These are some practices which worked for me, You can adjust them to match your preferences. Feel free to add your own in the comments
- If you are forced to use something that is privacy invasive, Make it isolated from your actual profile. (Ex- Using a 2nd Browser profile, Using an alias to signup)
- Always use the services that you use from their official clients. Don’t blindly trust 3rd party clients just because they claim that they are “more private”, Do some research before using it.
- Don’t mix up your work life with your personal life. Consider getting a second phone just for work purposes or you could use a second profile for work purposes if your phone has the ability to create multiple user profiles.
- Keep a habit of clearing the browser data once in a while. (You can make your browser automatically clear the browser data when closing but it can be kinda annoying when you have to log back into websites everytime)
- Strip away the metadata of your photos and documents when sharing them.
- Check connected apps/services regularly and revoke unused ones. (on Discord, GitHub, Matrix and etc.)
- Audit app permissions regularly (Some apps adds in new permissions or re-enables permissions over updates)
The old #3 tip got removed (The password one) because it served no additional protection and was pretty annoying. It was a mistake by me, sorry
I mean, there have been breaches. In 2023 there were a small handful, and again in 2024/2025. There have been some incidents where passwords were lifted from Have I Been Pwned and some other reused passwords that were already out on the tubes, but none to my knowledge that resulted in user’s db being hacked.