Some might say the internet was built on anonymity, paving the way for a place where free speech reigns supreme. But after years of learning about who’s snooping into everything we do online, privacy on the web is hardly a given.
It’s not just about government spying; it’s also about how much data big companies such as Amazon, Google, Facebook, and Microsoft have collected in order to serve up targeted ads—not to mention how much of your personal data gets scooped up in all the breaches and hacks.
There are always going to be good reasons for people to go online without being tracked. For one, anonymity may be the only way for a real whistleblower to reveal corruption, considering how some have been treated. But there’s nothing wrong with wanting to stay anonymous, no matter what you’re doing.
Is it even possible to take control of your own personal privacy online? Ultimately, the only way to stay truly anonymous online is…not to go online at all. That’s not a real option for most of us, though. Here’s a rundown of what you can do to minimize spying, targeted ads, and ID theft as you explore the online world .
Cover Your Tracks
Become a Fan of the Burner
If you want to be anonymous, forget about using a smartphone. The big-name mobile OS makers are control freaks (Apple) and ad servers (Google). To be anonymous when you use a phone, your choice is a prepaid phone, aka a burner.
Even with a burner, call records exist, so your location can still be triangulated via GPS and tower locations. As you’ve seen in movies, though, you can always throw the phone into a passing truck and lead whoever might be tracking you on a wild goose chase. The upside of a burner is that your real name isn’t associated with the device.
But when you already own an expensive smartphone, buying more hardware is painful. Thankfully, there are apps aplenty to get you temporary, anonymous numbers you can use with Android or iOS. (One of those apps is named, aptly, Burner.)
Light That Firewall
Is your desktop or laptop computer connected directly to a broadband modem? That’s a very bad idea. Hackers are constantly bombarding IP addresses to see if they can get onto a system.
You should always have a router on your home network that can mitigate attempted hacks with its built-in firewall. A router uses network address translation (NAT) to assign an IP address to every device on your home network: those are then only visible on that network. Direct attacks can sometimes be stopped dead right there. You need the router anyway, for sharing the internet connection and Wi-Fi. Even a router that comes integrated into the modem—the kind you get from your ISP—is better than no router at all.
You could also use firewall software that’s installed on your PC. Windows 10 comes with a pretty decent solution called—you guessed it—Windows Firewall. You can also find firewalls as part of security suites. But as PCMag’s Lead Analyst for Security, Neil J. Rubenking, explains, you don’t really need another firewall if you use the one that ships with Windows.
For real anonymity based on your OS, stop using Windows or macOS on the desktop and move to a Linux distro that specializes in all forms of keeping you secret. Your best bet is Tails: The Amnesic Incognito Live System.
Sleuth Your Own Stealth
What does your computer (or tablet or smartphone, for that matter) give away about you when you visit websites? At the very least, a site knows your IP address (and that’s necessary; otherwise you’d get no results).
In most cases, it also knows your approximate physical location (by checking where your ISP supplies those IP addresses; see it in action at IPLocation) and probably your time zone and which language you speak—all good info for advertisers. Your browser can also offer up your operating system, browser type, and which versions of software you run for browser plug-ins. It even reports on the fonts you have installed. All this gives your system a unique fingerprint. And as anyone who’s watched Law & Order knows, a unique fingerprint is sometimes all it takes to track you.
If you don’t believe it, visit MyBrowserInfo or BrowserLeaks.com for a full report. Then check out the EFF’s Cover Your Tracks tool to see how well your browser and VPN are protecting you.
You can use browser extensions in Chrome, Firefox, Opera, and Edge to enhance your privacy. The EFF has its own Privacy Badger to monitors sites that monitor you. The Ghostery browser extension blocks all sorts of trackers and advertising on almost all browsers. The DuckDuckGo search engine for privacy also has a similar extension, called Privacy Essentials.
What’s more, even if you’ve got a VPN—virtual private network—running, as you should (see below), it could be leaking. Here’s how to get yourself back into stealth mode.
Surf Safer
Make sure your browser isn’t storing too much personal info. In the settings menu, turn off the ability for the browser to store the passwords you use to access websites and services. That can be a pain, since you should have a different password for every service you use. The better alternative is to use a dedicated password manager that works across all your devices.
Browsers store images, surfing history, and what you’ve downloaded, as well as cookie files, which can remember helpful things such as settings and passwords. Obliterate that info occasionally by clearing your browser cache.
Major browsers have anonymous surfing modes. Chrome’s is called Incognito (hit Ctrl+Shift+N to access); in Firefox, it’s Private Browsing; and in Microsoft Edge, it’s In Private browsing. Using an anonymous mode prevents the browser from saving passwords, cookies, downloads, and cached content such as images.
Any browser you use for privacy should have JavaScript deactivated. JavaScript can help a web server identify all sorts of things beyond your browser, such as your monitor’s size—and that info goes toward fingerprinting your system and you. You can turn JavaScript off and on for specific sites (some websites require it) using extensions such as NoScript and ScriptSafe.
A number of browsers are billed as privacy-focused. Of course, they use the same rendering engines as the big names, especially Google’s Chromium engine; the difference is that the browsers don’t share any info with Google. Examples include Epic, Comodo Dragon, Comodo IceDragon (based on Firefox), and of course the Tor Browser (more below).
If you’re looking for a more mainstream browser with some extra security, consider Opera—it has a free VPN built right in. (Note that its VPN protects only your browser traffic, not the other apps on your computer that use the internet.)
Use a search engine other than Google or Bing, which want to sell, sell, sell you. Go to DuckDuckGo or Swisscows, or check out these options.
To summarize, using stealth modes, special browsers, and private search engines won’t make you completely anonymous. But they prevent sites from writing info to your computer, including cookies, which can be used to figure out your browsing habits.
Proxies and VPNs and Tor, Oh My
The way to ensure outsiders don’t gather information about you while you’re browsing the web is to appear to be someone else in a different location. This requires a proxy server or a virtual private network (VPN) connection—or even better, both. With the right combo, you can not only be anonymous but also surf sites in other countries as though you’re a native.
A proxy server—a computer system or router that functions as a relay between client and server—isn’t for newbies, but FoxyProxy can get you started. It works with the major browsers and offers proxy services and VPN tools.
VPN services are everywhere. They have the advantage of securing the traffic between your computer and servers and masking your IP address and location. For example, by connecting through my work VPN, sites I visit believe I’m at corporate HQ, although I work from home.
VPNs also double as a way to get access to location-blocked content. If you’re in a country that can’t get the BBC iPlayer or Netflix, for example, a VPN could be your ticket. Netflix, for one, is cracking down on this tactic when it can.
No discussion of anonymity online is complete without mentioning Tor. The name comes from once being the acronym for “the onion router”—a metaphor for many layers of security.
Tor is a free network of tunnels for routing web requests and page downloads. It’s not the same as a VPN but might be even more secure for masking your identity. Tor’s supposed to make it impossible for a site you’re visiting to figure out who you are—but does it?
The National Security Agency’s spying controversy leaked by Edward Snowden in 2013 included what some thought was a workaround to identify users of Tor. But it wasn’t that simple. As explained by security expert Bruce Schneier in The Guardian, the NSA actually monitors what’s called the Tor “exit nodes”—the agency could tell users were using Tor but not who the users were. The NSA set up a “man in the middle” attack, pretending to be the site the user wanted (Google, for example), and could send data back to the user that would take advantage of exploitable holes in the browser—not a hole in Tor.
The lesson there: Keep your browsers up to date, or use one of the previously noted anonymizing browsers.
Guess which company also offers an anonymizing browser? Tor has a browser bundle for Windows (run it off a flash drive to take with you), macOS, or Linux; it’s available in 16 languages. There’s also a Tor Browser for Android devices; iOS users can try the third-party VPN + TOR Browser and Ad Block app.
Tor is not entirely foolproof—the theory is you could still be tracked by someone skilled enough (even if they can’t read what you send). The list of potential Tor weaknesses is long.
A newish browser with a built-in search engine is trying to take some of Tor’s privacy thunder—an open-source project called Brave. As a free download, it’s worth a try, but Brave has already had some issues and is branching into cryptocurrency to change the game on how websites make money.
If you’re sensing a trend in that no software can keep you 100% anonymous, you’re paying attention. But these steps are all like a lock on a door: Sure, someone could kick it in—but why make it easy by leaving the door open?
Anonymize Your Email
As nice as it is to remain perfectly private as you surf, it may be even more essential for your email to be anonymous, to avoid spam or surveillance. The problem is that email simply wasn’t built with security in mind.
Secure email services exist, of course. They use encryption to scramble what you send and require the recipient to have a password to decrypt your message. Edward Snowden used a webmail service known as Lavabit, which was so secure the government insisted that it hand over the private keys of users. Lavabit, to its credit, immediately shut down to protect its customers. Later, it returned with even more user-forward security features. So be aware that such a service can be compromised. Most will not die to protect you.
If you want a Webmail service that’s going to handle encrypted messages, the best we’ve seen is the free PreVeil, which offers secure cloud storage as well as weapons-grade encryption, and it’s easy to use. For more options, read The Best Email Encryption Services and How to Create an Anonymous Email Account.
You might think your Gmail account is safe, since you see that lock icon on the browser and access it with a secure sockets layer (SSL) connection (indicated by https:// in the URL). But SSL only encrypts data as it’s transferred from your device to the server.
That is always going to be a problem with web-based services. Some services can provide encryption for those types of email: Virtru is one that’s specific to Gmail running on Chrome. Mailvelope is an extension (for Chrome, Edge, and Firefox) that will secure Gmail, Outlook.com, Yahoo Mail, and more. FlowCrypt is another.
Perhaps the smart move is to eschew web-based mail and stick with desktop client software. Outlook 2007 and later has built-in encryption tools, and Mozilla’s Thunderbird has add-ons galore (including many in our email encryption services roundup, like PreVeil) to handle message encryption/decryption.
Cut Spam Out Of Your Diet
Beyond the obvious safeguards—never, ever click on a link in a spam message or even open a spam email—the best way to defeat spam is never to let spammers get your email address. That’s almost impossible, unfortunately, but there are methods to mitigate.
Number one is to use an alias or dummy email, which works with any service that requires an email address. You might be able to set one up if you own your own domain name. In Google Workplace, for example, you have a primary address, such as [email protected], but you could also use [email protected] as an alias for online sign-ups; messages to the second one can be forwarded to the main address. When spam begins to collect, change or kill that second address. You can create up to 30 aliases per individual.
Gmail is a little more straightforward: To make an alias, append something to the user name. Turn “[email protected]” into “[email protected]”; Gmail ignores everything after the plus sign. Once the alias in question accumulates spam, filter it right into the trash. Here’s a video on how to do that in Gmail:
Yahoo Mail offers Disposable Addresses (under Settings > Security), which are similar—there’s a base name, then a secondary keyword appended, like “[email protected]” Outlook.com also supports aliases, up to 10 per account. Look for Account Aliases under the Account settings. If you have your own domain name, check the control panel at your web host—it’s likely to have tools for creating aliases galore.
If you need an alias temporarily, a disposable address is very handy. We have reviews of five products that offer disposable email addresses: Abine Blur, Bulc Club, Burner Mail, ManyMe, and SimpleLogin. Note that Abine Blur Premium lets you shop online without revealing your true email address, phone number, or credit card details, and it also manages your passwords. The program received a 4.5 (outstanding) rating from our reviewer and also comes in a free version.
Social (Network) Security
Should you care about security when it comes to social media networks? Of course you should! They’re not altruistic nonprofits—these platforms make money by having lots of users looking at lots of ads. That means they occasionally make your data available to questionable entities. You also might not want all your friends and followers and their extended networks to know all your business. Here are some tips on disappearing (partially or completely) from social networks.
First, on a desktop, go to the Account menu in the upper right and select Settings & Privacy > Settings > Privacy. Click the “Edit” link on every choice on this page to personalize who can see what, who can friend you, even who can look you up. Get as granular as you want—ensuring, for example, that old boyfriends or girlfriends can’t see your posts.
Finally, inspect your contact info: Go to your General Account Settings under General and again, click “Edit” next to every entry. Double-check the email addresses and phone numbers entered. Minimize the list of who has access as much as possible to maximize anonymity.
To leave Facebook, you can either deactivate or delete your account. Deactivating leaves your data on the site in case you decide to return. Facebook deactivates your account for two weeks, just in case you really didn’t mean it—and after that, it’s gone. (Even then, some digital photos may linger.) Go to your account on the desktop, click the drop-down menu at the top-right of your screen, and select Settings & Privacy > Settings > Privacy. Click Your Facebook Information on the left. Scroll down, and you’ll see Deactivation and Deletion at the bottom.
Don’t list your website or real email in your profile. Make sure your password is different from that of any other site. That’s good advice across the board, but we know people don’t follow it, so we repeat it a lot. You really should with Twitter, which has had some security breaches.
You also have the option, under Settings > Privacy and Safety, to protect your tweets, meaning only those followers you approve get access to them. Protected tweets aren’t searchable or retweetable, and you can’t share permanent links to them with non-approved followers. (That said, you’re fooling yourself if you think using social networking—or posting anything online—is private—it takes just one “approved follower” to grab a screenshot and share it with the world.)
To leave Twitter completely, in the Settings and Privacy menu, tap Account, scroll to the bottom and select “Deactivate your account.” You’ll have 30 days to change your mind and reactivate; otherwise, you’re gone.
Gmail
Want to dump Gmail? First, we recommend you download your emails. While signed into your Gmail account, go to myaccount.google.com, click Data and Privacy, then Download your Data, which takes you to Google Takeout. Follow directions to export your Gmail emails. Once you’ve secured your email archive, return to myaccount.google.com or click your account avatar on the top-right of your Gmail inbox and select Manage your Google Account. Under Manage your data & privacy, click Delete your Google Account.
Disabling your account renders it inactive until you sign back in, whereas deleting your account removes your profile, photos, videos, comments, likes, and followers. You can’t use the app to disable or to delete your account, though; you have to sign into Instagram.com to do either.
To disable, from your account homepage, click on your name to view your account profile, click on Edit Profile, then click on the link at the bottom: “Temporarily disable my account.” To delete, click Delete Your Account from the homepage. Click on the drop-down menu and select a response to answer the question of why you’re deleting your account. Type your password, then click on “Permanently delete my account.”
The site lets you adjust your privacy options: Click on your Profile (photo) icon, then click Settings & Privacy in the drop-down menu and select Account preferences, then Visibility to see the options. You can also Hibernate your account, which is similar to deactivating on other platforms. Or you can delete your account entirely. Again, go to Settings, and under Account preferences, click Account management, and Close account. Click Continue and select a reason for closing your account, then hit Next. Enter your password, and you’re done.
TikTok
TikTok doesn’t require you to create an account to take advantage of the service; you can download the app and immediately start discovering videos. Don’t want it anymore? Just delete TikTok from your phone. If you have an account, however, uninstalling the app won’t do anything about the content you’ve already created and collected, so it’s best to wipe the slate clean. Open the TikTok app, then tap the profile button in the bottom-right corner of the app, and select the three-line hamburger menu in the top-right corner. Tap “Manage account” and then “Delete account” at the bottom of the page.
If you’re worried about getting tracked as you surf, sign out of the above services, as well as Microsoft, Google, Amazon, and Apple, when you’re done using them. Otherwise, the ad servers and cookies and so forth that are run by those services or their affiliates will pretty much know where and when you go online at all times. Signing out is a pain, because logging back in is a pain—and that’s exactly what the big companies tracking you are counting on.