How to Protect Your Privacy Online (2026) – 14 Practical Tips

Internet privacy in 2026 – why you should care

When I wrote the first version of this article in 2021, I was struck by how much companies know about us and how they can influence our reality. Location tracking, facial recognition, operations on large data sets, linking them with our behavior. All to serve us increasingly targeted ads. But is it really just about that?

Five years have passed since then, and I have to say the situation is simultaneously better and worse than I expected. Better, because people have started waking up. Data subject requests (DSRs) increased by 246% between 2021 and 2023, and 92% of Americans say they are concerned about their online privacy. Worse, because on top of traditional threats, something I didn’t anticipate on this scale has emerged: artificial intelligence that feeds on our data.

Would you want your friends to know what you’re talking about at any given moment, where you are, what you’re doing, what you’re searching for, when and how you argue with loved ones, or what extreme emotions are tearing through you? Or which website you’re visiting right now and what content you’re watching? Then why do you share such information with unknown companies and the strangers who work there?

Billions of people often unknowingly share data about themselves and don’t realize how much information corporations hold about them. Those corporations, in turn, sell it further, and in extreme cases, it ends up in the hands of governments.

Some people who are aware of this sometimes share their data voluntarily, guided by the idea “I have nothing to hide.” This approach is a huge mistake.

Privacy is a right that belongs to every individual. It lies at the foundation of freedom of speech, association, and assembly. All of these elements are essential for the existence of a free and fully democratic society.

Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.

Online security and anonymity are not just about preventing strangers from accessing our love letters, intimate photos, or purchases. It’s also about the kind of society we want to live in and how companies will be able to influence the world around us. With unlimited access to data about society, it becomes easier to manipulate it.

The internet is not a place where you are anonymous

While surfing the internet, you may feel like you’re alone. In reality, however, everything you do, browse, click, search, and watch is visible to others and being “recorded.” The websites you visit store detailed information about every user. Internet service providers monitor and log records for all their customers. Even browser extensions and operating systems collect and share information about your daily habits.

The simplest and most accurate way to identify a specific person online is by tracking their IP address. Every device connected to the network receives this unique address the moment it connects to the internet. Another method is a unique browser “fingerprint.” This is a more complex but equally frightening tracking technique. It compares various data such as screen resolution, language, browser, time zone, plugins, and hundreds of other pieces of information that your browser willingly shares with every website you visit.

In 2026, artificial intelligence models are added to the mix – they can connect this scattered data and create increasingly accurate profiles from it. Someone doesn’t just know which websites you visit. An algorithm can predict what you’ll do tomorrow based on that information.

Online security and data breaches

When I looked at the report on Privacy Rights, it turned out that the list of personal data breaches in the United States alone runs to tens of thousands of entries. The list contains various data and a wealth of information about millions of people.

In 2025, there were 3,322 data breach incidents in the United States alone, representing a 4% year-over-year increase. Globally, more than 12,000 leak cases were confirmed. The average cost of a single data breach in the US rose to $10.22 million, making it the most expensive region in the world in terms of breach costs.

One of the largest leaks in recent years was the Change Healthcare data breach, which affected medical and personal data of an estimated 190 million people. It is the largest medical data breach in the history of the United States. In 2025, a collection of 16 billion stolen credentials circulating online was also discovered.

Ransomware attacks increased by 45% in 2025, hitting the manufacturing sector hardest (a 56% increase). Global ransomware costs reached $57 billion annually, which amounts to approximately $156 million per day. I could go on listing, but I think the picture is clear: this is simply everyday reality.

On the Wikipedia page, you can find a condensed list of some of the largest personal data breaches, covering services and companies that most of us use on a daily basis.

Artificial intelligence and online privacy

When I wrote this article in 2021, this topic wasn’t in it. In 2026, it has become perhaps the most important challenge to our online privacy.

Artificial intelligence models are trained on massive datasets, including personal data, often without explicit user consent. Google uses Google Workspace user data to train its Gemini model and has enabled this option by default for everyone. Slack admits that private user messages may be used to train AI models. Microsoft integrates AI into Teams, Word, and Excel, and soon deeply into the operating system itself, with completely disabling AI data processing being impossible without limiting the core functionality of the tools.

Research shows that 70% of consumers have little trust in companies when it comes to responsible use of AI. Privacy risks associated with generative artificial intelligence increased from 22% in 2025 to 34% in 2026.

As a CEO of a technology company, I see this from both sides. AI offers enormous possibilities, but it requires a responsible approach to data. Many companies treat user data as a free raw material for training their models. And we often don’t even know that our conversations and emails are being fed into the training of these models.

How to disable AI training on your data – service by service

Most large companies enable the use of your data for AI model training by default. The opt-out option exists, but it is deliberately hidden deep in the settings. Disabling it does not reverse training that has already occurred, but it limits further processing. Below I’ve gathered specific instructions for each service.

Service	How to disable	Notes
ChatGPT	Profile → Settings → Data Controls → disable “Improve the model for everyone”	ChatGPT Enterprise and API do not train by default. Note: without logging in, data is used for training
Google Gemini	Gemini Apps Activity → disable “Keep Activity”	Google retains data for 72 hours even after disabling. “Temporary Chat” mode saves nothing. Business accounts (Workspace) are not used for training
Microsoft Copilot	Profile → Settings → Privacy → disable “Training on conversation activity”	Opt-out does not exclude use of data for “general product improvements.” Microsoft retains conversation history for 18 months
Meta AI (Facebook, Instagram)	In EU/UK: opt-out form under GDPR	In the US, there is no opt-out option. Since May 2025, Meta uses European users’ data for AI training. Since December 2025, AI chat data is also used for ad personalization
LinkedIn	Settings → Data Privacy → Data for Generative AI Improvement	Since November 2025, LinkedIn uses EU users’ data for training. Disabling does not reverse training that has already occurred
Slack	Email with your workspace URL	Only the Owner/Primary Owner of the organization can do this. Slack states it analyzes metadata, not message content
Adobe	Account settings → opt out of content analysis	Adobe may use Creative Cloud files for ML. The Content Credentials tool allows adding a “Do Not Train” tag
Apple Intelligence	Settings → Privacy & Security → disable “Share iPhone & Watch Analytics”	Apple states it does not use private data to train base models. You can check the report: Settings → Privacy → Apple Intelligence Report
Zoom	AI Companion is off by default – don’t turn it on	After the 2023 controversy, Zoom changed its policy. Admin can disable meeting summaries at the account level

The pattern is the same everywhere: enabled by default, opt-out option hidden, and disabling it doesn’t undo what the company has already done with your data. The sooner you do it, the less data they’ll process.

Shadow AI – a hidden threat in companies

In companies, I see something else. 68% of employees use unauthorized AI tools at work (up from 41% in 2023). They paste company data into ChatGPT, Gemini, or Claude, often without their employer’s knowledge or consent. 75% of them admit to sharing potentially sensitive data. According to IBM’s report, a data breach caused by shadow AI costs a company an average of $670,000 more than a typical incident. And 43% of companies have no AI tools policy at all.

If you run a company, it’s worth establishing rules for AI use and training your team. So people know what not to paste into a chatbot.

Regulations: EU AI Act and GDPR changes

The European Union passed the AI Act, with full implementation planned for the second half of 2026. The Act prohibits eight “unacceptable practices” related to AI, and penalties for violations can reach up to 7% of a company’s global annual revenue. Brazil suspended Meta’s processing of personal data for AI training purposes, creating a global precedent.

In November 2025, the European Commission also proposed the Digital Omnibus package, which aims to simplify overlapping regulations (GDPR, AI Act, Data Act) and reduce the administrative burden on companies. One of the proposals explicitly recognizes processing personal data for AI system development as a “legitimate interest” under GDPR, though with proportionality requirements and appropriate safeguards. Legislation is clearly heading toward taming AI, not blocking it.

Deepfakes, voice cloning, and AI-generated phishing

AI also creates threats that didn’t exist a few years ago. Deepfakes – fake AI-generated videos – increased by 700% in 2025. People can identify fake videos only 24.5% of the time. In February 2024, an employee at engineering firm Arup transferred $25 million after a video conference with deepfakes of board members.

Voice cloning is even simpler. According to McAfee, just 3 seconds of your voice recording is enough to create a clone with 85% accuracy. 60 seconds produces an almost perfect copy. Voice phishing increased by 442% in 2025, and projected losses from this type of fraud are expected to reach $40 billion by 2027.

AI-generated phishing emails have a 54% click-through rate, compared to just 12% for traditional ones. Scams have become 4.5 times more effective. According to KnowBe4, 82.6% of phishing emails already contain AI-generated content.

A few things that make sense: be skeptical of unexpected calls and messages, even if the voice or face looks familiar. Set up a “safety password” with close ones in case of suspicious phone calls. Don’t publish long recordings of your voice on public social media, as it’s ready-made material for cloning. And if you receive an email requesting an urgent transfer or login credential change, verify it through a different channel before clicking.

Protecting online privacy – why it matters

The more someone knows about us, the more power they can have over us. The data we deal with daily not only serves to make very important, life-changing decisions but can also be used to influence those decisions and our behavior. It can also be used to destroy our reputation and exert control over us. In the wrong hands, it can serve to deliberately cause harm.

Online privacy is not our privilege, but an enforceable right. Respect for another person requires respecting their personal privacy.

Losing control over our private information is, in a sense, losing control over our own lives and their dignity. If we have a legitimate desire to keep something private, it must not be dismissed.

75% of consumers say they won’t buy a product from a company they don’t trust with their personal data protection. 48% have stopped buying from a specific vendor precisely because of privacy concerns. Privacy is a business factor today.

Online privacy allows us, among other things, to manage our reputation and how we are perceived by others. It affects our professional and personal lives and also helps protect us from false and erroneous judgments.

There are many reasons why the disclosure of confidential data can harm us. Things that might come to light include:

• Medical records – data about health conditions, diagnoses, and treatments can be used for discrimination in workplaces, insurance, or other services. As someone living with severe hemophilia, I know how sensitive such information is and how easily it can be used against us.
• Financial records – financial history, debts, loans, and tax data can lead to identity theft and financial fraud.
• Login credentials – passwords, usernames, and security questions. In 2025, a collection of 16 billion stolen credentials was discovered.
• Conversations and correspondence – private messages, emails, and chats may contain confidential data and personal secrets.
• Private photos – can be used for blackmail or reputation destruction.
• Browsing history – visited websites and search queries reveal our interests, habits, and sensitive aspects of our lives.
• Geolocation – data about the places we visit can reveal daily habits and schedules.
• Biometric information – fingerprints, facial scans, or retina scans are harder to change than passwords and are increasingly targeted by attacks.
• Data shared with AI models – this is a new category. Everything you type into a chatbot, AI assistant, or artificial intelligence-based tool can be used to train models and potentially be reproduced or disclosed.

This is very uncomfortable, especially when in our youth we do various, perhaps even morally questionable things that we later regret. Or we send our photos to someone close to us, and then they end up in the hands of people we work with because someone hacked our messenger.

By preserving the right to confidentiality, we can protect ourselves from lies and have at least a semblance of control over what we want the outside world to know about us.

This data even affects what content we see online and what search results appear for us in Google, Bing, or Yahoo. What we read or watch has a huge impact on our perception of the world, and influencing the content displayed to us can prevent us from exploring information outside the narrative presented to us. In 2026, this problem is even more serious because personalization algorithms have become significantly more sophisticated.

Personal data security online – what we leave behind

Many threats lurk online. Our data can fall into the hands of unauthorized people, or someone can impersonate us using that information.

It’s important to remember that being completely anonymous and secure is extremely difficult and, unfortunately, practically (or perhaps even certainly) impossible.

In addition to large corporations and hackers, certain national intelligence agencies are interested in our private data, conversations, and activities. Like the NSA, they can intercept and manipulate traffic across the entire internet.

As the data shows, since 2001, the United States government, with the help of telecommunications operators, has engaged in mass and illegal surveillance of domestic communications and call records of millions of Americans. I recommend the film “Snowden,” which describes this true story in an accessible way.

Agencies can, with high probability, collect basic information about all internet users. Such surveillance is highly visible in China and the United States and has unfortunately become an everyday reality. Data collection can serve to counteract prohibited activities, but it can also be used to collect, catalog, and monitor specific groups, for example by religious views, political beliefs, or social circles.

How to protect your online privacy – a practical guide

Some time ago, I progressively started blocking the ability to track what I do (unless I consciously share something on social media), and today I’d like to tell you about how to easily enable your “almost” anonymity. You can’t achieve 100% protection, but each of the steps below reduces the attack surface and makes tracking your activity more difficult.

Use private browsing mode

When you visit a website, you leave a trail in the form of your IP address and cookies. These files are saved on your local computer. Depending on how many websites you visit, they can store small or large amounts of data. This allows websites to deliver information and content tailored to your needs.

If you’re logged into your Gmail or Facebook account, a website that uses Google Analytics or the Facebook Pixel can obtain additional data about you. Enabling private mode allows you to “start fresh” every time you turn it on. This is the first and simplest thing you can do to make your internet usage slightly more anonymous. All temporary files, saved data, cookies, etc. are deleted when you close this mode.

Of course, using private mode while logged into your Google account, using Chrome, or using the same IP address won’t help much. Mainly because Google already knew your IP address and still knows who it’s dealing with. Private mode is a good first step, but it’s not a solution in itself.

You’ve probably encountered many times how Facebook shows you an ad for a new laptop that you searched for on Google the day before, or YouTube knowing that you watched videos about a new phone. These cookies can be used to create a unique fingerprint based on data collected by the browser. Browsing and searching in private mode largely helps avoid this.

Stop using Google, Yahoo, and Bing

Google, Bing, and Yahoo are the most popular search engines. They collect massive amounts of data about their users, especially when we’re logged into our accounts. Based on this, they can gather important data such as device location, device information, IP address, and cookie data.

To avoid tracking while searching, I warmly recommend using alternative search engines. For years, I recommended DuckDuckGo and I still consider it a solid option, but in 2026, we have more good choices:

• Kagi Search – a search engine that places great emphasis on privacy and result quality without ads or tracking. It operates on a subscription model, meaning that instead of collecting data for advertising purposes, you pay for the service. In return, you get search results that are neutral and independent of profiling. I personally use it and recommend it.
• DuckDuckGo – an independent search engine that doesn’t store search results or personal information of its users. Free and proven.
• Startpage – Google results, but without tracking.
• Brave Search – its own search index, no tracking, integrated with the Brave browser.

In the extreme case where you can’t switch to a different search engine, log into your Google account, click on “Data & Personalization,” and then disable ad personalization, YouTube history, and location saving. Digging deeper into your account, you’ll also find your search history, visited pages, and information about your phone, as well as brands that track your activity on your Google account (you can block them one by one).

Stop using certain tools

Gmail can read every email you send and receive. Google’s office applications and the competing Office 365 can scan everything you write. Dropbox opens and analyzes what you upload. All three companies I mentioned (among many others, such as Facebook, Yahoo, YouTube, Skype, AOL), according to documents revealed by Snowden, cooperated with mass monitoring and surveillance programs.

I recommend familiarizing yourself with the term PRISM. At the NSA’s request, internet companies committed to providing data contained in electronic mail, all data stored on internet operators’ drives (including photos and video materials), data transmitted via file transfers, through Voice over IP (VoIP), video conferencing, chats, data collected by social networking sites, as well as login credentials. The data revealed by Edward Snowden also shows that American intelligence agencies wiretapped phone conversations of many German politicians.

In 2026, these threats are compounded by the issue of training AI models on our data, which I discussed above. Gmail, Google Docs, Slack, Microsoft 365 – all of these tools can use our data to “improve their services,” which in practice means training artificial intelligence algorithms.

Hide your IP and location

Another important and simple thing you can do is hide your IP address. If someone has access to it, they can easily determine the geographic location of the server handling that address and get approximate information about where you are.

I remember exactly how during app development we used IP address databases that made it possible to locate a user practically down to the street they were on.

VPN

To hide your IP address, you can use a virtual private network (VPN). A VPN is an encrypted network that “tunnels” your connection to the sites you use, thereby “masking” your real location.

I personally recommend using dedicated VPN service providers (just don’t use Google’s!). You can find a comparison of them here. I personally use ProtonVPN (using my link you’ll get 1 month of premium for free), which, in addition to masking traffic, automatically blocks tracking scripts, ads, and malware servers.

ProtonVPN also protects DNS queries by redirecting them through an encrypted tunnel and avoiding external providers, which prevents your online activity from being exposed through DNS query leaks. DNS, or Domain Name System, is what makes browsing the internet so simple. Its job is to translate the website names we type into the browser into IP addresses. Thanks to this, you can type trojanczyk.pl in the browser, rather than 95.216.2.43. As an interesting fact, Google promotes its own DNS servers as fast and reliable, which is hard to disagree with, but before using them, we should ask ourselves why they do this and whether we really want to share with them information about every website we visit.

Modern VPN service providers give you the option to choose a server anywhere in the world. This way, you can pretend you’re currently in Lithuania, Estonia, or Canada. An additional benefit is the ability to access services that are unavailable in your country due to geo-blocking. You can also tunnel connections through multiple VPN servers simultaneously, making data analysis and determining your location even more difficult.

Install a VPN on your phone too.

TOR

For anonymous internet browsing, you can also use the TOR network (The Onion Router). This network prevents network traffic analysis and consequently provides users with nearly anonymous access to internet resources. Browsing the internet with TOR active is similar to simultaneously using hundreds of different proxy servers that are periodically randomized. Using it is completely free and very simple. TOR uses cryptography, encrypting transmitted messages in multiple layers.

To take advantage of this network, you can use the TOR browser or switch to the Brave browser, which includes TOR network support built in.

Interestingly, the TOR network provides access to the Dark Net (a part of the Deep Web) and its resources. This is a deliberately hidden part of internet resources that can only be browsed using special software. But I’ll write about that another time.

Change your email provider

I don’t know if you’re still using email from providers like AOL, Hotmail, or Yahoo. Maybe you use Gmail, but if you do, I strongly recommend switching to more secure solutions. Use an email service that offers encryption of your correspondence as standard and prevents third-party access.

I’ve personally been using Proton Mail and the additional services they offer for years. Among other things, their encrypted calendar, contacts, and their secure cloud drive (Proton Drive), which fully encrypts the data stored there (a replacement for Google Drive, OneDrive, or Dropbox). There are no ads or unwanted emails, and reading and forwarding your messages by other entities is mathematically impossible. Other secure alternatives include Tuta (formerly Tutanota) and Mailfence.

In 2026, the Proton ecosystem has grown into a full alternative to Google: email, calendar, drive, VPN, password manager (Proton Pass), and data breach monitoring. It’s probably the most comprehensive solution for people who want to move away from the Google ecosystem without sacrificing convenience.

Switch your messenger to Signal

Using proxy servers, VPN, and TOR masks your real IP address from outside eyes, but using messengers is a completely different matter. Messenger, Google Chat, Skype, and Teams don’t provide full security for transmitted messages. Companies can share your conversations with various agencies and governments.

That’s why it’s worth switching to Signal, which is the best-in-class app for sending encrypted messages, including voice and video calls. Signal already has over 70 million users and its popularity continues to grow. It doesn’t differ from other messengers in everyday use, but inside it has real encryption machinery.

Signal is the most secure messenger. Its source code (both server and client) is open, which means anyone can analyze it for “backdoors” and (in)correct use of cryptography. The creators have no access to the contacts the user has on their phone or conversation metadata. They not only don’t know what user A is talking about with user B, but that user A is talking to user B at all.

No wonder politicians and journalists around the world use it. A detailed comparison of various messengers can be found here in table form.

It’s also worth knowing that WhatsApp has been officially sharing data with Facebook (now Meta) since 2021. The European Commission fined Facebook 110 million euros for misleading about data integration with WhatsApp. Unfortunately, the fine changed little. If you care about privacy, switch your messenger to Signal.

Secure browser 2026 – which one to choose

Chrome currently handles about 67-71% of all web traffic. This is very bad because Google uses Chrome as a kind of window through which it watches your every move on the internet. If you don’t change your privacy settings in Google, Chrome will also save every website you visit. What’s worse, Chrome practically doesn’t block third-party tracking scripts.

A Washington Post article stated that Chrome collects an average of about 11,000 “trackers” every week. You fundamentally need to ask yourself whether you still want 11,000 pairs of eyes watching what you do and view on the internet.

To ensure better privacy, you should switch to one of these browsers:

• Brave – built on Chromium (so switching from Chrome is painless), blocks 97% of trackers by default, doesn’t collect any activity data. It already has over 82 million monthly active users. It includes a built-in VPN, TOR network, browser fingerprint blocking, and HTTPS Everywhere protocol. This is my main browser.
• Firefox – non-profit, open source, with Enhanced Tracking Protection blocking about 85% of trackers. A proven and trustworthy alternative.
• DuckDuckGo Browser – available for Android and iOS, a great option for your phone.

Install additional tracking script and ad blockers

I warmly recommend installing an ad and script blocking extension, primarily uBlock Origin. In 2024, Chrome already prevented it from working fully (due to the switch to Manifest V3), but fortunately Firefox and Brave still support it without restrictions.

There’s also a page with Polish filters where you can find additional rules for blocking external ads, affiliate links, pop-ups, tracking scripts, scams, anti-adblock scripts, cryptocurrency mining scripts, and much more.

Privacy Badger or the app provided by DuckDuckGo also work well.

To see what information is collected by some internet services and what you should protect yourself from, you can check out Terms of Service; Didn’t Read.

Avoid leaving browser fingerprints

Browser fingerprinting is a method that involves matching activity to identify individual users. Even using a VPN may not help much in this case.

It’s a bit like taking a fingerprint from an object we’ve touched. Initially, it’s unknown whose fingerprint it is, but all it takes is comparing it with a database containing fingerprints to find its owner. This is exactly how it’s done on the internet: browser fingerprints are cataloged and collected in bulk so that they can then be analyzed and the person’s identity revealed.

To avoid leaving your browser fingerprints, first switch to Firefox or Brave and install the Privacy Badger extension I mentioned earlier. To test your browser, you can use the Cover Your Tracks or AmIUnique tool.

Password manager – which one to choose in 2026

It’s very dangerous to use the same password for all the internet services you use. You should make sure that the passwords you use are unique for each service you log into and contain about 16-20 characters, including uppercase and lowercase letters as well as special characters.

Given that the average person would have to remember 70-80 passwords, memorizing all of them turns out to be impossible. That’s why many of us end up reusing the same old passwords or relying on ones that are easy to remember but equally easy to guess.

A password manager allows you to generate unique passwords for each service, encrypt them, and then have them all accessible under one master password. You can use Proton Pass, Bitwarden, or 1Password. A comparison of them can be found here.

Passkeys – the end of the password era

Passkeys in 2026 simply work and are slowly replacing passwords. Instead of typing a password, you log in using biometrics (fingerprint, face scan) or a PIN on your device. The cryptographic key never leaves your device, so it can’t be stolen in a website data breach. A passkey can’t be phished because it only works on the legitimate site.

Apple, Google, and Microsoft support passkeys on their platforms. Microsoft made passkeys the default login method for new accounts in May 2025, which increased authentications by 120%. By the end of 2025, nearly 70% of users already had at least one passkey. The passwordless authentication market reached $24.1 billion in 2025 and is growing at over 18% annually.

You can already configure passkeys in Google, Apple, Microsoft, Amazon, PayPal, GitHub, LinkedIn, X (formerly Twitter), and many other services. The list grows from month to month. If a service you use offers this option, enable it. I think it’s the most effective thing you can do for the security of your accounts in 2026.

Set up two-factor authentication

In all the services you use, you should enable two-factor authentication (2FA). This means every login must be confirmed with a specially generated code, which reduces risk and practically makes logging in impossible even if someone knows your password.

Important note: in 2025, NIST (the US National Institute of Standards and Technology) officially recognized that SMS codes are not sufficiently secure as a second factor. It’s better to use an authenticator app (e.g., Authy, Proton Pass, or one built into your password manager) or a hardware key (e.g., YubiKey). SMS codes can be intercepted through SIM swap attacks.

You can enable 2FA on Facebook, X (formerly Twitter), Proton Mail, Instagram, Google, Microsoft, and many other platforms.

Change privacy settings in your operating system

The operating system on your computer sees and knows literally everything. When an application wants to read something from your drive, communicate with the outside world, connect to the internet, display something, or ask you a question, it does so through the operating system. To ensure the basics of your computer’s security, you should always keep the operating system and installed applications up to date, install antivirus software, enable the firewall, cover the camera, and enable disk encryption (Windows, macOS, Linux).

Windows 10, 11, and newer

In Windows, press the Start menu and start typing “privacy settings.” In the general settings, disable all possible options: allowing websites to share content relevant to your location, using the advertising content identifier, tracking app launches, and suggested content.

Also disable settings related to handwriting personalization, speech, and activity history, and in the diagnostics tab, don’t allow sending optional diagnostic data or a customized environment. Review other privacy settings as well, check which apps have access to location (which is best turned off entirely), camera, and microphone.

I also recommend the WPD Privacy tool, which allows detailed control over privacy settings, firewalls, and unnecessary system applications in Windows. It’s very intuitive and helps configure the system to maximize privacy protection.

macOS

Apple shot itself in the foot when it turned out that Siri shared certain conversation fragments with third parties. Just to be safe, on a Mac in “System Settings” under the Privacy & Security tab, uncheck the option to share data with Apple.

Review all privacy settings. Disable sharing crash data with developers and diagnostic data. Disable location, prevent tracking by advertising scripts. Click on each item (contacts, camera, microphone, disk access) and check which applications have access to system functions. Revoke permissions for those you’re not sure about.

How to secure your phone from tracking

With smartphones, we mainly focus on not losing them and pay little attention to what we have installed on them and which services we allow to track us. Honestly? A mobile phone provides virtually no privacy.

According to the Washington Post, on an average iPhone, apps using tracking scripts collect and share about 1.5 GB of data every 30 days. “Secret Service bought phone location data from apps” – this isn’t a conspiracy theory, it’s a headline from Vice.

Apps like ProtonVPN can at least partially stop such tracking. Beyond that, change the privacy settings on your phone:

• enable screen lock,
• don’t use public USB chargers (e.g., at airports),
• update all apps,
• go to app permissions and review what you’re sharing with each one,
• disable location (enable only when you need navigation),
• disable Bluetooth when not needed – here’s why,
• install a VPN (just like on your computer),
• change your default search engine to DuckDuckGo or Kagi,
• use a password manager,
• enable device encryption,
• disable voice assistants and background listening,
• switch your messenger from Messenger and WhatsApp to Signal.

Use TAILS to leave no traces behind

When you’re, say, a journalist contacting your source or searching for something in secret from the entire world and want to cover your tracks, use TAILS. It’s an operating system that boots from a USB drive and prevents access to your personal data stored on your main operating system. Windows and macOS are particularly bad at handling data that can be used to identify us. Linux is significantly better in this regard because it’s simpler to separate the system user from the device they’re using. TAILS is completely free. Just run the installer and follow the on-screen instructions.

How to remove your data from the internet

Prevention is one thing. But what about data that’s already circulating online? We have the right and specific tools for that.

The right to be forgotten (Art. 17 GDPR)

If you live in the European Union, you have the right to request the deletion of your personal data from any company that processes it. This comes from Article 17 of the GDPR (the right to erasure, commonly known as the “right to be forgotten”). You can write to a company requesting the deletion of your data and the company is obligated to do so within 30 days, unless it has a legitimate legal basis for retaining them.

Google provides a form for removing search results containing your personal data. You can also submit a request to remove specific pages from Google results. This doesn’t delete the page itself, but it stops appearing in search results.

Data brokers – who sells your data and how to stop it

There’s an entire industry of companies called data brokers. They collect, catalog, and sell personal data: first name, last name, address, phone number, email, purchase history. Marketers, insurers, analytics firms buy them, and sometimes people with far worse intentions.

Manually unsubscribing from hundreds of databases is unrealistic. There are services that do this:

• Incogni (by Surfshark) – automatically sends data deletion requests to over 420 data brokers and repeats this every 60-90 days, because brokers tend to re-collect data. Audited by Deloitte in 2025.
• DeleteMe – a team manually sends opt-outs to brokers. Claims 850 brokers, though it effectively handles about 180 fully automatically.

Both services are paid, but if you care about keeping your data from circulating in telemarketer and spammer databases, it’s a reasonable investment.

How to check if your data has been leaked

First, check if your data has leaked somewhere. I use these tools:

• Have I Been Pwned – enter your email address and check whether it appeared in any of the thousands of known breach databases. Free and run by independent security researcher Troy Hunt.
• Have I Been Trained – a tool for creators. It lets you check whether your photos have been used in datasets for training AI models (e.g., LAION-5B, which was used to train Stable Diffusion). You can also add your images to the “Do Not Train” registry.
• Mozilla Monitor – a free tool from Mozilla that monitors your data in known breaches and notifies you of new ones.

I recommend checking your primary email address in Have I Been Pwned. In 2025, a collection of 16 billion stolen credentials was discovered circulating online. More than twice the number of people on Earth.

Summary: internet security in 2026

The internet increasingly functions as a surveillance tool. Maintaining privacy online is harder than ever, even at home.

Tim Berners-Lee, known as the creator of the internet, has long warned about the problem of centralization and monopolization of the web. According to him, today’s virtual world is created and controlled by tech giants, and these companies have increasing control over what we see and read.

In 2026, artificial intelligence is using our data on a scale that nobody assumed five years ago, building increasingly accurate models of how we behave.

No matter how you look at it, protecting online privacy is something worth taking care of now, not next year. You can’t achieve 100% protection, but each of the steps described above reclaims a piece of control over who sees your data.

By the way, if you’re interested in the topic of security, I invite you to download the free book “Understanding Cybersecurity.”

Frequently asked questions

How to protect your privacy online?

Start with the basics: switch your browser to Brave or Firefox, use the Kagi or DuckDuckGo search engine, enable a VPN (e.g., ProtonVPN), install a password manager, and enable passkeys wherever possible. On your phone, disable location, review app permissions, and switch your messenger to Signal. In every service, disable the use of your data for AI training.

Does a VPN provide complete anonymity online?

No. A VPN masks your IP address and encrypts traffic, but it doesn’t protect against tracking via cookies, browser fingerprints, or logging into services (e.g., Google, Facebook). A VPN is an important layer of protection, but not the only one. Treat it as one of several steps, not as a solution in itself.

How to remove your data from the internet?

In the EU, you have the right to data deletion under Art. 17 GDPR. You can send a request directly to the company that processes your data. Google provides a form for removing search results. Services like Incogni or DeleteMe automatically send deletion requests to hundreds of data brokers.

What is a passkey and should I enable it?

A passkey is a modern alternative to passwords. You log in using a fingerprint, face scan, or PIN. The cryptographic key never leaves your device, so it can’t be stolen through a data breach or phished. You should definitely enable it wherever possible.

How to check if my data has been leaked?

Go to Have I Been Pwned and enter your email address. The tool will check whether your data appeared in any of the thousands of known breach databases. If so, immediately change your password for that service and enable two-factor authentication.

Do ChatGPT, Gemini, and other AI services use my data?

By default, yes. ChatGPT, Google Gemini, Microsoft Copilot, LinkedIn, Meta AI – all use user data to train their models by default. Disabling it is possible, but you need to do it manually in the settings of each service separately. Step-by-step instructions for each of them can be found in the table above in the article.

Sources:

• Privacy Rights – Data Breaches
• Wikipedia – List of Data Breaches
• DemandSage – Data Breach Statistics 2026
• Market.us – Internet Privacy Statistics 2026
• Secureframe – Data Privacy Statistics 2026
• NordStellar – Ransomware Statistics 2025
• SecurePrivacy – Data Privacy Trends 2026
• Future of Privacy Forum – 2026 Global Data Protection
• EFF – Cover Your Tracks
• EFF – NSA Spying
• Terms of Service; Didn’t Read
• The Guardian – Snowden NSA Files
• IBM – Cost of a Data Breach Report 2025
• Keepnet Labs – Deepfake Statistics and Trends
• ZeroThreat – AI Phishing Statistics
• Programs.com – Shadow AI Statistics
• EU AI Act – Implementation Timeline
• Have I Been Trained – AI Training Data Search