Level 1 Privacy: The Foundational
If privacy feels overwhelming, this is where to start.
You do not need advanced tools, technical knowledge, or a complete lifestyle overhaul to meaningfully reduce your exposure. In fact, a handful of simple changes can eliminate the majority of real-world risks—account takeovers, identity theft, and basic tracking.
This guide focuses on Level 1 Privacy: the highest-impact, lowest-cost actions that provide immediate protection without sacrificing convenience.
Level 1 Focus
Most privacy risks do not come from sophisticated attacks. They come from:
- Weak or reused passwords
- Compromised email accounts
- Excessive data sharing during signups
- Passive tracking through browsers
Step 1: Secure Your Accounts
The majority of account breaches happen because of reused, weak, or predictable passwords.
Hackers aren’t dumb. They know the most common passwords out there and they also know how people think. They know that someone who uses a password of Fido123 will likely also use Fido1234 if they have to update it to 8 characters.
That is why it’s important to have strong passwords that are:
- Long. At least 12 characters but the longer the better.
- Complex. Mixture of Letters, Numbers, Symbols
- Not Based on Personal Information. Do not include information like year of birth, pets names, children’s names, favorite sports teams, etc.
- Different from Prior Passwords: Each iteration of your password does not look like prior passwords. No Fido123, Fido 1234, Fido12345, etc.
Reusing passwords across can also expose you to risks. Does your email account have the same password as your bank account? Or worse, does a random fun site have the same password as your bank?
Any breach that happens can result in hackers using the information the obtain to seek out other places you use the same or similar passwords. For example, if they receive your username and password from a breach at www.reallyfungames.com, they might try to use those credentials or variations of those on other more important places to gain access.
What to Do:
- Use a password manager (e.g., Bitwarden, 1Password)
- Helps maintain passwords
- Generate strong passwords
- Generate unique, random passwords for every account
- Enable two-factor authentication (2FA) on all important accounts. Use authenticator apps over SMS when possible.
- Change important passwords regularly.
Why It Matters:
By maintaining strong, unique passwords for each account, a hacker cannot use credentials obtained from one place to access another. The password manager allows you to keep track of all of your unique passwords and update passwords quickly. If breaches do happen, they are limited to just the one account.
Most password managers cost less than $50 per year and are well worth the added security and time savings.
Password managers often raise an immediate concern: “Isn’t it dangerous to store all of my passwords in one place?” On the surface, that feels like a single point of failure—but in practice, it’s usually the opposite.
First, most people already do this. I’ve seen people with spreadsheet, notepads, or notes on their phones with all of their passwords. All of these are less secure than password managers.
Without a password manager, most people reuse passwords or create weak variations, meaning a single breach can unlock multiple accounts. A properly designed password manager encrypts your entire vault using strong, industry-standard encryption, with access protected by a single master password and often two-factor authentication. Even the provider typically cannot see your stored data. The real risk is not centralization—it’s poor security habits without centralization.
That said, the strength of this approach depends on safeguarding your master password and choosing a reputable provider; if those are compromised, access to the vault becomes possible. In other words, a password manager concentrates risk—but it also dramatically reduces the far more common and dangerous risk of widespread account compromise.
Step 2: Separate Your Email Usage
Your email address is the hub of your digital identity. If it’s compromised, everything connected to it is at risk.
A hacker who gains access can see who you talk communicate with, find out what institutions you use, learn your habits, your interests, and even mimic how you communicate. Often, a hacker will take time to learn what you do before implementing any scam.
What to Do:
- Create one email for financial accounts, and important logins.
- Do not use this for any other purpose.
- Do not provide it to anyone who does not fit into this category.
- The email address itself should be minimally identifiable. Rather than JohnAndSarahSmithMoney@gmail.com, use something like jsbigstuff@gmail.com
- Create a second email for personal communications.
- This is the email you share with family, friends, your child’s school or daycare.
- Create a third email for shopping, newsletters, rewards programs, or subscriptions.
- This is where you’ll receive all of the spam, marketing newsletters, and potential scams.
Why It Matters:
This limits exposure. If your shopping email is flooded with spam or compromised, your financial accounts remain insulated. Hackers won’t have access to your personal communications to learn about your personal life.
Email aliases allow you to create variations of your email address that still route to the same inbox. They are one of the most underutilized tools for improving privacy because they introduce traceability and segmentation without requiring multiple accounts.
An alias is not a separate inbox, it is a modified version of your email address.
Example:
- Base email:
johnsmith@gmail.com - Aliases:
johnsmith+amazon@gmail.comjohnsmith+bank@gmail.com
All messages still arrive in the same inbox, but each alias identifies where it was used.
If you start receiving emails from an insurance company that is using the email johnsmith+amazon@gmail.com, you’ll know that Amazon sold your information.
This process isn’t flawless as some companies can strip out the “+amazon” when storing your email which will defeat the purpose.
For more on how to address this, see Article on Email Aliases.
Not all email accounts need the same level of privacy or security. The key is aligning the provider with the purpose of the account. Depending on what level of security you are working towards, you will need to consider your email provider set up at this stage.
Mainstream email providers like Gmail or Yahoo may provide a convenient, user friendly, cheap option for mail but they are integrated into the company’s ecosystem and subject to the whims of that company.
Working within these ecosystem’s can be fine but if your ultimate destination is level 3 or above, you may want to consider other options including paying for a more privacy forward email provider and buying a custom domain.
Step 3: Be Selective With What You Share
Does sudoku.com need to know your date of birth or your real name in order for your to play their daily sudoku?
Most websites ask for more information than they actually need.
What to Do:
- Skip all optional fields (phone number, birthday, etc.)
- Substitute required, non-critical fields
- Personal identifiable information is needed for some businesses like financial institutions or your doctor’s office but not for gaming website, recipe websites, or newsletters.
- If sudoku.com wants to know your date of birth, just enter a random one.
- Avoid linking accounts (e.g., “Sign in with Google or Facebook”)
- Only provide required information—and nothing more
Why It Matters:
Every additional data point increases your ability to be tracked, identified, and targeted. Less shared data means fewer ways for companies (and attackers) to connect your identity.
Phone numbers are one of the most powerful identifiers tied to your identity. Unlike email, they are often:
- linked to your real name
- used across multiple services
- tied to carriers and public records
When a website requires a phone number, the goal is not just to provide one—it’s to control how that number is used and where it connects.
- financial accounts
- critical security recovery
- close personal contacts
Before entering a phone number, ask “Is it being used for security or convenience?”
This determines your approach.
A. Security-Critical Use (Provide Carefully)
Examples:
- Banking
- Investment accounts
- Password recovery for critical accounts
What to Do:
- Use your primary phone number
- Enable stronger alternatives where possible (authenticator app, security key)
- Avoid relying on SMS as the only recovery method
B. Non-Critical Use (Best Opportunity for Separation)
Examples:
- Retail accounts
- Delivery services
- Rewards programs
- Event registrations
What to Do:
- Use a secondary phone number instead of your primary
Step 4: Clean Up Your Browser Environment
A significant portion of data collection happens passively without you actively entering any information.
As you visit website, you’re welcomed by a little pop up. Because you’re in a hurry, you quickly hit accept and move on. But as you’re doing so, you’re picking up little trackers along the way that record what you look at, what you click on next, and where you go down the line. This information is recorded, consolidated, and passed on.
What to Do:
- Use a privacy-focused browser (Brave or Firefox)
- Install:
- Ad blocker
- Tracker blocker
- Clear cookies regularly or enable automatic deletion
Why It Matters:
These steps reduce how much of your browsing behavior is tracked across websites. The result is less targeted advertising, fewer tracking scripts, and a meaningful reduction in invisible
Step 5: Freeze Your Credit
This is one of the most powerful protections available.
What to Do: Place a credit freeze with all major credit bureaus Keep it frozen unless you are actively applying for credit Why It Matters: Even if someone has your personal information, they cannot open new credit in your name. It effectively shuts down one of the most damaging forms of identity theft.
What to Do:
- Place a credit freeze with all major credit bureaus. See Lock Down Your Credit: How Freezing It Can Protect You from Fraud – Gilbert Wealth
- Keep it frozen unless you are actively applying for credit
Why It Matters
Step 6: Avoid Storing Payment Information Everywhere
Saving your card for convenience increases exposure across multiple platforms.
What to Do:
- Avoid saving payment methods on retail websites
- Manually enter your card when possible
- Prioritize secure, trusted vendors when saving information is necessary
Why it Matters
If a retailer is breached, your stored payment data may be exposed. Limiting where your financial information lives reduces this risk.
Step 7: Reduce Loyalty Program Overload
Rewards programs are designed to track behavior.
What to Do:
- Be selective about which programs you join
- Avoid enrolling in every available rewards system
- Use your secondary email when you do enroll
Why it Matters
These programs build detailed behavioral profiles—what you buy, how often, and where. Reducing participation limits this data accumulation.
Putting It All Together
Level 1 is not about disappearing. It’s about stopping or reducing the ways your data gets out there and onto lists.
You do not need to be highly technical—or highly paranoid—to protect yourself. You just need to be slightly more intentional than the default.
In today’s world, the difference between being exposed and being protected is often just a handful of small decisions made upfront.