Safe Browsing Check.
SAFE BROWSING CHECK · PRIVACY Ten privacy tips. Three do the work. Skip the rest. Lock two accounts. Shrink one file. Cover one connection. Private mode and cookie pop-ups barely move anything.

Most Privacy Advice Is Busywork

By Marta Lane · Updated April 10, 2026 · 4 min read

Somewhere in your saved articles is a list. “10 ways to protect your privacy online.” You did the easy ones months ago: a private browsing window here, a “Reject All” there. The other eight items sit in the queue, quietly judging you.

The list has a flaw, and the flaw is not you. Every item on it looks the same size. One takes a minute and protects almost nothing. Another takes ten minutes and protects almost everything. Nothing on the page tells you which is which.

Privacy protection is lopsided. For an ordinary person, a few moves carry nearly all the weight, and several of the most famous ones barely register. Tell those two groups apart and the whole subject shrinks from a guilty backlog to one short afternoon.

Even the government keeps its list short. When CISA, the federal cybersecurity agency, tells regular people how to stay safe, it names four behaviors: strong passwords, a second login step, spotting phishing, and letting your software update. Four items, for the whole of online safety. The privacy core is smaller still: three moves.

Move one: lock the accounts that unlock the rest

Your email and your bank. Email first, because a stranger inside it can press “Forgot password?” on nearly everything else you use and collect the reset links. Give each account a strong password used nowhere else, then turn on the second login step, the code from your phone.

CISA’s own page reports that the most common password in the country is still 123456, and that using MFA, that second step, makes you 99% less likely to be hacked. That figure is the federal cyber agency’s own, on a page that sells nothing. Our guide to the three habits behind almost every break-in walks through the move in plain steps.

Move two: shrink the file strangers keep on you

Data brokers collect facts about you — age, address, income, the health topics you read about — and sell them to whoever pays. The FTC has been documenting the trade since 2014. That file is why a scam call can open with your name, your town, and the name of your bank.

You can shrink the file, and the order you work in decides whether the shrinking sticks. Start with what’s actually in it, then follow the removal order that works, source first.

Move three: cover the connection you don’t control

Public Wi-Fi is safer than the warnings suggest. The FTC itself says that with most websites now encrypted, connecting through a public Wi-Fi network is usually safe. Two things survive that reassurance: a fake network wearing the café’s name, and the fact that whoever runs a network can watch which sites you visit. At home, the watcher is the company you pay for internet. The FTC looked at six major providers and found them collecting far more than customers expect, some sharing real-time location with third parties.

So the move is narrow. On networks you don’t control (hotels, airports, the café), turn on a VPN; the one Wi-Fi risk that’s real explains why. At home, the question is your provider, and it’s a calmer decision you can make once.

If you’d rather one tool cover several of these surfaces at once, Total VPN bundles the VPN with an ad blocker and an antivirus in one app. It can’t shrink a broker file and it won’t set up your second login step — the first two moves stay yours — but it does keep the connection layer handled without your attention.

The famous moves that barely move anything

Three regulars from the ten-item lists, weighed honestly:

Each one is fine to do. Each one is also small, and the lists dress them up as protection. Spend the energy on the three moves first; come back to these when they cost you nothing.

Most privacy advice is busywork On a 10-item list, three moves carry nearly all the weight. THE THREE THAT CARRY THE WEIGHT Lock your email and bank — turn on 2FA Shrink your data-broker file Cover the connection you don't control (VPN) THE FAMOUS FEW THAT BARELY MOVE ANYTHING Open a private browsing window "Reject All" on cookie banners Clear your browser history Switch to a "private" search engine Read the privacy policies Adjust every social-media setting Delete cookies every week A representative list — the three marked moves are the ones that carry the weight. THE MOVE — do the three; skip the rest Lock the two master accounts, shrink the broker file, cover the connection you don't control. Then let the rest of the list go — guilt-free.
A representative 10-item list, ranked. The three marked moves carry nearly all the weight; the greyed items are the famous low-leverage ones (the article weighs private browsing, “Reject All”, and clearing history). Do the three; let the rest go.

Do these few, then stop

Lock the two master accounts. Shrink the broker file. Cover the connection where the network is someone else’s. That’s the work — one afternoon, spread out however you like.

Then let the rest of the list go. Skip item six without guilt. Read the others if they interest you, do them if they’re free, and remember which group they belong to. The guilt was doing even less for you than the incognito window.

And if you’re wondering what the lists miss entirely, that’s a different question: identity theft starts in the half you can’t see.

If someone you love keeps a guilty privacy to-do list, forward them this. It’s permission to skip most of it.

You might also like