All I want for Christmas is my digital privacy back

Santa hands in white gloves with red sleeves and white fluffy cuffs seen from above, typing on a laptop, surrounded by small Christmas ornaments
(Image credit: Melpomenem via Getty Images)

What’s on your Christmas list? The new iPhone 15? Grown-up Lego? Some new socks without holes in them? Well, I certainly wouldn’t say no to any of those, but – as lame as it sounds – the top of my list is regaining my privacy online. 

While it's more of a gift to myself, I'm aware that even as the VPN Editor at Tom’s Guide, I still take risks online. In the rush of wanting to access what I want to read, sometimes I don’t take the time to check what cookies I’m consenting to. I probably post too much on social media. There’s definitely more about me online than I’d really like.

So, here I’m running down some simple steps that I’ve taken, and am going to take, to further increase my privacy – and, by all means, feel free to spread the festive cheer by doing the same. OK, now that’s a bit of a stretch…

Check your social media permissions

This one's super simple, and you may well have it down pat already, but it’s one of the most important things to do if you’re concerned about your online privacy. It’s the one thing I’m most worried about when it comes to my online presence.

In short, anything you put on your social media that’s marked as "public" – be it Facebook, Instagram, LinkedIn, X, TikTok, or anything else – really is just that. It can be seen by anyone on the internet, and someone with any interest might be able to find out quite a lot more about you than you expect.

social media app shortcuts shown off on an iphone

(Image credit: Pexels)

Location history, qualifications, interests, where you live, and even your daily routine could be deduced, so simply limiting your posts to just your friends, or only making your profile visible to those you’ve accepted are great choices.

Beyond this, there are also tons of settings you may not have ever seen before. Most social media sites allow you to opt out of targeted advertising, and while these sites are some of the worst offenders in this regard, there are often steps you can take to limit data harvesting. What’s more, all it takes is a quick look through the options. The best things in life really are free!

Use a VPN

Although VPNs aren’t a silver bullet for complete online privacy, they’re a great place to start when trying to protect your personal information. By encrypting everything you do online, the best VPNs make it impossible for anyone looking at your activity to work out what you're actually doing.

While that could be a malicious hacker, most of the time you’re simply protecting yourself from your internet service provider. Your ISP can see everything you do online, probably sells your preferences to advertisers, and in some cases even blocks or censors online content. That's before you even factor in slowing down your internet if it sees you gaming or torrenting online.

ExpressVPN on a range of devices

(Image credit: ExpressVPN)

By using a VPN you’ll be able to avert their prying eyes and access a freer internet on top of that. Plus dedicated streaming VPN services can unblock extra content on Netflix, and access sites like BBC iPlayer anywhere in the world. 

My guide to the best VPN services outlines the top providers right now, and there are plenty of options for all different uses and budgets. Just remember that not all VPNs are created equally, and even the best free VPNs come with restrictions, and so many of the services that claim to be "totally unlimited" are just outright scams looking to sell your data and provide a false sense of security. 

I've included a quick price comparison of my top picks below:

Check and change data sharing in mobile apps

iPhone users will no doubt be familiar with the "Allow app to track your activity across apps and websites" popup that displays when you install something new. A godsend for privacy fans, this not only requires positive action to consent to tracking, but has also raised awareness of what virtually every app is doing behind the scenes.

However, Android isn’t quite as strict on this, and depending on your settings you may end up allowing apps to access everything they ask without realizing it. A good place to start is Google's own guidelines for an overview of how to change these settings.

There are a couple of ways to check up and change app permissions on Android. For individual apps, you can head to settings, then apps, then permissions. This lets you see what a particular app can do, and you can change these to whatever you want.

You can also check up on permissions based on type – maybe what apps have access to your calendar or location.

On Android: head to Settings, then Security and Privacy, then Privacy, and then Permission Manager. Check and change them as you see fit.

On iPhone: it’s much the same – just head to Settings, then Privacy and Security, and then you can check pretty much everything that you have permitted over the life of your device. Make sure that’s all up to scratch, and adjust anything that isn’t.

Santa Claus touching a smartphone at christmas at home in the living room

(Image credit: ljubaphoto via Getty Images)

Create unique passwords every time

The humble string of characters you call your password is arguably the most important thing when it comes to stopping people from accessing your information online. If someone has one of yours, there’s no sophisticated hack or data collection necessary – they can walk right through the door.

That’s why using a unique password for every single thing you create an account for online is essential.

Size matters

Remember: longer is always better with passwords. I recommend using three words as a passphrase with numbers, capitals, and symbols thrown in for added complexity. For more information, check out Hive's study of password security.

Think of it like this. You might not really care about an account you made when you were buying a candle as a Christmas present, but if that candle website is hacked, and you used the same password and email combination that you use for your Facebook, anyone with that info can access your Facebook. Then, they can use that to access any site or app you’ve used your Facebook to sign in with. That’s less than ideal.

Obviously, you can’t remember dozens, hundreds, or possibly even thousands of complex unique passwords, so setting up a password manager that’s linked across all your devices is the best – and really only – way of keeping up good password hygiene. 

There are tons of good ones out there to pick from, including 1Password, Dashlane, and LastPass. If you’re setting yourself up with a VPN as well, both ExpressVPN and NordVPN offer their own password managers, which are definitely worth considering.

Use the law to your advantage against data brokers

The last item on my list is a little different, but is only becoming more pertinent in the world we live in today. 

Data brokers are companies that collect and hold onto your personal data, and then sell that data to other companies who want to target their advertisements or content towards a certain demographic.

While many of us take some form of tracking for granted now, when you consider the amount of data these companies hold – often full name, phone number, email address, age, gender, and so much more – it can be very disconcerting.

The good thing is that these companies are also required by GDPR law to delete your data if you request so – so you can take the fight to them and get proactive in clawing back your digital privacy.

watch ufc fight night woodley vs burns live stream

(Image credit: Jeff Bottari/Zuffa LLC/Zuffa LLC/Getty Images)

Unfortunately, finding out what companies to contact and how to do so effectively can be a mammoth task. Thankfully there are services out there that can do this for you. Incogni (developed by the popular VPN provider Surfshark) and DeleteMe are two of the most popular, and both are fairly priced. Sign up to one of these and you should see a marked decrease in spam emails and scarily accurate targeted ads.

Be aware, however, that if you stop your subscription, data brokers can and will begin to build up a profile on you again. So, it’s certainly not a losing battle, but definitely an ongoing one.

Bottom line

Whether you picked up some new devices this year, or simply want to take back some of the privacy we all feel we’ve lost in the last decade, there are tons of ways to improve your online experience. 

Thankfully none of my suggestions cost the world, and even if you choose to only action one or two, you’ll be doing yourself a massive favor.

Now, where was I? Ah, yes, trying to build this Lego Millennium Falcon without looking at the instructions. Happy holidays, everyone!


We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

Mo Harber-Lamond
VPN Editor

Mo is VPN Editor at Tom's Guide. Day-to-day he oversees VPN, privacy, and cybersecurity content, and also undertakes independent testing of VPN services to ensure his recommendations are accurate and up to date. When he's not getting stuck into the nitty-gritty settings of a VPN you've never heard of, you'll find him working on his Peugeot 205 GTi or watching Peep Show instead of finally putting up those shelves.