTube. But how do they actually work, and more importantly, should you use one?
How Does A VPN Work?
A Virtual Private Network (VPN) creates a secure connection between your device and the internet by routing your traffic through a private server. This process encrypts your data, making it impossible for your Internet Service Provider (ISP) to see your online activities.
What Does A VPN Protect You From?
While a VPN is effective at hiding your IP address, accessing geo-restricted content, and preventing ISP surveillance, it does not protect you from hackers, phishing emails, or other threats.
How To Choose A Good VPN
When searching for a reliable VPN, trustworthiness is crucial since the service will have access to your online activities. Here are key factors to consider when evaluating a VPN:
Open Source: Look for VPNs with open-source code, allowing for transparency and community audits.
Minimal Personal Information Required: Choose services that don’t require sensitive information like your name, phone number, or email.
Strict No-Logging Policy: Ensure the VPN has a verified no-logging policy, meaning they do not store your browsing history.
Strong Encryption Protocols: Opt for VPNs that use modern encryption standards, such as OpenVPN or WireGuard, to protect your data.
Our smartphones are the biggest data collectors, soaking up all kinds of information about us—our locations, fingerprints, app usage, and so much more. That’s why it’s important to take control and limit what they know about us.
Which Is More Private? Android or iOS
Both Android and iOS collect similar data, such as location, app usage, and personal preferences. The main difference is in how they handle that data: Apple keeps it for its own use, while Google sells it for advertising purposes.
From a security standpoint, both platforms are relatively equal. However, Android is a more permissive operating system, giving users greater control over what they can do, while iOS tends to be more restrictive.
Privacy Settings
Note: The steps to access these settings may vary depending on your device’s version and manufacturer.
Restrict App Permissions
Android:
Navigate to Settings > Security and privacy > Permission manager.
Choose a specific permission (e.g., location, camera) and select an app that shouldn’t have access to the permission.
Tap “Don’t allow” to revoke access.
iOS:
Go to Settings > Privacy & Security.
Select the permission type (e.g., Location Services, Contacts) and choose the app you want to limit.
Toggle the switch to disable access.
Disable Location
Android:
Open Settings > Location and toggle the switch to off.
iOS:
Go to Settings > Privacy & Security > Location Services and toggle the switch to off.
Disable Notifications Preview
Android:
Head to Settings > Notifications > Lock screen notifications and select “Hide content”.
iOS:
Navigate to Settings > Notifications > Show Previews and select “Never”.
Disable Telemetry
Android:
Go to Settings > Security and privacy > More privacy settings. Turn off “Send diagnostic data” and “Android personalization service.”
Then, navigate to Ads > Ads privacy and disable all options.
Finally, return to Ads and select “Delete advertising ID,” and go back to More privacy settings > Usage and diagnostics and disable it.
iOS:
Open Settings > Privacy & Security > Analytics & Improvements and toggle off options like “Share iPhone Analytics” and “Share with App Developers.”
The desktop collects all kinds of information about us. That’s why it’s important to take control and limit what it knows about us.
Which Operating System Is More Private? Windows, Linux, or MacOS
Linux is the most privacy-respecting option. While Windows and MacOS dominate the market, they don’t prioritize user privacy as much as Linux (which is also open source).
Privacy Settings
Linux
Disable Telemetry
Some distributions may send diagnostic data, usually off by default. You can search for how to disable it for your specific distribution.
Windows
Restrict App Permissions
Navigate to Settings > Privacy & security.
Scroll down to the App permissions section and adjust the following settings:
Location: Turn off “Location services”.
Camera: Turn off “Camera access”.
Microphone: Turn off “Microphone access”.
Disable Telemetry
Go to Settings > Privacy & security > Diagnostics & feedback.
Disable “Send optional diagnostic data”.
Additionally, turn off:
“Improve inking and typing”
“Tailored experiences”
“View diagnostic data”
Disable Ad Tracking
Access Settings > Privacy & security > General.
Turn off “Let apps show me personalized ads by using my advertising ID”.
MacOS
Restrict App Permissions
Navigate to System Preferences > Security & Privacy > Privacy Tab. In the following categories, turn off access if you don’t want any apps to use it, or allow it only for specific apps:
Location Services
Contacts
Calendars
Photos
Microphone
Camera
Files
Folders
Disable Telemetry
Go to System Preferences > Security & Privacy > Privacy Tab > Analytics and turn off “Share Mac Analytics” and “Share with App Developers”.
Disable Ad Tracking
Access System Preferences > Security & Privacy > Privacy Tab > Advertising and check the box “Limit Ad Tracking”.
Disable Siri
Siri collects and sends a ton of information to Apple about you. Disable it by going to System Preferences > Siri and turn off “Enable Ask Siri”.
Popular email providers like Gmail, Outlook, and Yahoo leave you vulnerable.
The Importance of Email Privacy
Popular email providers such as Gmail, Outlook, and Yahoo engage in practices that can compromise your privacy, such as selling your data to third parties, scanning your inbox for targeted advertising, and leaving you vulnerable to data breaches.
What A Privacy Focused Email Does
Anonymous Sign-Up: You can register without giving away personal info, keeping your identity unknown.
End-to-End Encryption: Your emails are secured so only you and the person you’re sending to can read them. The email provider can’t peek.
Open Source Transparency: They share their source code publicly, so anyone can check if they’re really secure and private.
The importance of secure communication cannot be overstated, and that’s why you should ditch traditional SMS, as it puts your privacy at risk.
Why You Should Ditch SMS
SMS, short for Short Message Service, was invented in 1984 and has seen little evolution since then. Here are some key reasons to move away from SMS:
Lack of Encryption: SMS messages are not encrypted, meaning they can be intercepted and read by anyone, including telecom companies.
Data Profiling: Telecom companies can profile users by analyzing their messages and logs, often selling this data to third parties without your consent.
Getting Others To Use It
Transitioning to a secure communication method is only effective if your contacts are on board. Here are some strategies to encourage others to ditch SMS:
Educate Your Contacts: Share information about the risks associated with SMS and the benefits of secure messaging apps.
Lead by Example: Start using secure communication methods yourself and invite others to join you.
Thank you for your interest in contributing to Beginner Privacy! We welcome contributions from everyone. Your contributions help us improve the website and make it more useful for the community.
The Medium Roadmap builds upon the foundational knowledge established in the Basic Roadmap, guiding you toward more advanced practices for enhancing your online security and privacy. This section introduces tools and strategies that empower you to take greater control over your digital footprint and safeguard your personal information.
In this roadmap, you will learn about the benefits of switching to Linux, an operating system known for its security and privacy features. You will also explore the world of Free and Open Source Software (FOSS), which offers alternatives to proprietary applications that may compromise your privacy.
Finally, you will be introduced to the concept of Operational Security (OpSec), which focuses on protecting your sensitive information and minimizing risks in your online activities.
As you progress through this roadmap, we recommend taking your time to implement these practices gradually. This will allow you to adapt to new tools and concepts while reinforcing your understanding of online security.
Using FOSS is an important step in your privacy journey and also a superior choice to proprietary software.
What is FOSS?
FOSS stands for Free and Open Source Software. This means that the software’s source code is accessible to the public, allowing anyone to view, modify, and distribute it. This openness fosters collaboration and innovation within the software community.
Why Is FOSS Better Than Proprietary Software?
FOSS offers several advantages over proprietary software:
Transparency: Users can inspect the source code to understand how the software works, ensuring there are no hidden malicious features or data collecting going on.
Security: With the ability to build software from source, users can avoid downloading potentially harmful versions that may contain malware, such as Trojan Horses.
Community Support: FOSS often has a vibrant community that contributes to its development, providing support and updates.
How Do I Find FOSS Alternatives?
Finding FOSS alternatives is easier than ever, thanks to dedicated websites that list various options. Here are some recommended resources:
OpenSourceAlternative.to
A comprehensive directory of open source alternatives.
Linux isn’t just for tech wizards—it’s a powerful, open-source operating system that prioritizes privacy, customization, and stability. Unlike Windows or macOS, Linux doesn’t track your activity or force you into proprietary ecosystems. It’s free to use, modify, and share, backed by a global community of developers. Whether you’re a privacy-conscious user, a tinkerer, or someone tired of bloated software, Linux offers a refreshing alternative.
Choosing Your Linux Distribution
With hundreds of distributions (or “distros”) available, picking the right one can feel overwhelming. Here’s a quick breakdown:
Debian-based distros (e.g., Ubuntu, Linux Mint) are ideal for beginners due to their stability and extensive software libraries.
Arch-based distros (e.g., Manjaro) cater to users who want bleeding-edge software and deeper customization.
Fedora or openSUSE strike a balance between innovation and reliability.
ℹ️
If you’re unsure which distro to choose, visit the Distrochooser website.
For most newcomers, we recommend Debian—the rock-solid foundation for many popular distros, as you can see on the chart below. Once you’ve chosen a distro, decide on a desktop environment:
GNOME: Sleek, modern, and intuitive (similar to macOS).
KDE Plasma: Highly customizable with a Windows-like feel.
XFCE or LXQt: Lightweight options for older hardware.
Getting Comfortable with Linux
Before wiping your hard drive, test Linux risk-free in a virtual machine (VM). Tools like VirtualBox let you run Linux alongside your current OS. Here’s how:
Download a Linux ISO (e.g., Debian or Ubuntu).
Install VirtualBox and create a new VM, allocating resources like RAM and storage.
Boot the VM from the ISO and install it through the “Graphical Install” option.
VirtualBox
A free, open-source tool for running OSes in a VM.
Many fear Linux is all about typing commands in a terminal. While the terminal is powerful, modern distros offer user-friendly Graphical User Interfaces (GUI) for everyday tasks like browsing, editing files, or installing software.
Dual Booting: The Best of Both Worlds
Need Windows or macOS for specific apps or work? Dual booting lets you keep both Operating Systems on one machine.
Single-drive setup: Partition your drive to allocate space for Linux.
Multi-drive setup: Install Linux on a separate drive for easier management.
⚠️
Back up your data first! Partitioning carries risks, and mistakes can lead to data loss.
Plug in your USB drive, open Etcher, and select the Debian ISO.
Click Flash! and wait for the process to complete.
Step 3: Boot from the USB
Restart your computer and press the BIOS/UEFI key (commonly F2, F12, Del, or Esc).
In the boot menu, prioritize the USB drive.
Save changes and exit to launch the Debian installer.
Step 4: Install Debian
Select Graphical Install for a guided setup.
Follow prompts for language, location, and user account creation.
When it prompts you about Partitioning you have the following options:
Guided - use entire disk:
Erases the entire disk and installs Debian as the sole operating system. Ideal for new users or dedicated Linux setups.
Guided - use entire disk and set up encrypted LVM:
Installs Debian as the sole OS while enabling full-disk encryption via LVM (Logical Volume Manager). Perfect for securing sensitive data.
Manual:
For advanced users: Create, resize, or retain partitions (e.g., dual-boot with Windows). Requires familiarity with disk layouts.
When it prompts you about Software Selection: Choose the desktop environment you want (GNOME or KDE Plasma) and optional tools (e.g., SSH server, print server).
Complete the installation and reboot.
Linux isn’t just an OS—it’s a gateway to learning, creativity, and control. Happy exploring! 🐧
Thank you for your interest in contributing to Beginner Privacy! We welcome contributions from everyone. Your contributions help us improve the website and make it more useful for the community.
The Advanced Roadmap is for those ready to make a significant lifestyle change in their approach to online security and privacy. This section emphasizes the importance of adopting a comprehensive mindset where privacy is prioritized over convenience.
You will learn about secure operating systems like Qubes OS and also about Tor and I2P. These tools enhance your anonymity but require a commitment to avoiding proprietary software and embracing free and open-source alternatives. Additionally, you will explore self-hosting your own services, because the only person you can truly trust is yourself—everyone else poses a potential threat.
Additionally, you will explore cryptocurrency, including secure acquisition and management practices, and the critical importance of encrypting your data to protect your communications and files. Operational Security (OpSec) will also be a key focus, as it is essential for minimizing risks in your online activities.
Expected Time to Complete: 1 month for completing the roadmap, but you must maintain good OpSec and continuously adapt your practices; it’s not simply about installing tools and operating systems and then being done.
Thank you for your interest in contributing to Beginner Privacy! We welcome contributions from everyone. Your contributions help us improve the website and make it more useful for the community.
Your privacy is essential for your safety and dignity. Just as you close the bathroom door for personal space, protecting your personal information is vital. The idea of "I have nothing to hide" overlooks the fact that privacy is a fundamental right, not just for those with secrets. Safeguarding your data helps prevent identity theft and unwanted surveillance.
"It's too late now"
The best time to start protecting your privacy is today! It's crucial to take action now, as companies may already have access to your data. By being proactive about your privacy settings and data sharing, you can significantly reduce your digital footprint and keep your personal information safe.
"What should I do?"
Trying to improve your privacy can feel overwhelming; that's why we created Beginner Privacy, to make it as easy as possible.
Beginner Privacy is 100% free and will always remain so! However, it relies on contributors and the community to thrive. Here are some ways you can help:
Content coming soon!