10 privacy settings to change today
Ten free configuration changes that meaningfully improve your privacy in 30 minutes. Bookmark this list.
Stop browser tracking (uBlock Origin or Brave). Switch DNS to Cloudflare 1.1.1.1 or NextDNS. Enable strict tracking on Firefox or use Brave defaults. Disable mobile ad ID (iOS Settings → Privacy → Apple Advertising; Android Settings → Google → Ads). Enable Global Privacy Control. Turn off cross-site cookies. Audit OAuth-connected apps quarterly. Switch search to DuckDuckGo or Kagi. Use Signal or iMessage for sensitive chats. Set automatic OS and browser updates.
Key takeaways
- All 10 changes are free. Total time: about 30 minutes.
- The biggest single upgrade is switching browser to Brave or Firefox + uBlock Origin.
- Audit OAuth-connected apps every quarter; the list grows quietly.
- GPC is the modern 'do not track' — enable it everywhere.
- Auto-updates are unsexy but the highest-leverage security habit.
1. Install uBlock Origin (or use Brave)
Where: any browser → uBlock Origin extension; or just switch to Brave (built-in).
Time: 2 minutes.
Impact: blocks the majority of ad tracking, fingerprinting, and known malware domains. Free, open-source, no telemetry.
2. Switch to a privacy-respecting DNS
Where: device or router DNS settings.
Time: 5 minutes.
Options: Cloudflare 1.1.1.1, Cloudflare 1.1.1.3 (with malware/adult filter), NextDNS (most configurable), Quad9.
Impact: ISP can no longer log your DNS queries. Combined with HTTPS, makes your browsing much harder to monitor passively.
3. Enable Global Privacy Control (GPC)
Where: browser settings.
Brave: on by default. Firefox: about:config → privacy.globalprivacycontrol.enabled = true. Chrome: install GPC extension.
Time: 1 minute.
Impact: signals every website you visit that you opt out of data sale. Legally binding in California and Colorado; many other companies honor it voluntarily.
4. Turn off mobile ad tracking IDs
iOS: Settings → Privacy & Security → Apple Advertising → Personalized Ads off.
Android: Settings → Google → All services → Ads → Delete advertising ID.
Time: 30 seconds.
Impact: app developers can no longer link your in-app behavior across apps via your ad ID.
5. Audit your OAuth-connected apps
Where: Google: myaccount.google.com → Security → Third-party apps with account access. Microsoft: account.microsoft.com → Privacy. Facebook: settings → Apps and Websites.
Time: 10 minutes.
Impact: removes long-forgotten apps that retain access to your data. Re-do this quarterly.
6. Switch your default search engine
Where: browser settings.
Options: DuckDuckGo (free, simple), Kagi (paid, no ads), Brave Search (free, integrated with Brave).
Time: 1 minute.
Impact: stops Google from logging every query you make. Search quality varies; try a week before deciding.
7. Use Signal or iMessage for sensitive conversations
Where: install Signal app (free, cross-platform); iMessage on Apple-to-Apple is encrypted by default.
Time: 5 minutes.
Impact: end-to-end encryption means your conversations can't be read by your carrier, the app provider, or law enforcement absent device access. Avoid SMS for sensitive content — it's not encrypted.
8. Block third-party cookies and cross-site tracking
Where: browser settings.
Chrome: Settings → Privacy and security → Cookies → Block third-party cookies. Firefox: Strict tracking protection. Safari: on by default.
Time: 1 minute.
Impact: stops most ad-network cross-site profiling.
9. Enable automatic OS and app updates
Where: system settings on every device.
Time: 2 minutes per device.
Impact: closes security holes within hours of patches being released. The single biggest factor in personal cybersecurity hygiene.
10. Set up a password manager (if you haven't)
Where: install Bitwarden (free), 1Password ($36/year), or Proton Pass (free with Proton suite).
Time: 30 minutes for initial setup; ongoing benefit forever.
Impact: unique strong passwords across all accounts; phishing-resistance via domain-matched autofill; recovery on lost devices via cloud sync.
Frequently asked questions
Will this break websites I use?
Occasionally. Some sites detect ad-blockers; a few break with strict tracking protection. Whitelist on a per-site basis when needed.
Is this enough or do I need a VPN?
These 10 cover most consumer-grade tracking. Add a VPN if your threat model includes ISP surveillance, public Wi-Fi use, or geographically-restricted access.
Are paid options like Kagi worth it?
If search results matter for your work, yes — Kagi has no ads and lets you customize ranking. For casual search, DuckDuckGo free is sufficient.
Does this work on my work device?
Some changes (DNS, browser switch) may conflict with workplace security tools. Apply on personal devices first; for work devices, follow your IT policy.
Should I do all 10 today?
You can. Or do 2-3 a week — the changes compound. The most important: 1, 4, 9, 10.
Sources & further reading
We cite primary sources whenever possible. Below is the reference list relevant to this category. Specific facts in this article are checked against vendor documentation and the sources we link to inline.
Related guides
Encrypted Messaging Apps Compared (Without the Drama)
Signal, WhatsApp, iMessage, Telegram — what they actually encrypt, and from whom.
Read article → Privacy ToolsBrowser Privacy Settings: A Quick Tune-Up Guide
Ten minutes in your browser settings cuts the majority of casual tracking.
Read article → Privacy ToolsCookies, Trackers, and Fingerprinting Explained
Three different ways the web identifies you — and why blocking only one isn’t enough.
Read article →