INTELREAP
Privacy Guide

How to Protect Your
Privacy Online

Most online privacy guides bury the practical steps under theory. This one does not. You will find the specific tools, settings, and decisions that actually move the needle — along with honest assessments of what each one covers and where it falls short, so you can build a layered approach that fits how you actually use the internet.

Loading…
4.9★satisfaction
290+ data pointsper scan
13 intelligence panelsper report
Zero data storedprivacy first
Quick Answer

Online privacy is not one setting or one tool — it is a stack of overlapping protections, each covering a different tracking vector

Start with the highest-impact steps: a password manager with two-factor authentication on every account, a browser that blocks trackers by default, and DNS-over-HTTPS to encrypt your DNS queries. Add a reputable paid VPN if your ISP or network environment is a concern. Reduce your browser fingerprint using Firefox or Brave. On mobile, audit app permissions quarterly. None of these alone is sufficient — together they close the most common tracking and exposure vectors without requiring a significant change to how you use the internet.

01 Why Online Privacy Is Harder Than It Used to Be

Ten years ago, blocking cookies was a meaningful privacy step. Today, tracking systems have evolved well beyond cookie dependence. Browser fingerprinting identifies you from hardware and software signals without storing anything on your device — your browser's GPU renderer, screen resolution, and audio processing behaviour combine into an identifier that persists even after you clear your history. Third-party cookies are being phased out across browsers, but the advertising industry has already moved to fingerprinting and cohort-based targeting as replacements.

At the same time, the number of tracking vectors has increased. Your IP address, ISP, and approximate location are visible on every connection. Your DNS queries — the lookups your browser makes before it even connects to a site — are often unencrypted and visible to your ISP and network operator. Mobile apps request permissions far beyond their core function and share data with dozens of third-party SDKs running inside them. Account-based tracking by major platforms follows you across every site where their code is embedded, regardless of your IP or device configuration.

None of this means privacy is hopeless. It means the approach has to be layered — different tools covering different vectors — and the decisions have to be informed by what each tool actually protects against. That is what this guide covers.

02 Start Here — Know What You Are Already Exposing

Before adding any privacy tools, it is worth knowing your current baseline. Most people are surprised by the specific detail their browser exposes on every site visit — not just an IP address, but an ISP name, approximate city, connection type, VPN or proxy status, GPU model, screen configuration, and browser fingerprint signals, all readable by any site without any permission prompt.

IntelReap reads these signals and shows you exactly what your connection exposes to the websites you visit — your public IP, ISP, routing path, and the full set of identifiers your browser transmits. Running this before making any changes gives you a precise starting point, so you can measure whether the steps you take are actually reducing your exposure rather than guessing.

The baseline check matters: Many people add a VPN and assume they are now private, when in reality their browser fingerprint, account sessions, and DNS queries are still fully visible. Knowing the specific vectors you need to address is more useful than applying generic advice.

03 VPNs — What They Protect and What They Do Not

A VPN does three things: it replaces your public IP address with the VPN server's IP, it encrypts traffic between your device and the VPN server so your ISP cannot read it, and it changes your apparent geographic location. These are genuinely useful protections. Your ISP cannot log your browsing destinations. Websites see the VPN server's IP instead of yours. Surveillance at the network level — by your ISP, a public Wi-Fi operator, or a network-level monitor — cannot read your traffic content.

What a VPN does not do is equally important to understand. It does not prevent browser fingerprinting — your GPU renderer, screen resolution, and installed fonts are identical whether the VPN is active or not. It does not clear cookies or account sessions. It does not prevent tracking by platforms where you are logged in. And it shifts trust rather than removing it: your VPN provider can see your traffic in place of your ISP. Choose a provider with an independently audited no-logs policy, not just a self-declared one. For a full breakdown of the limits, our guide on what a VPN actually changes about your connection covers each vector specifically.

04 Your Browser Is the Biggest Privacy Variable

Your choice of browser and how you configure it matters more than almost any other single decision. The default configurations of Chrome, Edge, and Safari permit significant third-party tracking. Firefox and Brave are meaningfully better out of the box, and they are meaningfully better still with a few targeted settings changes.

Firefox — most configurable

In Firefox, go to Settings → Privacy & Security and set Enhanced Tracking Protection to Strict. Enable DNS over HTTPS in the Network Settings section. In about:config, set privacy.resistFingerprinting to true — this normalises many fingerprinting signals to standard values. Install uBlock Origin from the Firefox Add-ons store; in its settings, enable the Extra lists including uBlock filters — Annoyances and EasyPrivacy. These three changes together block the vast majority of third-party trackers and significantly reduce your fingerprint entropy.

Brave — least configuration required

Brave blocks third-party ads and trackers by default with no extension needed, and its Shields feature includes fingerprint randomisation — introducing slight variation in canvas, WebGL, and audio fingerprint outputs on each session. Go to brave://settings/shields and confirm Fingerprinting is set to Standard or Strict. Enable Brave's built-in VPN or configure DNS-over-HTTPS under brave://settings/privacy. For most users Brave requires the least setup to achieve a strong privacy baseline.

Chrome and Edge — possible but limited

Both support extensions including uBlock Origin, which provides significant tracker blocking. But neither browser offers fingerprint resistance, and both have built-in telemetry and data collection that cannot be fully disabled by the user. They are meaningfully less private than Firefox or Brave even with the best extension configuration, because the underlying engines are designed for a different set of trade-offs.

05 Passwords and Accounts — The Most Overlooked Privacy Problem

Most real-world privacy breaches that affect ordinary people are not surveillance events. They are compromised accounts — usually from a reused password exposed in a data breach at one service being tested against other services automatically. This is called credential stuffing, and it is vastly more common than targeted tracking or ISP surveillance for most individuals.

A password manager solves this completely. Use a unique randomly generated password for every account — the manager stores and fills them, so the memorisation burden is zero. Bitwarden is free, open source, and independently audited. 1Password and Dashlane offer polished paid alternatives. Beyond the password manager, enable two-factor authentication on every account that supports it — especially email, banking, and social media accounts. A hardware key (YubiKey) is the most phishing-resistant form; an authenticator app (Aegis on Android, Ente Auth on iOS) is a solid middle ground. SMS-based 2FA is better than nothing but vulnerable to SIM-swapping attacks.

06 DNS Privacy — The Tracking Vector Most Guides Skip

Every time your browser loads a website, it first sends a DNS query to look up the site's IP address. By default this query travels in plain text, visible to your ISP and any network operator between you and the DNS resolver. Your ISP can log every domain you visit from a DNS record alone — without needing to decrypt any of your HTTPS traffic.

DNS-over-HTTPS (DoH) encrypts these queries and sends them to a resolver of your choice rather than your ISP's default. In Firefox it is in Settings → General → Network Settings → Enable DNS over HTTPS. In Chrome it is in Settings → Privacy and security → Security → Use secure DNS. Cloudflare's 1.1.1.1 is the most widely used privacy-focused resolver; NextDNS offers more control including per-device filtering rules and query logging you control. Neither charges for basic use. This is a five-minute change that closes a tracking vector most privacy guides do not even mention.

07 Mobile Privacy — What Most Guides Miss

Mobile devices introduce tracking vectors that desktop browsers do not face. Apps can request background location access, access to contacts and photos, and persistent identifiers like the advertising ID — all of which browsers cannot access. The advertising ID (IDFA on iOS, GAID on Android) is a platform-level identifier that ad networks use to link your behaviour across apps, and it is not affected by VPNs or browser settings at all.

On iOS, go to Settings → Privacy & Tracking and disable Allow Apps to Request to Track. This prevents apps from accessing the IDFA entirely. Go to Settings → Privacy & Security → Location Services and review every app's location permission — set all non-essential apps to Never or While Using. On Android, go to Settings → Privacy → Ads and delete your advertising ID. Review app permissions in Settings → Apps → select each app → Permissions, and revoke anything that is not essential to the app's function. These steps reduce mobile tracking more than any VPN or browser change because they address the vectors that are unique to the mobile environment. If you want to see exactly which network-level signals your own device exposes once you are back on a desktop or laptop connection, our guide on finding the IP address of any device on your network is a useful companion reference.

Security Intelligence

See Your Full Privacy Exposure Right Now

IntelReap's Security panel analyses your connection and browser for privacy leaks, tracking exposure, VPN detection status, and security signals — showing you the complete picture of what you are exposing on every site visit, free and in-browser.

08 The Privacy Stack — A Layered Approach That Actually Works

Privacy is not a single setting. Every tracking vector requires a specific countermeasure. Here is the layered stack in priority order — start at the top and work down, since the higher entries have the largest impact per unit of effort.

Privacy protection tools and settings ordered by impact, covering the tracking vectors each one addresses
Layer Tool / Setting Protects Against Does NOT Protect Against Cost
1 — Accounts Password manager + 2FA Credential stuffing, account takeover Tracking, fingerprinting Free (Bitwarden)
2 — Browser Brave or Firefox + uBlock Origin Third-party trackers, ad networks, some fingerprinting IP tracking, DNS logging, account tracking Free
3 — DNS DNS-over-HTTPS (Cloudflare / NextDNS) ISP DNS logging, DNS-based tracking IP tracking, fingerprinting, account tracking Free
4 — IP / Network Paid VPN (audited no-logs) ISP traffic visibility, IP tracking, geolocation Fingerprinting, cookie tracking, account tracking Paid (~£3–8/mo)
5 — Fingerprint Firefox resistFingerprinting / Brave Shields Canvas, WebGL, audio fingerprinting IP tracking, account tracking, DNS logging Free
6 — Mobile IDs Disable advertising ID + audit app permissions Cross-app advertising tracking, background data collection Browser tracking on mobile, account tracking Free
7 — Email Email aliases (SimpleLogin / Apple Hide My Email) Email-based tracking, spam, data breach exposure Account tracking, browser fingerprinting Freemium
VPN & Proxy Detection

Check Whether Your VPN Is Actually Protecting You

IntelReap's VPN & Proxy panel analyses your connection and reports whether it appears as a VPN, data centre, proxy, or residential IP — exactly what websites see. If your VPN is leaking your real identity, this will show it.

Logic

No single privacy tool closes all tracking vectors. The goal is layered coverage — each tool addressing a specific vector the others do not touch — not the illusion of complete invisibility from one setting.

Methodology

This guide draws on EFF privacy research, Mozilla Foundation browser privacy documentation, GDPR and CCPA regulatory guidance, independently audited VPN provider reports, and live browser signal data reviewed across multiple device and browser configurations.

Sources & References
Share This Guide

Frequently Asked Questions

Twelve questions on online privacy — VPNs, browsers, incognito mode, tracking, DNS, mobile privacy, and the tools that actually make a difference.

Use a password manager and enable two-factor authentication on every account that supports it. This addresses the most common real-world privacy breach vector: compromised accounts from reused passwords. A password manager generates unique credentials for every service; 2FA ensures a stolen password alone is not enough to access the account. The impact of these two steps exceeds any VPN or browser change for most people.
Partially. A VPN hides your IP from websites and encrypts traffic from your ISP — so your ISP cannot log your browsing destinations. It does not protect against browser fingerprinting, cookie tracking, account-based tracking, DNS leaks (unless the VPN handles DNS), or malware. It also shifts trust to the VPN provider. It is one layer in a broader approach, not a complete solution.
Brave and Firefox with privacy settings enabled offer the best balance of privacy and usability. Brave blocks trackers and fingerprinting by default with no extension needed. Firefox with uBlock Origin, resistFingerprinting enabled, and DNS-over-HTTPS configured matches Brave's protection level. The Tor Browser is the strongest but significantly slower and blocked by some sites. Chrome and Edge in default configurations do relatively little to prevent tracking.
Yes. Incognito mode prevents your browser from saving local session data but does not change what websites see about your connection. Your IP address, browser fingerprint, and hardware signals are identical in incognito mode. Fingerprinting systems can link incognito and regular sessions from the same device. Incognito is useful for preventing local tracking on a shared device — not for preventing server-side tracking.
Use Brave or Firefox with uBlock Origin to block third-party trackers. Enable DNS-over-HTTPS to prevent DNS-based tracking. Use a VPN to mask your IP. Enable Firefox's resistFingerprinting or Brave's Shields for fingerprint resistance. Accept that account-based tracking by platforms where you remain logged in cannot be blocked by any of these tools — logging out or using a separate browser profile for those services is the only countermeasure.
DNS-over-HTTPS encrypts the domain lookup requests your browser sends before connecting to any website. Without it, these queries travel in plain text and are visible to your ISP and network operators — giving them a log of every domain you visit even if all your web traffic is HTTPS. Enable it in Firefox via Settings → General → Network Settings → Enable DNS over HTTPS. Use Cloudflare 1.1.1.1 or NextDNS as the resolver. It is a five-minute change that closes a significant privacy gap.
Modern HTTPS encryption means public Wi-Fi does not expose the content of your web browsing to other users on the network. But public networks can expose unencrypted app traffic, make your device visible to local network scanning, and facilitate captive portal attacks. Using a VPN on public Wi-Fi encrypts all traffic before it leaves your device, providing meaningful protection. Avoid accessing sensitive accounts on public networks without a VPN active.
Use a unique strong password and enable 2FA. Set your profile to private where available. Audit third-party apps connected to your account and revoke access to any you no longer use — they retain data permission indefinitely otherwise. Avoid posting your full date of birth, home address, or phone number in publicly visible profiles. Review advertising data settings and opt out of personalised ad targeting where the platform allows.
Security prevents unauthorised access to your accounts and data — strong passwords, 2FA, and up-to-date software address this. Privacy controls who can observe and track your behaviour — VPNs, tracker blocking, and fingerprint resistance address this. They overlap but serve different goals: you can have strong security on an account while being heavily tracked by advertisers, and you can have good tracking protection while using weak passwords that put your accounts at risk.
Use IntelReap's intelligence panels — they read and display your public IP, ISP, network routing path, browser fingerprint signals, GPU renderer, hardware concurrency, screen configuration, and VPN and proxy detection status. This gives you a precise picture of what you expose on every site visit, which is the starting point for knowing what to actually protect rather than applying advice blindly.
The most impactful privacy steps are free: Firefox or Brave, uBlock Origin, Bitwarden password manager, DNS-over-HTTPS via Cloudflare 1.1.1.1, and 2FA via a free authenticator app. The one area where paying makes a meaningful difference is VPNs — free VPN services often monetise through data collection, which defeats the purpose. If you use a VPN, choose a paid provider with an independently audited no-logs policy.
On iOS: Settings → Privacy & Tracking → disable Allow Apps to Request to Track, then review Location Services and set non-essential apps to Never. On Android: Settings → Privacy → Ads → delete your advertising ID, then audit app permissions individually. Enable private Wi-Fi address (MAC randomisation) in Wi-Fi settings. Use a privacy-focused mobile browser. Apply a VPN on public Wi-Fi. These steps address the mobile-specific tracking vectors that browser and VPN settings alone do not reach.

Privacy Question Not Covered Here?

Ask about any privacy tool, setting, or tracking vector you want to understand better. We respond within two business days.