The normal baseline
The practical baseline route for most people: less tracking, stronger accounts, and better habits without immediately drifting into overkill.
The normal baseline
This is the practical start route for most people. Not maximum privacy, but the choices that give the biggest gains without making daily life heavier than it needs to be.
You do not need to do everything at once. You also do not need to switch phones, operating systems, or ecosystems first. For most readers, the biggest gains come from stronger accounts, less tracking, better defaults, and habits you can actually maintain.
Use this route if:
- you want less tracking and data-breach risk
- you want stronger account security
- you want better privacy without turning it into a hobby project
- there is no specific situation that clearly changes the advice
If work, family, healthcare, stalking, or targeted risk does change the advice, start with your situation.
What this route does and does not do
This route helps you:
- get your accounts and recovery points in order
- reduce everyday tracking in noticeable ways
- make safer communication choices
- make sure you can recover important data
This route does not pretend that everyone immediately needs Tor, GrapheneOS, Qubes, hardware keys, or a new phone. Those can make sense later, but only after the basics are solid and your situation actually justifies them.
The route in order
1. Protect your accounts first
Start with passwords and 2FA. For most people, that gives more value faster than a new browser extension or a new phone.
Why this comes first:
- your email account is often the recovery key for everything else
- reused passwords are still one of the biggest risks
- this is relatively easy to adopt and realistic to maintain
2. Reduce tracking on your device and in your browser
Only after that does it make sense to improve your defaults.
Choose the route that matches the device you already use. For most readers, using what they already have better is more realistic than switching phones or operating systems immediately.
3. Make your daily communication safer
Not every conversation needs extreme protection. But personal or sensitive communication usually does not belong in standard SMS or unencrypted backups.
4. Make recovery possible
A privacy route without a recovery plan is weak. If your phone fails, your password manager breaks, or you need account recovery, you should not be back at zero.
5. Only go deeper if it clearly adds something
Only then can you judge sensibly whether extra steps are worth it for you:
These are not mandatory baseline steps for everyone. Treat them as the next layer once the basics are in place.
What you can do today
If you only do three things today:
- install a password manager and start with your email account
- enable 2FA on your email account
- choose your browser or device route next instead of stacking random tools
That is not perfect privacy. It is a clearly better starting position.
When this route is not enough
Choose a situation route instead if:
- someone is specifically trying to monitor, control, or intimidate you
- you work with client data, patient data, source protection, or privileged communication
- work or study requires real separation between devices or identities
- family or children materially change how devices and accounts are shared
- you are responsible for business continuity or other people’s systems
If that is true, start with all profiles instead of stacking more onto this route.
What you do not need yet
For most people, these are not good first moves:
- switching operating systems immediately
- replacing every app
- jumping straight to Tor, Qubes, or heavy compartmentalisation
- buying hardware before your passwords, 2FA, and recovery plan are in order
If a measure adds a lot of daily friction, the gain should also be clearly higher. Otherwise it is usually not your best next step yet.
Next step
Stop here if:
- you use unique passwords
- 2FA is enabled on your important accounts
- your browser and phone basics are in reasonable shape
- you know how to recover your most important data