You should access this site, and most websites, through a trusted VPN or Tor Browser.

See our recommendations for no-log VPNs here

Level 2

Upgraded Privacy

This level is for people who want meaningful compartmentalization. You may have sensitive work, a public-facing identity, a stalking concern, unwanted attention, or a serious need to reduce links between different parts of your life. Upgraded Privacy is where your setup moves beyond basic tools and into separation. The goal is to make it harder for companies, data brokers, people-search sites, casual investigators, merchants, apps, and weak account habits to connect your identities, devices, accounts, phone numbers, payments, locations, and routines. You are not trying to disappear completely at this level. You are building clean boundaries. Your personal life, work life, public-facing identity, shopping accounts, financial accounts, private communications, and sensitive activity should not all point back to the same email, phone number, browser profile, payment method, home address, device, and network.

Mindset

Separation matters more than tool collecting

The biggest mistake people make is installing privacy tools while still using the same identity everywhere. A VPN, password manager, secure browser, or encrypted messenger can help, but those tools do not solve identity crossover by themselves.

A compartment is only useful if the recovery paths are compartmentalized too. If five private accounts all recover to the same real email address or real phone number, they are still connected.

Baseline rule: separate browsers, emails, phone numbers, payments, devices, addresses, and recovery methods by purpose.

Before you continue

Take your time with Everyday Privacy first

Upgraded Privacy builds directly on Everyday Privacy. Do not rush into browser compartments, address aliasing, phone-number separation, virtual cards, data broker cleanup, or network changes before your basic setup is solid.

Make sure you already have unique passwords, stronger two-factor authentication, credit freezes, a better browser, Signal, a reputable VPN, and a privacy-respecting email provider in place. Those basics reduce the most common privacy and security failures before you add more complexity.

Start here first: read Everyday Privacy before moving through the rest of this guide.

Step 1

Separate browsers and browser profiles

Your browser carries cookies, login sessions, extensions, fingerprinting surface, and behavioral patterns. For upgraded privacy, do not use one browser or one browser profile for everything.

We recommend using Mullvad Browser for browsing where you do not need to log into personal accounts. It is especially useful for research, reading, searching, and visiting sites where you want strong anti-fingerprinting defaults without using the Tor network.

For accounts you do need to log into, create separate browser profiles by purpose. Banking should not share the same browser profile as shopping. Work should not share the same profile as personal browsing. Public-facing accounts should not share the same profile as private accounts.

You should also isolate services known for heavy tracking. Sites like Amazon, YouTube/Google, Meta/Facebook/Instagram, and other large tracking ecosystems should have their own browser profiles instead of being mixed into your normal browsing environment.

Recommended structure: Mullvad Browser for non-login browsing, separate browser profiles for banking, shopping, work, and personal accounts, and isolated profiles for high-tracking services. See our browser recommendations.

Step 2

Use separate email aliases and inboxes

Email addresses are durable identifiers. They are used for logins, password resets, receipts, breach data, marketing databases, account recovery, and data broker matching.

Your core login email should never be given to anyone. Treat it like infrastructure, not contact information. It should exist only to receive mail from aliases and manage your most important accounts.

Or even better, use Proton Mail aliases for your core aliases. Create one alias for friends and family, one for banking, one for work, one for medical accounts, one for important personal services, and so on. This keeps your true login email hidden while still giving you stable addresses for important categories.

Then use SimpleLogin for everything that is not a core contact. Create a different email alias for every account, merchant, newsletter, forum, app, and service. If one alias gets spammed, leaked, sold, or abused, you can disable it without changing your real inbox or your core aliases.

Recommended structure: hidden core login email, Proton Mail aliases for core categories, and SimpleLogin aliases for individual non-core accounts. SimpleLogin is included in Proton Unlimited. See our aliasing recommendations and email provider recommendations.

Step 3

Begin to compartmentalize phone numbers

Similar to your emails, your phone number should not be handed out everywhere. A phone number is a durable identifier that can connect accounts, people-search databases, data brokers, social apps, payment services, delivery accounts, and account recovery systems.

Avoid giving out your real phone number unless it is truly necessary. The more places your real number exists, the more exposure you create for SIM swapping, social engineering, account recovery attacks, spam, harassment, data broker matching, and unwanted identity linkage.

Start by separating phone numbers by purpose. Use one number for low-value services, one for one-off interactions, one for accounts that still require SMS, and keep your real number private wherever possible.

Recommended tool: MySudo. Prefer app-based 2FA or hardware security keys over SMS whenever possible.

Step 4

Separate payment relationships

Payment methods can connect accounts even when your email and phone number are different. Merchants, payment processors, subscription services, and breach datasets can all create links through reused card information.

Use virtual cards or separate payment methods when possible. Set merchant-specific cards, spending limits, and pause cards you no longer need. This reduces damage from breaches and makes it easier to identify which merchant leaked or abused your information.

This does not make purchases anonymous, but it does reduce the number of places holding your real card details. It also helps compartmentalize subscriptions, trials, one-off purchases, and low-trust merchants.

Recommended tool: Privacy.com. See our aliasing recommendations.

Step 5

Upgrade your mobile setup

Your phone is usually your most revealing device. It carries location history, contacts, photos, app identifiers, Bluetooth and Wi-Fi exposure, financial apps, messaging apps, account recovery channels, SIM data, and carrier relationships.

At the upgraded privacy level, you should begin separating mobile identity from your real-world identity where practical. That may mean using a prepaid SIM, a privacy-focused carrier like Cape, or a secondary number through MySudo depending on your threat model and what services you need to access.

Device choice matters too. GrapheneOS is our strongest mobile recommendation for people willing to use a supported Pixel. If you stay on iPhone, use a hardened iOS setup: remove unnecessary apps, restrict permissions, disable excess location access, reduce iCloud exposure, avoid unnecessary background services, and keep the device updated.

We will go deeper on mobile devices in the next level of privacy, because phones are where digital privacy, physical location, account recovery, carriers, and daily habits collide.

Recommended tools: GrapheneOS with Cape or prepaid SIM cards. Coming soon: Mobile Devices guide.

Step 6

Clean up old accounts

Old accounts are forgotten attack surface. They may contain personal information, old addresses, reused usernames, phone numbers, payment history, private messages, recovery emails, and passwords from weaker parts of your past setup.

Start deleting accounts you no longer need. For accounts you must keep, update the email alias, remove unnecessary phone numbers, turn on stronger 2FA, delete saved cards, remove old addresses, and change weak or reused passwords.

Good rule: if you would not create the account today, delete it or strip it down.

Step 7

Start data broker cleanup

People-search sites and data brokers can expose names, addresses, relatives, phone numbers, emails, property records, approximate ages, and other details that make online privacy much harder.

Manual removals are possible, but they take time and have to be repeated. Paid removal services can reduce the workload, but they are not magic and they do not remove every trace of you from the internet.

Options to research: EasyOptOuts, Optery, and manual opt-outs. Coming soon: Data Broker Cleanup guide.

Step 8

Reduce home network exposure

Your home network can reveal a lot about your household. Routers, DNS resolvers, smart devices, IoT products, streaming boxes, guests, and default ISP hardware can all create unnecessary exposure.

At this level, start with simple improvements: change router defaults, keep firmware updated, use a better DNS resolver, separate guest and IoT devices, remove devices you do not need, and avoid letting every device talk to every other device.

Good starting point: use a trusted DNS resolver and separate untrusted devices from your main devices. Full guide: Home Network Privacy.

Step 9

Separate address exposure

Digital privacy and physical-world privacy overlap. If your home address appears in domain registrations, shipping records, public records, business filings, breach data, people-search sites, and account profiles, your online setup has a physical-world weakness.

At minimum, stop giving your home address to every service. Be careful with domains, business registrations, warranties, returns, deliveries, public profiles, and anything that puts your real address into another database.

Consider using a virtual mailbox or remote mailbox for situations where you need a more compartmentalized mailing address. These services can receive mail and packages away from your home address, but you should read their policies carefully and understand the identity verification requirements before using them.

A local mom-and-pop mailbox or shipping shop can also be useful. In some cases, a local shop may offer a more practical, flexible, or private setup than a large national mailbox chain. The right choice depends on your location, threat model, budget, and how much mail or package handling you need.

Recommended tools: PrivacyPost, Americas Mailbox, WorldPost, or your local mom-and-pop mailbox/shipping shop. Coming soon: Address Privacy guide.

Bottom line

Upgraded privacy is about systems of separation

At this level, you are no longer only choosing better apps. You are building separate systems for browsers, emails, phone numbers, payments, mobile devices, accounts, networks, and addresses. The goal is to prevent one leak, one account, one merchant, one device, or one bad habit from connecting everything.

Continue to Serious Privacy