1.

Install an open-source password manager

{{whyLabel}}: Reusing passwords is the #1 cause of account takeovers; a manager allows for unique, complex keys for every service.

{{howLabel}}:

Download an open-source tool like Bitwarden or KeePassXC.
Create a 'Master Password' that is at least 15 characters long, using a random phrase.
Install the browser extension and mobile app to sync your credentials.

{{doneWhenLabel}}: [Password manager is installed and a master password is set]

2.

Enable TOTP-based Two-Factor Authentication (2FA)

{{whyLabel}}: SMS 2FA is vulnerable to SIM-swapping; app-based TOTP (Time-based One-Time Password) is significantly more secure.

{{howLabel}}:

Download an open-source authenticator like Aegis (Android) or Ente Auth (iOS/Android).
Go to security settings of your primary accounts (Email, Bank, Social Media).
Scan the QR code provided by the service into your authenticator app.
Save the 'Backup Codes' in a secure, offline location.

{{doneWhenLabel}}: [Primary accounts are secured with an authenticator app instead of SMS]

3.

Set up an email aliasing service

{{whyLabel}}: Giving your real email to every website links your identity across the web and leads to spam and data leaks.

{{howLabel}}:

Sign up for a service like SimpleLogin or Addy.io (formerly AnonAddy).
Create a unique alias for every new service you sign up for (e.g., 'netflix.random123@simplelogin.com').
Forward these aliases to your main, private inbox.

{{doneWhenLabel}}: [Aliasing service is configured and the first alias is created]

4.

Switch to a privacy-respecting browser

{{whyLabel}}: Mainstream browsers like Chrome are designed to collect data for advertising profiles.

{{howLabel}}:

Install Brave (for ease of use) or LibreWolf (for maximum privacy).
If using Firefox, go to 'Settings' > 'Privacy & Security' and set 'Enhanced Tracking Protection' to 'Strict'.
Import your bookmarks but do not sync browsing history with a Google/Microsoft account.

{{doneWhenLabel}}: [A privacy-focused browser is set as your default]

5.

Configure uBlock Origin in 'Hard Mode'

{{whyLabel}}: Standard ads are often 'malvertising' or trackers that follow you across websites.

{{howLabel}}:

Install the uBlock Origin extension (avoid 'uBlock' or 'AdBlock Plus').
Open the dashboard, go to 'Filter lists', and enable 'AdGuard URL Tracking Protection'.
For advanced users: Enable 'I am an advanced user' to block 3rd-party scripts by default.

{{doneWhenLabel}}: [uBlock Origin is active and blocking 3rd-party trackers]

6.

Change your DNS provider to a private resolver

{{whyLabel}}: Your ISP logs every website you visit via their DNS; private resolvers encrypt these queries.

{{howLabel}}:

Go to your browser or OS network settings.
Set 'DNS over HTTPS' (DoH) to a provider like Quad9 (9.9.9.9) or NextDNS.
NextDNS allows you to see and block tracking attempts at the network level.

{{doneWhenLabel}}: [DNS queries are encrypted and no longer visible to your ISP]

7.

Disable OS-level telemetry and tracking

{{whyLabel}}: Windows and macOS send usage data and 'diagnostic' info back to their manufacturers by default.

{{howLabel}}:

Windows: Use a tool like 'O&O ShutUp10++' to disable telemetry with one click.
macOS: Go to 'System Settings' > 'Privacy & Security' > 'Analytics & Improvements' and turn everything off.
Mobile: Disable 'Allow Apps to Request to Track' in iOS or 'Usage & Diagnostics' in Android.

{{doneWhenLabel}}: [Operating system telemetry is minimized or disabled]

8.

Migrate sensitive chats to Signal

{{whyLabel}}: Signal is the industry standard for end-to-end encryption with zero metadata collection.

{{howLabel}}:

Install Signal on your phone and link it to your desktop.
Set 'Disappearing Messages' as a default for new chats (e.g., 1 week).
Enable 'Registration Lock' to prevent others from re-registering your number.

{{doneWhenLabel}}: [Signal is installed and disappearing messages are enabled]

9.

Use a reputable, no-logs VPN

{{whyLabel}}: A VPN hides your IP address from websites and prevents local network snooping on public Wi-Fi.

{{howLabel}}:

Choose a provider with a proven no-logs policy and open-source apps (e.g., Mullvad or Proton VPN).
Enable the 'Kill Switch' feature to stop traffic if the VPN connection drops.
Use the 'WireGuard' protocol for the best balance of speed and security.

{{doneWhenLabel}}: [VPN is active and 'Kill Switch' is enabled]

10.

Switch to an encrypted email provider

{{whyLabel}}: Gmail and Outlook scan your emails for advertising data; encrypted providers cannot read your content.

{{howLabel}}:

Create an account with Proton Mail or Tuta (formerly Tutanota).
Use this for your most sensitive communications (banking, legal, health).
Gradually move your most important accounts to this new address.

{{doneWhenLabel}}: [Encrypted email account is active and receiving mail]

11.

Audit and delete old online accounts

{{whyLabel}}: Every old account is a potential data breach waiting to happen.

{{howLabel}}:

Search your email for keywords like 'Welcome', 'Verify', or 'Account'.
Use 'HaveIBeenPwned.com' to see which of your accounts were involved in breaches.
Visit 'JustDelete.me' for direct links to the deletion pages of thousands of services.

{{doneWhenLabel}}: [At least 10 unused accounts are permanently deleted]

12.

Opt out of major data brokers

{{whyLabel}}: Data brokers aggregate your public records, social media, and buying habits to sell to third parties.

{{howLabel}}:

Manual: Visit the 'Opt-Out' pages of major brokers like Acxiom, Epsilon, and Whitepages.
Automated: Use a service like Incogni or DeleteMe to send hundreds of removal requests automatically.
Note: Manual removal is free but requires regular follow-ups every 6 months.

{{doneWhenLabel}}: [Opt-out requests sent to at least the top 5 data brokers]

13.

Restrict Google and Meta privacy settings

{{whyLabel}}: These platforms collect the most granular data on your behavior and location.

{{howLabel}}:

Google: Go to 'My Activity' and set 'Auto-delete' to 3 months for Web & App Activity and Location History.
Meta (Facebook/Instagram): Go to 'Accounts Center' > 'Your information and permissions' > 'Ad preferences' and disable 'Ad topics' and 'Data from partners'.
Opt out of 'AI Training' in the settings of both platforms to prevent your data from being used to train models.

{{doneWhenLabel}}: [Privacy settings are tightened and auto-delete is active]

14.

Scrub metadata from photos before sharing

{{whyLabel}}: Photos contain EXIF data (GPS coordinates, device info) that can reveal your exact location.

{{howLabel}}:

Use an open-source tool like 'ExifTool' or 'MAT2' (Metadata Anonymisation Toolkit).
On mobile, use apps like 'Scrambled EXIF' (Android) or 'Metapho' (iOS).
Run your photos through these tools before uploading them to social media or cloud storage.

{{doneWhenLabel}}: [Metadata is successfully removed from a test batch of photos]

15.

Create encrypted backups of sensitive data

{{whyLabel}}: Privacy also means ensuring your data isn't lost or accessible if your hardware is stolen.

{{howLabel}}:

Use 'VeraCrypt' to create an encrypted 'container' on an external drive.
For cloud backups, use 'Cryptomator' to encrypt files before they upload to services like Google Drive or Dropbox.
Store your recovery keys in your password manager.

{{doneWhenLabel}}: [Sensitive files are stored in an encrypted volume]

16.

Perform a quarterly 'Privacy Audit'

{{whyLabel}}: Privacy is a process, not a one-time setup; settings change and new leaks occur.

{{howLabel}}:

Set a calendar reminder for every 3 months.
Check 'HaveIBeenPwned' for new breaches.
Review app permissions on your phone and delete apps you haven't used in 90 days.
Update all software and firmware on your devices.

{{doneWhenLabel}}: [Calendar reminder is set and the first audit is scheduled]

Online privacy protection

Projekt-Plan