Your Complete Guide to Online Privacy in 2025: Who is Taking Your Personal Info and How to Stop Them

Every time you buy something, open an account, search the internet, interact on social media, and use smart devices, public WiFi, and AI, you leave a trail of personal information or “personal data” that is being collected, shared, used, and abused. Suddenly you’re getting spam calls, phishing emails, smishing texts, and data breach alerts, all while someone is booking flights to Ibiza with your credit card and taking out mortgages in your name!   

In 2025, our digital footprints are vast and vulnerable— and online privacy is an urgent issue.

This guide covers everything you need to know about online privacy:

• What are personal data and your digital footprint?
• Who’s collecting your personal information and why?
• What happens when your information gets into the wrong hands?
• What is data privacy?
• Are there data privacy laws?
• What you can do to protect yourself

What are personal data and your digital footprint?

Your digital footprint is all the information about you that exists on the internet because of your online activity. It’s sometimes called your digital exhaust because, just as engine exhaust is residue from using a car, digital exhaust is residue from using the internet. 

Your data is collected from:

• Websites (cookies, tracking pixels, session recording)
• Mobile apps (permissions, background data sharing)
• Social media (likes, shares, behaviour analysis in social graphs and interest graphs)
• Smart devices
• Artificial intelligence (AI) tools
• Public WiFi and location tracking

Your digital footprint contains what’s called your personal data. Data is information, and  personal data (or personal information or (to get technical) personally identifiable information) is officially defined as any data that can be used to distinguish or trace an individual’s identity and any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information. 

Examples of PII are:

• your full name, maiden name, mother‘s maiden name, and alias
• your date of birth, place of birth, race, religion, weight, activities, geographical indicators
• employment information, medical information, education information, financial information
• personal ID numbers such as your SSN and passport and driver license numbers
• your addresses
• your telephone numbers
• IP or MAC address
• personal characteristics, including photographic images, x-rays, fingerprints, or other biometric image
• your vehicle registration number or title number

Who’s collecting your personal information and why?

Our digital world is now so reliant on user data it’s described as surveillance capitalism and the data economy. Loads of players have their fingers in this “personal data pie”, including:

Big tech

Tech companies like Alphabet (Google), Meta, Amazon, Apple, Microsoft are giving you “free” access to their platforms and products in return for your personal information, time, and attention. Have you heard the saying, “If you’re not paying for the product, you ARE the product?”

Part of your digital footprint is also what’s known as your social graph and your interest graph. A social graph is a digital map of who you know—your relationships within a social network including your friends, family, coworkers, etc., while an interest graph maps what you like—it connects you to other people based on shared interests, hobbies and topics, rather than personal relationships.

Big tech uses all this personal data to:

• Sell ads to third-party advertisers that serve you personalized ads (those scarily coincidental ads that pop up within seconds of your search for a product)
• Control the content you see, including news feeds and social media posts
• Set higher prices (you search for something high risk like “motor racing” and suddenly your insurance premium goes up)
• Influence your political decisions (read up on Cambridge Analytica for a famous example). 

And here’s another thing: most users never consent to their information being used in these ways. Most privacy policies are long, vague, and unreadable, and user consent is complex. What’s more, many apps use dark patterns—design tricks that pressure users to share more information and buy more products than they want to.

Data brokers

Data brokers, which are about 4000 legitimate but unregulated organizations worldwide, are gathering and collating your lucrative data to sell profiles to advertisers, insurers, and political groups. These profiles can include:

• your age
• marital status
• where you live
• your email address
• employer
• how much money you make
• how many children you have
• where you shop
• what you buy
• your medical conditions and health issues
• who you vote for and support

Data brokers usually sell user information to brands in list form. Your email address on a list of people with a particular medical condition such as diabetes would be worth about $79 and on a list of a particular class of traveller about $251. And that’s another thing: A lot of your personal data online isn’t stuff you’d want to share around. While data brokers say the data is anonymized, it’s scarily simple to re-identify so-called “anonymous” data. In fact, some researchers say anonymous data is a lie, and that unless all aspects of de-identifying data are done right, it is incredibly easy to re-identify the subjects.

Governments

Worldwide, governments use citizens’ personal data for surveillance under the guise of national security, public safety, and crime prevention. For example, Proton recently reported that Google, Apple and Meta have handed over data on 3.1 million accounts to the US authorities over the last decade (regardless of which political party was in the White House), providing information such as emails, files, messages, and other highly personal information.

“In the past, the government relied on massive, complex and legally questionable surveillance apparatus run by organizations like the NSA. But thanks to the advent of surveillance capitalism, this is no longer necessary,” said Raphael Auphan, Proton’s chief operating officer.

“All that’s required for the government to find out just about everything it could ever need is a request message to big tech in California. And as long as big tech refuses to implement widespread end-to-end encryption, these massive, private data reserves will remain open to abuse,” Auphan added.

Hackers and scammers

Criminals exploit stolen data in many different ways, which brings us to the next point …

What happens when your personal information gets into the wrong hands?

We’ve covered what brands and governments do with your personal information. Bad actors can also do a lot of damage with your data:

1. Identity theft: Using your stolen information to impersonate you for financial gain or to commit crimes
2. Financial fraud: Accessing your bank accounts, credit card information, or other financial accounts to make unauthorized transactions
3. Phishing: Sending fraudulent emails or messages pretending to be from legitimate organizations to trick you into revealing more information or clicking on malicious links
4. Social engineering: Manipulating you into divulging confidential information, often by posing as someone you trust or using your stolen information to build credibility
5. Account takeover: Gaining unauthorized access to your online accounts (email, social media, etc.) using your stolen usernames and passwords
6. Tax fraud: Using stolen personal information to file fraudulent tax returns and claim refunds
7. Medical identity theft: Using your stolen information to get medical services and prescriptions, or to fraudulently file insurance claims
8. Employment fraud: Using your stolen information to illegally gain employment or benefits
9. Blackmail or extortion: Threatening to expose your sensitive information unless you pay a ransom
10. Creating fake identities: Using your stolen information to create new identities for various fraudulent purposes.

Data breaches are the new normal

One way bad actors get your information is through data breaches. A data breach is a security event where highly sensitive, confidential or protected information is accessed or disclosed without permission or is lost.

We’ve almost come to expect massive, damaging data breaches. The year 2024 had the most data breaches on record, and 2025 has already seen the largest data breach of all time: the leaking of more than 16 billion usernames and passwords to user accounts with Apple, Facebook, Google, other social media accounts, and government services.

AI is making data privacy worse

AI is connecting just about everything in our lives, from our vehicles to eyewear, and we’re using it in all sorts of everyday ways. But AI presents privacy risks not only in what we share but also in how AI can analyze, infer, and act on that information without our permission (think: deep fakes, for example).

Academics have already identified at least 12 privacy risks from AI, and safe and ethical AI governance is a priority.

What is online privacy?

You might say, “I have nothing to hide”, “Privacy tools are only for criminals” or “Social media is harmless fun,” but against this backdrop of risks and damage, you can see the urgent need to protect your online privacy (or data privacy). This is about your rights to control your personal information and how it’s used.

Data privacy matters because it protects our fundamental right to privacy and means we can:

• Limit others’ control over us to know about us and to cause us harm
• Better manage our professional and personal reputations 
• Put in place boundaries and encourage respect
• Maintain trust in relationships and interactions with others
• Protect our right to free speech and thought
• Pursue second chances for regaining our privacy
• Feel empowered that we’re in control of our life. 

Are there data privacy laws?

Data privacy laws are designed to give users more control over their personal data by regulating how organizations can collect, store, and use that information.

As at 2024, 137 countries have national data privacy laws, which means 70% of nations worldwide, 6.3 billion people, or 79.3% of the world’s population is covered by some form of national data privacy law.

Despite many attempts, the United States is one of the only major global economies without a strong national privacy law similar to the European Union’s GDPR—the gold standard for consumer data privacy protections and with regulatory impact around the world. Instead, the US has a patchwork of state-based privacy laws. A dedicated working group was recently formed to try again on a US federal privacy law, so watch this space.

What you can do to protect your personal information and online privacy

Regardless of the laws, you can do a lot to protect yourself. First, you need to cover some basics:

• Use strong, unique passwords for each of your online accounts. Store them securely in a password manager.
• Enable two-factor authentication (2FA).
• Don’t share sensitive details on public platforms or unsecured websites.
• Keep your software and devices updated.
• Be cautious of phishing emails and smishing texts, links, and attachments.
• Know what to do in the event of a data breach.
• Switch to a private browser that stops ads and tracking.
• Use end-to-end encrypted messaging and calling, wherever possible.
• Regularly review your privacy settings on platforms like Facebook, X, Instagram, and LinkedIn to limit data collection.
• Limit app permissions to stop third-party services from accessing your data.
• Regularly audit your online activity to remove old or inactive connections, unfollow accounts, and mute topics you’re not interested in.
• Unsubscribe from unnecessary services.
• Clear browsing history and cookies regularly

If that seems a lot, we have good news: MySudo all-in-one privacy app deals with many of those actions in one simple app—and the other apps in the MySudo family take you even further.

MySudo

MySudo all-in-one privacy app is built around the Sudo, a secure digital profile with email, phone, and virtual cards to use instead of your own. Anywhere you usually give your personal details, you simply give your Sudo details instead. Sudos let you live your life online without spam, scams, and constant surveillance.

What’s in a Sudo?

• 1 email address – for end-to-end encrypted emails between app users, and standard email with everyone else
• 1 handle* – for end-to-end encrypted messages and video, voice and group calls between app users
• 1 private browser – for searching the internet without ads and tracking
• 1 phone number (optional)* – for end-to-end encrypted messaging and video, voice and group calls between app users, and standard connections with everyone else; customizable and mutable
• 1 virtual card (optional)* – for protecting your personal info and your money, like a proxy for your credit or debit card or bank account

*Phone numbers and virtual cards are only available on a paid plan. Phone numbers are available for US, CA and UK only. Virtual cards are for US only. Handles are for end-to-end encrypted comms between app users.

You can have up to 9 separate Sudos in the app. With your Sudos, you can:

• Protect your information. Basically, with MySudo, you decide who gets your personal information, and everyone else gets your Sudo information. 
  
  Instead of using your own email, phone number, and credit card all over the internet, use the alternative contact details from your Sudo. So, you would use your Sudo email and phone number to open and log into accounts and contact people; use the private browser to search online without ads and tracking; and use your Sudo virtual card to pay for purchases without exposing your own credit or debit card. Virtual cards are linked to your own credit card or debit card but don’t reveal those details during transactions.
  
  In this way, you …
• Break your data trail. When you compartmentalize your life into different Sudos, you silo your information and make it impossible for anyone to track you across sites and apps to sell or steal your personal information. And if one Sudo’s details get caught in a data breach or is heavily spammed, you can either ignore it, mute it, or delete it and start again.
  
  Uses for Sudos are limited only by your imagination. Sign up for deals and discounts, book rental cars and hotel rooms, order food or sell your stuff – all without giving away your personal information. Be creative with your Sudos: Setting up a dedicated Sudo to stay safe while volunteering is a popular choice, for example.
  
  You might like:
  How MySudo lets you control who sees your personal info online and in real life
  From Yelp to Lyft: 6 ways to “do life” without using your personal details
  4 steps to setting up MySudo to meet your real life privacy needs
• Use the end-to-end encrypted messaging and calling within each Sudo to keep your conversations private. Your Sudo phone number works like a standard number but also gives you secure connections to other MySudo users, making MySudo a great private messaging app.
  
  You can also use your Sudo handle (instead of a phone number) for end-to-end encrypted communications between other MySudo users, too (invite your friends to the app!). Read: How to get 9 “second phone numbers” on one device.
• Use the end-to-end encrypted email between MySudo users for secure communications. MySudo email is a popular secure email service with full send and receive support. It’s entirely separate from your personal email account and intentionally protects your personal email from spam and email-based scams.
  
  Read: 4 ways MySudo email is better than masked email.
• Use the private browser within each Sudo in MySudo to search the internet free of ads and trackers.
• Use the virtual card within each Sudo in MySudo to hide your transaction history from your bank and others that they sell your data to. (Yes, they do!).
  
  Discover more about how MySudo lets you control who sees your personal information online and in real life. Also check out how MySudo keeps you safe on social media even in a data breach.

Once you’ve got MySudo on your side, do these 3 things:

1. Reclaim your information from companies that store and might sell it with RECLAIM personal data removal tool. See who has your information, discover whether it’s been caught in a data breach, and then either ask the company to delete it or substitute it for your Sudo information using MySudo. RECLAIM is part of the MySudo app family.
   
2. Encrypt your internet connection and hide your IP address with MySudo VPN, the only VPN on the market that’s actually private. MySudo VPN is the perfect companion for MySudo privacy app since they’re engineered to work seamlessly together. 
   
3. Be first in line to use the new MySudo password manager to securely store, autofill, and organize every log-in, password, and more. Coming soon!

Why should I trust MySudo?

MySudo does things differently from other apps:

• We won’t ask for your email or phone number to create an account.
• You don’t need a registration login or password to use MySudo. Access is protected by a key that never leaves your device.
• We’ll only ask for personal information for virtual cards, and UK phone numbers, when a one-time identity verification is required.

By securing your own information, you take back control of your life, money, safety, and reputation. There’s never been a better time.

Get started today:

Download MySudo
Download RECLAIM
Download MySudo VPN

You might also like:

• What constitutes personally identifiable information or PII?
• 14 real-life examples of personal data you definitely want to keep private
• What is digital exhaust and why does it matter?
• Californians, this is why you still need MySudo despite the new “Delete Act”
• This is why MySudo is essential, even 10 years after Snowden
• What is a data breach?
• What should I do if I’ve been caught in a data breach?