Back to Blog

Privacy Checklist 2026: 25 Steps to Protect Your Digital Life

December 11, 2025 10 min read Privacy, Security, Checklist

Disclosure: This article contains affiliate links. We may earn a commission at no extra cost to you.

New year, new privacy goals. If you're like most people, you've been meaning to "do something about privacy" for years. But where do you even start? There's so much advice out there that it's paralyzing.

That's why we created this checklist. 25 actionable steps you can take right now to dramatically improve your digital privacy in 2026. No vague advice. No expensive tools. Just practical steps that actually work.

Bookmark this page. Work through it at your own pace. Check off each item as you complete it. By the time you're done, you'll have a privacy setup that puts you ahead of 99% of internet users.

Before you start: Check your current exposure level. Visit myip.foo to see what websites already know about you: your IP address, location, and ISP. This is your starting point.

Network Privacy (Steps 1-7)

Your network is the foundation of your privacy. If your IP address leaks, everything else is compromised. Start here.

1. Check Your Current IP Exposure

Before you can fix problems, you need to know what's exposed. Visit myip.foo and note what you see:

  • Your public IP address (IPv4 and/or IPv6)
  • Your approximate location (city, country)
  • Your ISP name
  • Whether you're on a VPN or not
myip.foo showing IP address and location information
Your IP reveals your location and ISP to every website you visit

2. Get a Reliable VPN

A VPN encrypts your internet traffic and hides your real IP address. It's the single most impactful privacy tool you can use.

What to look for:

  • No-logs policy (verified by audits)
  • Kill switch feature
  • DNS leak protection
  • Servers in multiple countries

Our recommendation: NordVPN offers all these features with a 30-day money-back guarantee. It consistently tops privacy audits and has excellent speeds.

3. Test for DNS Leaks

Even with a VPN, your DNS requests might leak to your ISP. This reveals every website you visit.

Action: Run our DNS Leak Test with your VPN connected. If you see your ISP's DNS servers, you have a leak.

DNS leak test showing no leaks detected
A clean DNS leak test: only VPN DNS servers visible

4. Block WebRTC Leaks

WebRTC is a browser feature that can expose your real IP address even when using a VPN. Most people don't know about this leak.

Action: Run our WebRTC Leak Test. If your real IP shows, install our free WebRTC Blocker extension.

WebRTC leak exposing real IP address
WebRTC leak: your real IP is exposed despite using a VPN

5. Disable IPv6 (If Your VPN Doesn't Support It)

Many VPNs only tunnel IPv4 traffic. If your device has IPv6 enabled, it might bypass the VPN entirely.

Action: Check if your VPN supports IPv6. If not, disable IPv6 in your network settings or enable IPv6 leak protection in your VPN app.

6. Use Encrypted DNS

Even with a VPN, using encrypted DNS adds another layer of protection. DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT) prevents anyone from seeing your DNS queries.

Recommended DNS providers:

  • Cloudflare: 1.1.1.1 (fast, privacy-focused)
  • Quad9: 9.9.9.9 (blocks malware domains)
  • NextDNS: Custom filtering + analytics

7. Check for Tor Exit Nodes

If you use Tor or suspect your IP might be flagged, check its status with our Tor Detection tool. Some services block Tor exit nodes.

Browser Privacy (Steps 8-13)

Your browser is a privacy nightmare by default. Trackers, cookies, fingerprinting—it's all designed to follow you. Here's how to fight back.

8. Install uBlock Origin

The best ad and tracker blocker. It's free, open-source, and doesn't slow down your browser. This single extension blocks most tracking.

Action: Install uBlock Origin from your browser's extension store.

9. Enable HTTPS-Only Mode

Force your browser to use encrypted connections only. This prevents man-in-the-middle attacks on public WiFi.

How to enable:

  • Firefox: Settings > Privacy & Security > HTTPS-Only Mode > Enable in all windows
  • Chrome: Settings > Privacy and security > Security > Always use secure connections
  • Edge: Settings > Privacy > Enhance your security on the web > Strict

10. Block Third-Party Cookies

Third-party cookies track you across websites. Modern browsers are blocking them by default, but verify your settings.

Action: Go to your browser's privacy settings and block third-party cookies. Or use a browser like Firefox or Brave that does this by default.

11. Use a Privacy-Focused Search Engine

Google tracks every search you make. Switch to a privacy-respecting alternative.

Alternatives:

  • DuckDuckGo: No tracking, good results
  • Startpage: Google results without tracking
  • Brave Search: Independent index, no tracking

12. Clear Browsing Data Regularly

Set your browser to clear cookies, cache, and history when you close it. This limits long-term tracking.

Action: Enable "Clear browsing data on exit" in your browser settings. Or use a tool like Cookie AutoDelete to automate this.

13. Consider a Privacy-Focused Browser

For maximum privacy, consider switching browsers entirely:

  • Firefox: Open-source, highly customizable, strong privacy defaults
  • Brave: Chromium-based, built-in ad blocking, Tor integration
  • LibreWolf: Firefox fork with privacy hardening pre-configured

Pro tip: Check out our guide on 10 Browser Extensions That Protect Your Privacy for more browser hardening tips.

Account Security (Steps 14-18)

Strong accounts are the second line of defense. Even if someone knows your email, they shouldn't be able to access your accounts.

14. Use a Password Manager

Stop reusing passwords. A password manager generates and stores unique passwords for every account.

Recommended options:

  • Bitwarden: Free, open-source, cross-platform
  • 1Password: Premium, excellent UX, family plans
  • KeePassXC: Offline, open-source, maximum control

15. Enable Two-Factor Authentication (2FA)

Add a second layer of security to all important accounts. Even if your password leaks, attackers can't get in without your 2FA code.

Priority accounts for 2FA:

  1. Email (most critical—it can reset all other passwords)
  2. Banking and financial accounts
  3. Social media
  4. Cloud storage (Google Drive, Dropbox, iCloud)

Important: Use an authenticator app (Google Authenticator, Authy, or your password manager). SMS-based 2FA is better than nothing, but can be bypassed via SIM swapping.

16. Review Connected Apps and Services

Over the years, you've probably connected dozens of apps to your accounts. Many of these have access to your data.

Action: Review and remove unnecessary connections:

17. Check for Breached Passwords

Your passwords may already be leaked in data breaches. Check and change them.

Action: Visit Have I Been Pwned and enter your email addresses. Change passwords for any breached accounts.

18. Use Unique Emails for Important Accounts

Consider using email aliases or different email addresses for different types of accounts. If one gets compromised, the others stay safe.

Options:

  • SimpleLogin: Free email aliases
  • Apple Hide My Email: Built into iCloud+
  • Firefox Relay: Free email masking

Social Media Privacy (Steps 19-21)

Social media companies profit from your data. Take back control with these settings.

19. Audit Your Social Media Privacy Settings

Every social platform has privacy settings buried in menus. Find them and lock them down.

Key settings to check:

  • Who can see your posts (public vs. friends only)
  • Who can find you by email/phone number
  • Location tagging permissions
  • Ad personalization settings
  • Data download and deletion options

20. Disable Ad Personalization

Stop platforms from building advertising profiles about you:

  • Google: adssettings.google.com
  • Facebook: Settings > Accounts Center > Ad preferences
  • Twitter/X: Settings > Privacy > Ads preferences

21. Limit What You Share

The best privacy setting is not sharing in the first place. Think before you post:

  • Don't share your location in real-time
  • Avoid posting photos with visible addresses or license plates
  • Be cautious with "getting to know you" quizzes (they harvest security question answers)
  • Don't overshare vacation plans publicly

Mobile Privacy (Steps 22-25)

Your phone knows more about you than any other device. It's always with you, always connected, always tracking.

22. Review App Permissions

Most apps request more permissions than they need. Audit and revoke unnecessary access.

Check permissions for:

  • Location: Does a flashlight app really need GPS?
  • Camera/Microphone: Only grant to apps that genuinely need them
  • Contacts: Rarely needed outside messaging apps
  • Photos: Grant access only when actually sharing

23. Disable Ad Tracking

Both iOS and Android have advertising IDs that track you across apps. Disable them.

How to disable:

  • iOS: Settings > Privacy & Security > Tracking > Turn off "Allow Apps to Request to Track"
  • Android: Settings > Google > Ads > Delete advertising ID

24. Use a Mobile VPN

Your phone connects to countless WiFi networks. Protect it with a VPN just like your computer.

Action: Install your VPN provider's mobile app and enable it, especially on public WiFi.

25. Enable Device Encryption

If your phone is lost or stolen, encryption protects your data. Modern phones enable this by default, but verify.

How to check:

  • iOS: Enabled by default when you set a passcode
  • Android: Settings > Security > Encryption (should show "Encrypted")

Common Questions About Digital Privacy

Do I really need all 25 steps?

No. Start with the network privacy section (steps 1-7)—that's where the biggest risks are. Then work through the others based on your time and threat model. Even completing half the list puts you ahead of most people.

Will this make the internet harder to use?

Some steps might cause minor inconveniences (logging in more often, occasional website breakage). But modern privacy tools are designed to be user-friendly. The trade-off is worth it.

I have nothing to hide. Why should I care?

Privacy isn't about hiding. It's about control. Your data is valuable—companies make billions from it. You deserve to decide who gets access to your life.

Is a VPN really necessary?

If you use public WiFi, want to hide your activity from your ISP, or access geo-restricted content—yes. A VPN is essential. Check our VPN Buying Guide for recommendations.

What about privacy on work devices?

Assume your employer can see everything on work devices. Use personal devices for personal activities. This checklist is primarily for your personal devices and accounts.

Conclusion

Privacy is a journey, not a destination. You don't have to complete this checklist in one day. Work through it at your own pace. Every step you complete makes you harder to track, harder to hack, and harder to exploit.

Start today with these three high-impact actions:

  1. Check your exposure at myip.foo
  2. Get a VPN like NordVPN
  3. Install uBlock Origin in your browser

Then run our DNS Leak Test and WebRTC Leak Test to verify your protection. Come back to this checklist whenever you have time to tackle more items.

Ready to start? Visit myip.foo to see your current exposure, then work through this checklist step by step. Your future self will thank you.

Here's to a more private 2026.