Many people ask me how to protect from data theft from Big Tech. This is a really important question, so I asked a digital security expert friend of mine. This is his (unedited) reply. Some of those are more directly actionable than others. I will regularly add to the list.

Use a *trustworthy* VPN for all devices like Mullvad or ProtonVPN (or tor/I2P for truly sensitive things) with reliable DNS protection (but also aware VPN has own risks, strictly only to mask your true IP + mask your web activity from your ISP + provide more secure internet when connected to public or unsafe networks).

Use Linux on desktop (or any open source privacy friendly version, just avoid MacOS, Windows and ChromeOS).

Use de-googled android (grapheneOS) on mobile. Neither Androids not iPhones are safe. A mobile phone is most invasive and privacy leaking device in our lives.

Delete all social media and big tech accounts.

Replace the services/apps one uses with open source/libre software alternatives. Email, contacts, calendar, cloud storage, apps on phone etc… Especially avoid any products or services by big tech (e.g. Google docs, Gmail, drive, youtube, search, Chrome, WhatsApp etc…).

Use privacy friendly web browser (recommend “brave” browser) with disabled telemetry and tracking blocking and fingerprinting resistance settings set to maximum.

Use privacy friendly search engine (duckduckgo is OK), do not use Google search, Microsoft Bing, etc.

Understand how internet and web infrastructure works (networking basics) as this is key to knowing how to manage own data trail and emissions. Key part is understanding that every single action taken in relation to internet or digital anything leaves a permanent record and digital trail of breadcrumbs. So to know how to get by using alias information when possible, and to be extremely judicious in providing any true personal data in any digital context. Doesn’t matter that one uses the most private and secure computer system if they just go and share their personal life story and details by posting such on the internet. Disclose as little as possible online, and if needed use false/alias data.

Use end to end encrypted and metadata minimising methods of online communication (e.g. Signal is not perfect but probably best balance between privacy/security and usability/widespread use).

Generally opt to use software and services that rely on well-implemented encryption technology and *end to end* and *zero knowledge* encryption wherever possible.

Do not use regular phone call or SMS (use secure WiFi call or message via secure apps instead).