Digital Literacy

Learn essential digital skills for navigating the modern world safely and effectively.

Tags:

16 minute read

You don’t need to be a tech expert to protect yourself online. But in a world where almost everything you do leaves a digital trail, you need to understand the basics. Companies track you. Data brokers sell your information. Scammers target the careless. Your digital life affects your real life - from job opportunities to financial security.

This page covers the practical skills you need to navigate the digital world safely without becoming paranoid. Think of it as basic digital hygiene - like brushing your teeth, but for your online presence.

The Reality: If It’s Free, You’re the Product

Here’s the uncomfortable truth: every “free” service makes money somehow. Google, Facebook, Instagram, TikTok, Gmail - they’re not charities. They make billions by collecting your data and selling it to advertisers and data brokers.

What they collect:

Everything you search for
Every website you visit
Your location at all times
Who you talk to and what you say
Your photos (including their metadata)
Your contacts
Your browsing habits
Your shopping behavior
Your political views (from what you engage with)
Your health concerns (from what you search)

What they do with it:

Sell it to data brokers who compile massive profiles on you
Use it to target you with ads
Share it with third parties (read their privacy policy - they tell you they do this)
Build predictive models about your behavior
Sometimes get hacked, exposing all of it

This isn’t conspiracy theory. It’s in the terms of service and privacy policies you agreed to. They straight-up tell you they’re doing this. Most people just don’t read it.

Important

Privacy isn’t about having something to hide. It’s about controlling what you share and who profits from your information.

Privacy-Focused Tools

You can’t opt out of the modern world, but you can make better choices about which tools you use.

Email: Proton Mail

Proton Mail is end-to-end encrypted email. That means even Proton can’t read your emails. Compare this to Gmail, where Google scans every email to target ads.

Why Proton Mail:

True end-to-end encryption
Based in Switzerland (strong privacy laws)
No ads
No data mining
Free tier available
Works with your existing workflow

Start using it for any accounts you care about. You can forward from your old email while you transition.

Tip

When creating your Proton Mail address, don’t use your real name or birth year. Something like silvermaple429@proton.me is far better than johnsmith1984@proton.me.

Messaging: Signal

Signal is the gold standard for private messaging. It’s end-to-end encrypted, open source, and funded by a non-profit. Even Signal can’t read your messages.

Why Signal instead of WhatsApp or regular texts:

End-to-end encryption by default
Messages can auto-delete
No data collection
Can’t be subpoenaed for your messages (they don’t have them)
Used by journalists, activists, and anyone who values privacy

Get your friends and family on it. It’s free and works like any other messaging app.

Notes: Joplin or Standard Notes

For notes with sensitive information (passwords, account numbers, personal thoughts), use end-to-end encrypted note apps:

Joplin - Open source, syncs across devices, supports Markdown
Standard Notes - Encrypted notes with a clean interface
Obsidian - Local-first, private by default, connects ideas

Don’t put sensitive information in Evernote, Google Keep, or Apple Notes unless you’re okay with the company having access.

Browser: Brave

Brave Browser is built on Chromium (like Chrome) but strips out all the tracking and ads. It blocks ads and trackers by default, loads pages faster, and protects your privacy without requiring any setup.

Why Brave:

Built-in ad and tracker blocking
Fingerprinting protection
HTTPS everywhere
No data collection
Works with all Chrome extensions
Noticeably faster browsing
Uses less battery on mobile

Install it. Make it your default browser. You’ll immediately notice fewer ads and faster page loads.

Search: DuckDuckGo

DuckDuckGo doesn’t track your searches or build a profile on you. Google tracks everything you search and uses it to serve ads and build a detailed profile.

Set DuckDuckGo as your default search engine in Brave. The search results are good - not quite as personalized as Google (because they’re not tracking you), but that’s the point.

Avoid Google Search

Google’s entire business model is collecting data. Every search you make feeds their advertising machine. If you care about privacy, stop using Google Search.

Password Management

Most people use the same password everywhere. When one site gets hacked, hackers try that password on every other site. This is how accounts get stolen.

Use a Password Manager

A password manager generates and stores unique, complex passwords for every site. You only need to remember one master password.

Primary recommendation: LastPass

Why LastPass:

Cross-platform (Windows, Mac, Linux, iOS, Android)
Browser extensions for all major browsers
Built-in authenticator app for 2FA codes
Key feature: When you get a new phone, install LastPass and all your 2FA codes are already there - no need to reset them all
Secure password generator
Auto-fill login forms
Free tier available (premium is worth it)

Alternatives:

1Password - Beautiful interface, family sharing features
Bitwarden/Vaultwarden - Open source, self-hostable

Set up a password manager today. Start by adding your most important accounts (email, banking, social media), then gradually add others as you log in.

Creating a Memorable Master Password

Even with a password manager, you need to remember one password - your master password. Here’s a technique that creates strong passwords you can actually remember.

Start with a phrase, quote, or song lyric - something memorable to you:

“Houston, we have a problem!”

Add some special characters to spice it up:

“Houston, we have a @#$ problem!”

Take the case-sensitive first letter of each word plus special characters:

Hwha@#$p!

Add the service name and year at the end:

Hwha@#$p!LP26 (LastPass 2026)

Now you have a strong password that looks like gibberish (Hwha@#$p!LP26) but is actually a sentence you can remember: “Houston, we have a damn problem! LastPass 2026”

Bonus: If you misremember the quote or lyrics (the actual Apollo 13 quote is “Okay, Houston, we’ve had a problem here”), that misremembering only adds to the password’s uniqueness. Your brain’s errors are your password’s strength.

Apply this technique to your favorite movie quote, song lyrics, or personal saying. Just don’t use this exact example - make it your own.

Two-Factor Authentication (2FA)

2FA adds a second step to logging in - usually a time-based code from an app. Even if someone steals your password, they can’t access your account without the 2FA code.

Enable 2FA on:

Email accounts
Banking and financial accounts
Social media
Any account with payment info
Cloud storage (Google Drive, Dropbox, iCloud)

Use an authenticator app, not SMS:

SMS (text message) 2FA is better than nothing, but vulnerable to SIM swapping (where someone convinces your carrier to transfer your number to their phone).

Use LastPass Authenticator (built into LastPass) or alternatives like:

LastPass Syncs Your 2FA Codes

This is the killer feature that makes LastPass indispensable: LastPass Authenticator syncs your 2FA setup codes across devices.

With most authenticator apps (Google Authenticator, Microsoft Authenticator), when you get a new phone, you’re in for an afternoon of pain. You have to go into every single service - email, banking, social media, gaming accounts, work accounts - and manually reset 2FA. It’s tedious, time-consuming, and frustrating.

With LastPass Authenticator, you install LastPass on your new phone, log in, and all your 2FA codes are already there. No resetting. No afternoon wasted. Everything just works.

This alone is worth using LastPass over other password managers.

Virtual Private Networks (VPN)

A VPN encrypts your internet connection and routes it through a server in another location. This hides your real IP address and prevents anyone (your ISP, public WiFi operator, websites) from seeing what you’re doing online.

Your ISP Is Watching Everything

Before you think “I don’t need a VPN at home,” stop and read your ISP’s privacy policy. Go ahead, here are the links to the major US ISPs’ privacy policies:

Your ISP can see and logs:

Every website you visit (DNS requests)
What apps you use
When you’re online and for how long
What you download

Most ISPs openly state they collect this data, analyze it, and sell it to advertisers and data brokers. It’s in their privacy policy - they’re not hiding it. A VPN encrypts all this traffic so your ISP only sees encrypted data going to the VPN server. They can’t see what you’re actually doing.

When to use a VPN:

At home - Yes, on your home network, to prevent ISP tracking
On any public WiFi (coffee shops, airports, hotels, libraries)
When accessing sensitive information
When traveling internationally
Basically, all the time

Our primary recommendation: Private Internet Access (PIA)

PIA was one of the first VPN providers to claim “we don’t log your traffic,” and unlike others, they’ve proven it in court. Multiple times, law enforcement and courts have compelled PIA to turn over user data. Each time, PIA demonstrated they literally have nothing to turn over - they don’t keep logs. This has been tested and verified in real court cases and FBI investigations.

Why this matters: If you use an unscrupulous VPN provider, they might also track everything you do. All you’ve done is swap one Peeping Tom (your ISP) for another (your shady VPN provider). PIA has court-verified proof they don’t do this.

Pricing: Around $3/month for up to 5 devices. Put it on your phone, tablet, and laptop - you’ll still have 2 device slots left. It’s a no-brainer.

Other reputable alternatives:

Mullvad - Privacy-focused, no account needed, pay anonymously
ProtonVPN - From the makers of Proton Mail, strong privacy
IVPN - No-logging policy, privacy-focused

Free VPNs Are Dangerous

Free VPN services make money by selling your data - the opposite of what a VPN should do. If you’re not paying for the VPN, you’re the product. Pay for a reputable service or don’t use one.

Privacy Settings Sweep

Most devices and services have privacy settings buried in menus. Take an hour to lock everything down.

On your phone (iPhone and Android):

Location services: Set to “Only While Using” for most apps, “Never” for apps that don’t need it
App permissions: Review which apps have access to contacts, photos, microphone, camera
Ad tracking: Disable personalized ads (iPhone: Settings > Privacy > Tracking > Off)
Background app refresh: Turn off for apps that don’t need it
Disable Siri/Google Assistant history collection

On your laptop:

Firewall: Enable it
Automatic updates: Turn them on
Full disk encryption: Enable FileVault (Mac) or BitLocker (Windows)
Webcam cover: Use a physical cover or tape

On social media:

Make profiles private
Review who can see your posts
Disable location tagging
Review tagged photos (untag yourself from embarrassing stuff)
Limit who can search for you
Check login locations (are there unknown devices?)

Schedule this annually. Services change settings and add new features that reset your preferences.

Learn from Privacy Champions

For ongoing privacy education and updates on new threats and tools, follow these privacy-focused YouTube channels:

Naomi Brockwell (NBTV) - Excellent privacy tutorials, app reviews, and practical tips for everyday people
Shannon Morse - Cybersecurity and privacy expert with accessible, practical content
The Hated One - Deep dives into privacy issues and surveillance
Techlore - Privacy tools, guides, and news

These creators regularly cover new privacy tools, settings changes, data breaches, and emerging threats. Subscribe and stay informed.

Understanding OSINT (Open Source Intelligence)

OSINT is information that’s publicly available about you. Anyone can find it - employers, stalkers, scammers, or just curious people.

What’s publicly available:

Social media profiles - Everything you’ve ever posted (even if “deleted”)
Data broker sites - Whitepages, Spokeo, BeenVerified compile public records
Court records - Lawsuits, traffic tickets, criminal records
Property records - Who owns what property
Professional licenses - State licensing boards publish names and addresses
Voter registration - Often includes address and birthdate
Breached data - Email addresses, passwords, phone numbers from hacked sites

How to find what’s out there about you:

Google yourself: "firstname lastname" city
Check data broker sites: Whitepages, Spokeo, FastPeopleSearch
Check Have I Been Pwned for breached accounts
Search your email address and phone number

How to reduce your footprint:

Opt out of data broker sites (tedious but worth it)
Make social media profiles private
Use a VPN to hide your IP/location
Don’t overshare online (see Digital Footprint section)
Google yourself quarterly to see what’s new

Data Brokers Are Legal

Companies like Spokeo collect and sell your information legally. They scrape public records and social media. You can opt out, but it’s a manual process for each site. Services like DeleteMe will do it for you for $129/year.

Recognizing Scams and Phishing

Scammers are sophisticated. They’re targeting you daily. Learn to spot the signs.

“I’m too smart to fall for scams”

That’s what everyone thinks. Then they fall for one. Here’s the reality: scammers are professionals whose entire job is actively deceiving you. They use psychological manipulation, urgency, fear, greed, and social engineering. They’re successful on a regular basis because they’re good at what they do. Smart people fall for scams every day. Don’t let pride make you vulnerable.

Common red flags:

Urgency: “Your account will be closed unless you act NOW”
Too good to be true: “You’ve won $10,000!” “Hot singles in your area!”
Requests for personal info: No legitimate company asks for passwords via email
Suspicious links: Hover over links - does the URL match what it claims?
Bad grammar: Professional companies proofread
Generic greetings: “Dear Customer” instead of your name
Unexpected attachments: Don’t open attachments from unknown senders

Never:

Click links in unexpected emails (go directly to the website instead)
Give out your Social Security Number unless absolutely necessary
Pay with gift cards (this is always a scam)
Trust caller ID (it’s easily spoofed)
Send money to people you’ve never met in person

Common Scams Targeting Young People

Job offer scams: They “hire” you, send a check, ask you to buy equipment and send the rest back. Check bounces, you’re out thousands.
Romance scams: Someone attractive messages you, builds a relationship, then has an “emergency” needing money.
Sextortion/blackmail: An attractive person (usually claiming to be a woman) messages you on social media, flirts, sends explicit photos, and asks you to send compromising photos or videos back. Then you find out it’s a scammer who threatens to send your photos to your friends, family, or employer unless you pay them in Bitcoin. This is designed to exploit shame and isolation - victims often don’t report it because they’re embarrassed. If this happens to you: don’t pay, report it to the FBI’s IC3, and tell someone you trust. Paying doesn’t make it stop - it proves you’ll pay.
Crypto investment scams: Guaranteed returns, celebrity endorsements, pressure to invest now.
Phishing texts: “Your package is delayed” with a link to “update” your address.

When in doubt, don’t. Slow down. Research. Call the company directly (using a number you look up yourself, not one provided in the email).

Your Digital Footprint and Reputation

Everything you post online is permanent. Even if you delete it, someone likely screenshotted it, and archive sites like the Wayback Machine may have saved it.

Employers and colleges Google you. They check social media. One stupid post can cost you a job offer or scholarship.

Before posting anything, ask:

Would I want my mom to see this?
Would I want my future employer to see this?
Could this be misinterpreted?
Does this reveal anything that could be used against me?

Protect your reputation:

Use privacy settings aggressively
Think before you post
Don’t post when emotional or intoxicated
Untag yourself from friends’ embarrassing photos
Remove old posts that don’t reflect who you are now
Build positive content (LinkedIn profile, portfolio, thoughtful social posts)

Password recovery questions - use fake answers:

When sites ask for your mother’s maiden name, high school mascot, or first pet’s name, use fake answers. This information is often publicly available (Facebook, ancestry sites) and used for social engineering attacks.

Store your fake answers in your password manager. For example:

Mother’s maiden name: Elephant123
First pet’s name: Watermelon789

Backups: The 3-2-1 Rule

You will lose data at some point. Phone breaks. Laptop gets stolen. Ransomware encrypts everything. Hard drive dies. The question is: will you lose everything, or will you be mildly inconvenienced?

The 3-2-1 rule:

3 copies of your data (original + 2 backups)
2 different types of media (external hard drive + cloud)
1 offsite (cloud storage)

Options:

Cloud backup: Backblaze ($7/month, unlimited), iCloud, Google One
External hard drive: Buy a 1-2TB drive, set automatic backups
Time Machine (Mac) or File History (Windows) - built-in backup tools

Set it up once, then forget it. When your laptop dies, you’ll be grateful.

Credit Freezes

Identity theft is rampant. Data breaches happen constantly. Protect yourself with a credit freeze.

A credit freeze prevents anyone (including you) from opening new credit in your name. If someone steals your identity, they can’t take out loans or credit cards.

How to freeze:

Contact all three bureaus (it’s free):

You’ll get a PIN to temporarily unfreeze when you need to apply for credit (apartment, car loan, credit card). The rest of the time, it’s frozen solid.

Do this. It takes 30 minutes and prevents massive headaches.

Photo Metadata

Every photo from your phone contains metadata (EXIF data): GPS coordinates, time, date, camera model, sometimes even your name.

Two critical social media rules:

Don’t announce trips before you leave - Posting “Headed to Miami for spring break!” tells bad actors your house is empty and ready to rob. Post during or after the trip, not before.
Don’t brag about expensive stuff - That new gaming rig, designer watch, or custom sneakers makes you a target. Posting about it tells criminals you’re someone worth stealing from.

Bragging + EXIF Data = Invitation to Criminals

You post a photo of your new Tag Heuer watch on Instagram. You think you’re just showing off to friends. But here’s what you actually did:

The photo shows you have expensive stuff worth stealing
The EXIF data in the photo contains GPS coordinates pinpointing your bedroom
You just told criminals exactly where to find their new watch

This isn’t theoretical. Burglars actively monitor social media for targets. They look for expensive items and check metadata for addresses. Then they watch your posts to know when you’re not home. Combine bragging with location data and you’ve done their research for them.

Remove metadata:

iPhone: Settings > Privacy > Location Services > Camera > “Never” or “While Using”
Android: Camera settings > turn off location tagging
Before posting: Use tools like ExifTool or websites like Remove Photo Data

Many social media platforms strip metadata automatically, but don’t count on it.

Browser Extensions for Privacy

Strengthen your browser’s privacy:

uBlock Origin - Open source ad blocker, blocks trackers and malicious sites
HTTPS Everywhere - Forces encrypted connections (built into Brave already)
Privacy Badger - Blocks invisible trackers

Note: Brave has most of these built in, but if you use another browser, add these.

Summary

Digital literacy isn’t about paranoia - it’s about making informed choices. You don’t need to become a cybersecurity expert, but you do need to understand the basics.

The essentials:

Switch to privacy-focused tools - Proton Mail, Signal, Brave, DuckDuckGo
Use a password manager - LastPass or alternatives, unique passwords everywhere
Enable 2FA - On every important account, use an authenticator app
Use a VPN - Especially on public WiFi
Lock down privacy settings - Phone, laptop, social media - do an annual sweep
Think before posting - Your digital footprint is permanent
Back up your data - 3-2-1 rule, automate it
Freeze your credit - Prevent identity theft
Spot scams - Slow down, verify, don’t click suspicious links
Understand OSINT - Know what’s publicly available about you

Start with passwords and 2FA. That alone will protect you from most attacks. Then gradually adopt the other practices. Small changes compound into significantly better security and privacy.

Your digital life is your real life. Protect it.