How to Protect Your Privacy Online: A Practical Guide for Activists, Sex Workers, and Everyone In Between

In an age where nearly everything we do leaves a digital footprint, protecting your privacy online isn't just for tech experts,  it's for anyone whose safety, livelihood, or freedom depends on staying in control of their personal information.

In recent months, it's become clearer that once-trusted platforms like ProtonMail can be compelled to help inform law enforcement. Add in the growing conversation around digital age verification and its proposed use to protect children through legislation like the Kids Online Safety Act, and the concept of digital privacy gets murky fast. Age verification requirements — however well-intentioned — create centralized databases of sensitive identity information that are a single breach away from being catastrophic for the people they're supposed to protect.

Here's a list of things that may be helpful when navigating the digital space, whether you're an activist, a sex worker, or just love sleuthing Reddit snark pages. This isn’t a one size fits all policy, and rather some steps to mitigate risks. 

Web Browsing

What you do on the internet creates a detailed picture of who you are: your interests, your politics, your location, your identity. These steps reduce how much of that gets captured in the first place.

• Ditch Google Chrome. Chrome is one of the most data-hungry browsers out there. Switch to Brave (blocks ads and trackers automatically), DuckDuckGo (simple, clean, and blocks trackers by default across both mobile and desktop), or Tor Browser if you ever need maximum anonymity for sensitive research.
• Use a VPN. A VPN encrypts your internet connection and masks your IP address. Your internet provider can't log your activity, and websites can't as easily pinpoint who or where you are.
• Get a password manager. If you reuse passwords across accounts, one breach exposes everything. Bitwarden is free, open source, and easy to use. 1Password is a great paid option.
• Stop signing in with Google or Facebook. Every time you do, you're letting those companies track your activity across different apps and services. Create separate accounts with separate email addresses wherever you can.

Your Phone

Your phone is probably the most intimate surveillance device you own. It knows where you are, who you talk to, what you search, and what you buy. These steps help you take some of that back.

• Audit your app permissions. Go through your settings and check what each app actually has access to. Most don't need your location, microphone, or contacts. And yet many request all three. Revoke anything that isn't essential. Location access in particular creates a detailed log of your movements that can be subpoenaed or sold.
• Switch to Signal for messaging. Regular text messages are not private. Signal uses end-to-end encryption, which means only you and the person you're talking to can read what's sent, not your carrier, not Signal, not anyone else. Make it your default for any conversation that matters. I would also suggest using vanishing messages for additional protection.
• Set a strong passcode. A long, random numeric passcode (8–10 digits) takes dramatically longer to crack than a 4-digit PIN or a pattern. Avoid birthdays or repeating numbers. On iPhones, pressing the wake button and a volume button together will quickly disable Face ID and require a passcode.
• Enable two-factor authentication, but skip the text message codes. 2FA is essential, but SMS codes can be intercepted through SIM-swapping attacks. Use an authenticator app like Aegis (Android) or Google Authenticator instead. For your most critical accounts, a hardware key like YubiKey is even better.
• Keep everything updated. Software updates aren't just about new features. They patch security vulnerabilities. Enable automatic updates and don't ignore the prompts.
• Turn off AI notification summaries. Newer iPhones and Android devices offer AI features that summarize your notifications. This defeats the purpose of using encrypted messaging. Go into your notification settings and turn these off for Signal and any other sensitive app.
• Traveling or renting a car? Always delete your phone from the vehicle's Bluetooth before you return it. Paired devices can retain your contacts and location data long after you're gone.

Social Media

Social media is where most people's digital footprints are the largest, and where the gap between what feels private and what actually is tends to be widest.

• Delay posting and scrub your photo metadata. Photos contain hidden EXIF data, including precise GPS coordinates, timestamp, and device info from when they were taken. Post after you've left a location, and strip metadata before uploading using ExifTool or your platform's built-in privacy settings.
• Audit your privacy settings, and do it regularly. Platforms update their settings constantly and default to sharing more than most people realize. Lock down who can see your posts, your friends list, your tagged photos, and your contact information across every platform you use.
• Think before you livestream. Documenting what's happening around you matters. But livestreaming makes it nearly impossible to ensure everyone in frame has consented to being identified. Be mindful, especially in politically charged or sensitive situations.
• Be cautious with facial recognition features. Many platforms use it to tag photos automatically. Disable these settings wherever you can, and think carefully before uploading personal images to AI-powered tools.

For Activists & Sex Workers

Everything above applies to you, and then some. Activists and sex workers face a distinct and elevated set of risks, from law enforcement surveillance and doxxing to platform deplatforming and client harassment. This section is specifically for you.

• Keep your identities completely separate. Your work or activist identity and your personal life need a clear, hard boundary between them. Separate email addresses, separate phone numbers, separate social media accounts, and ideally separate devices. I realize this presents a unique challenge.
• Get a secondary phone number. Never use your personal number for public profiles, client communication, or organizing. Google Voice and MySudo offer secondary numbers for calls and texts. Your phone number can be used to find your home address through people-search sites. Protecting it isn't optional.
• Remove yourself from people-search sites. Your home address and phone number are almost certainly already listed on dozens of data broker websites. EasyOptOuts (~$20/year) automates removal across most of them. Even the best tools only cover about 70% of sites, so follow up manually for the rest. For higher-risk individuals, Optery goes further.
• Rethink ProtonMail for sensitive communication. ProtonMail is still more private than Gmail, but recent confirmed cases of Proton complying with law enforcement data requests mean it can no longer be treated as fully anonymous, especially for high-risk users. Think of it as one layer of protection, not a guarantee. For sensitive organizing communication, Signal remains a stronger option.
• Understand what age verification laws mean for you. Legislation like the Kids Online Safety Act and various state-level age verification laws would require platforms to collect and verify users' real identities. For sex workers, this means centralized identity databases and forced de-anonymization. A single breach puts that information in the wrong hands. Stay informed, and start thinking now about what platform shifts might mean for your work and income.
• Cover your face at protests and public actions. Facial recognition is more sophisticated and more widely deployed than most people realize. A basic surgical mask may not be enough to defeat current tools. A full-face covering is more effective. Consider this coverage for other identifying features like tattoos too.
• Consider leaving your phone at home for high-risk events. Your smartphone is a tracking device. At protests or sensitive situations, leaving it at home or bringing a stripped-down secondary device is the safest option. If you do bring it, keep it off or in a Faraday bag as much as possible to prevent it from connecting to stingray devices.

Additional Resources:

• Hacking//Hustling: digital safety resources for sex workers
• SWOP Behind Bars: internet safety support and advocacy

Finally, take care of yourself. Surveillance and harassment are designed to make you feel like you need to go smaller and quieter. Don't let that work. These tools exist so you can stay protected and keep showing up. Collective security, looking out for each other, matters as much as any individual step you take on your own.

‍