A Starter Guide to Protecting Your Data From Hackers and Corporations
Credit to Author: Matt Burgess, Sophie Johal, Michaela Neville| Date: Mon, 26 May 2025 10:30:00 +0000
With President Donald Trump’s return to the White House and the US government’s digital surveillance machine more powerful than ever, digital privacy should be top of mind. But the digital security world can be confusing—and there’s the larger question of why. You may think, if I’m just a regular person, why is my digital privacy important?
Then there are the practical questions. What’s the best password manager? How can you keep your digital life under wraps at the border? And what kind of VPN should you be using? Is AI scraping my data?
WIRED senior writer and security expert Matt Burgess spoke with readers in a Reddit AMA this month about the basics of keeping your digital footprint locked down. Here’s what to know and why it’s important.
What is your advice for a quick win in terms of improving digital security for the everyday person? Or for someone who isn’t tech-savvy?
I think the one big thing people can do to improve their security is make sure that multifactor authentication is turned on for as many online accounts as possible. That way if anyone gets access to your password or login details, they’ll also need to have another way to authenticate the login attempt (such as the codes generated by an authentication app), and it's highly unlikely that hackers will have access to that.
Other quick and relatively straightforward changes you can make are to use privacy-friendly browsers and search engines and to use a password manager (the one on your phone or browser is better than nothing at all) and create unique passwords for each service you use.
There are so many privacy tips out there, and it all feels important, but trying to do everything at once can be overwhelming. What are the things people should prioritize when making changes to their online habits?
Improving privacy is something that’s ongoing, and if you try to do everything at once then it’s too off-putting. Take it one small step at a time.
If I was starting now, I’d go with:
What’s a good non-US-based VPN?
Our favorite VPN at WIRED is currently Proton VPN, which is based in Switzerland. Proton VPN also offers the best free VPN. Unlike most services, ProtonVPN's free version gives full access to all the regular plan's features. It is limited to a single device, and there are only three server locations (Japan, Netherlands, and the US), but everything else is the same. If your needs are limited and you want to keep costs down, this is a good option. See our full guide to VPNs here.
How do I deal with having to have a new account for every service and website? Should I be using new email addresses?
A new email address for every account is a big undertaking! I’d recommend having an email address for the accounts that are most important to you and then having one that you use to sign up for things that are less important. There are also services that will let you create “burner” emails that you can use to sign-up with services, and if you use an Apple device there’s a “Hide My Email” setting.
What tips would you offer to those looking to keep their digital privacy while crossing the US border (or otherwise entering or exiting the States)?
It really depends on what levels of risk you as an individual could face. Some people traveling across the border are likely to face higher scrutiny than others—for instance nationality, citizenship, and profession could all make a difference. Even what you’ve said on social media or in messaging apps could potentially be used against you.
Personally, the first thing I would do is think about what is on my phone: the kind of messages I have sent (and received), what I have posted publicly, and log out (or remove) what I consider to be the most sensitive apps from my phone (such as email). A burner phone might seem like a good idea, although this isn’t the right idea for everyone and it could bring more suspicion on you. It’s better to have a travel phone—one that you only use for travel that has nothing sensitive on it or connected to it.
My colleague Andy Greenberg and I have put together a guide that covers a lot more than this: such as pre-travel steps you can take, locking down your devices, how to think about passwords, and minimizing the data you are carrying. It’s here. Also, senior writer Lily Hay Newman and I have produced a (long) guide specifically about phone searches at the US border.
Would you recommend against having a device like Alexa in your home? Or are there particular products or steps you can take to make a smart device more secure?
Something that’s always listening in your home—what could go wrong? It’s definitely not great for overall surveillance culture.
Recently Amazon also reduced some of the privacy options for Alexa devices. So if you’re going to use a smart speaker, then I’d look into what each device’s privacy settings are and then go from there.
How do you see people's willingness to hand over information about their lives to AI playing into surveillance?
The amount of data that AI companies have—and continue to—hoover up really bothers me. There’s no doubt that AI tools can be useful in some settings and to some people (personally, I seldom use generative AI). But I would generally say people don’t have enough awareness about how much they’re sharing with chatbots and the companies that own them. Tech companies have scraped vast swathes of the web to gather the data they claim is needed to create generative AI—often with little regard for content creators, copyright laws, or privacy. On top of this, increasingly, firms with reams of people’s posts are looking to get in on the AI gold rush by selling or licensing that information.
For the everyday person, I’d warn them not to enter personal details or sensitive business information! We also have a more thorough guide here.
Are personal data removal services worthwhile, or are they just another vector for data thieves?
Whether data removal services are worthwhile or not probably depends on where you are based in the world: I’m in Europe where there’s GDPR and stricter privacy laws, and when I have used a data removal service, it hasn’t turned up too much. But in the US, there’s no comprehensive federal privacy law—that really should change—and they may be more useful.
Much of what can be done by data removal services, you can also do yourself. Consumer Reports recently did a good evaluation of data removal services.
What is your preferred response for people who claim they have nothing to hide?
I think in a lot of cases when people claim they have nothing to hide, they often jump to thinking about illegal or malicious things. When in fact, privacy, for me, isn’t about “hiding” things at all. You should be able to have the space—both in the physical and digital world—to not be surveilled or have your actions tracked. People should be able to act without intrusion from others—that doesn’t mean you’re hiding anything, but you just don’t want to share everything you do with everyone (or anyone). And really that’s why privacy is considered a fundamental human right.
I actually like a lot of the answers that people sent in to Amnesty International about how they respond to the point of “not having anything to hide.”
With files from Scott Gilbertson.