Stay Private
Your Digital Privacy Guide
In today's surveillance economy, protecting your identity online isn't paranoia — it's common sense. Here's everything Australians need to know to stay private, safe, and in control of their own data.
📱 If There's a Website — Never Use the App
This is one of the most important rules in digital privacy and almost nobody follows it. Every time you install an app instead of using a website, you hand that company a skeleton key to your phone. A website can only see what you do on that site. An app can see almost everything.
Apps request permissions that have nothing to do with their function — and most people tap "Allow" without thinking. That news app doesn't need your location. That shopping app doesn't need your contacts. That free game doesn't need your microphone. But they ask, and they get it, and they sell it. Your entire digital profile — location history, contact list, browsing habits, purchase history, physical movements throughout your day — is being packaged and sold to data brokers, advertisers, and in some cases, governments.
The rule: if a service has a working website, use the website in your browser. Save apps only for things that genuinely cannot work without them — banking apps with authentication, navigation, camera-based tools. Everything else — news, shopping, social media, streaming, food delivery — use the browser version. You lose almost no functionality and you keep your data.
📍 Location Tracking
Apps track your physical location 24/7 — even when you're not using them — and sell it to brokers who resell it to anyone.
👥 Contacts Harvesting
Many apps upload your entire contact list to their servers. Your friends and family never consented to this — but you gave it away on their behalf.
🎙️ Microphone Access
Apps with microphone permission can activate it in the background. The "we heard you talking about X and then saw an ad for it" phenomenon is real.
📸 Camera & Photos
Photo library access means the app can scan every photo you've ever taken — including metadata showing when and where each photo was taken.
📋 Device Fingerprinting
Apps can identify your unique device and track you across platforms even after you delete them, using hardware identifiers that can't be reset.
📈 Background Data
Apps running in the background continuously send data home — usage patterns, app activity, network information — without you ever opening them.
Every website wants your email address. Every single one. And it's not because they want to send you a receipt — it's because your email is the key that ties everything together. It links your name, your habits, your purchases, your location, and your browsing history into a single profile that can be sold, shared, hacked, or handed to the government.
Here's what actually happens when you hand over your email: it gets added to a database. That database gets sold to data brokers — companies whose entire business model is collecting and reselling personal information. Your address ends up in marketing lists, targeted ad systems, political profiling tools, and in some cases, government watchlists. You agreed to this in a 47-page terms of service document nobody reads.
Think about how many sites you've signed up to over the years — news sites, online stores, forums, apps, giveaways, free trials, Wi-Fi login pages at cafes. Every single one of those has your real email sitting in a database somewhere. Many of those companies have already been hacked. Your details are probably already floating around on the dark web right now — and there's nothing you can do about the past. But you can stop making it worse.
The rule is simple: if you don't genuinely trust a site, never give it your real email. Ask yourself — do I actually need an account here? Do I need their newsletter? Will I ever come back? Most of the time the honest answer is no. You're handing over a permanent piece of your identity in exchange for a one-time download or a 10% discount code.
📈 Data Brokers
Companies like Acxiom and Experian buy and sell profiles on billions of people. Your email, name, address, income estimate, political leanings and shopping habits are all for sale — right now.
🎯 Targeted Advertising
Facebook, Google, and thousands of smaller ad networks use your email to match you across devices and platforms, building a profile of everything you do online — even when you're not logged in.
🔓 Data Breaches
Over 10 billion records were leaked in 2024 alone. If your email is in a breached database, it can be used for phishing attacks, credential stuffing, and identity theft — sometimes years later.
📋 Spam & Phishing
Once your real address is in the wild, you cannot get it back. The spam never stops — and some of it is sophisticated enough to fool people into handing over passwords or banking details.
The solution isn't complicated — it's disposable email addresses. Use a throwaway for anything that doesn't need your real identity. Keep your real email for people and services that genuinely matter: your bank, your doctor, your family. Everything else gets a fake one.
10 Minute Mail
The classic throwaway. Opens instantly, no signup. Good for quick one-off verifications. Address expires in 10 minutes (extendable).
Visit Site ↗Guerrilla Mail
Receive AND send emails anonymously. You choose your address. Attachments supported. One of the most capable free options.
Visit Site ↗A VPN (Virtual Private Network) encrypts your internet traffic and hides your IP address from your ISP, websites, and anyone snooping on your connection. Essential for public Wi-Fi and general anonymity.
Mullvad VPN
No email required to sign up — just a generated account number. Accepts cash and crypto. Strict no-logs. Based in Sweden. The most anonymous commercial VPN.
Visit Site ↗ProtonVPN FREE PLAN
Swiss-based, audited no-logs policy, open source. The free tier gives you unlimited data — no cap — across 3 countries. No credit card needed. The best free VPN available, full stop.
✔ Unlimited data ✔ No ads ✔ No logs
Visit Site ↗ExpressVPN
Fast, easy to use, and well-audited. Good for everyday use and streaming. Servers in Australia available. Popular but more mainstream than Mullvad.
Visit Site ↗Tor Browser
Not a VPN but routes your traffic through 3 encrypted relays worldwide. The most anonymous browsing option available. Slower but hardest to trace.
Visit Site ↗Chrome sends your browsing data to Google. Bing sends it to Microsoft. These aren't tools — you're the product. Here's what to use instead.
Firefox
Open source, highly configurable, excellent privacy add-ons available. The everyday workhorse for privacy-conscious users.
Download ↗Brave
Built-in ad and tracker blocking, fingerprint protection, and Tor integration. Based on Chromium so most sites work perfectly.
Download ↗DuckDuckGo
No tracking, no search profile, no personalised results. Based in the USA but has a strict no-logs policy. Easiest Google replacement.
Try It ↗Startpage
Shows Google results without Google tracking you. Based in the Netherlands. A good middle ground if you miss Google's search quality.
Try It ↗Brave Search
Independent index — not Google or Bing results repackaged. No tracking. Growing fast in quality. Pairs perfectly with the Brave browser.
Try It ↗uBlock Origin
The best ad and tracker blocker available for Firefox. Lightweight, open source, and crushes everything Google's built-in blocker misses.
Install ↗Most Australians have no idea how aggressively their government can surveil them — legally. Here are the key laws affecting your digital privacy right now.
🔴 Assistance and Access Act 2018 (the "Anti-Encryption" Law)
This law allows the Australian government to compel technology companies and service providers to build backdoors into encrypted software — or face heavy fines. It effectively undermines end-to-end encryption for Australians. Widely criticised by privacy advocates, tech companies, and civil liberties groups worldwide. This is why Australian-based services cannot be fully trusted for sensitive communications.
🔴 Mandatory Data Retention Scheme (TOLA Act)
Your ISP and phone company are legally required to store your metadata — who you called, who you emailed, what websites you visited, your location data — for 2 years. Over 80 government agencies can access this data without a warrant, including local councils and RSPCA inspectors. Not just police. Not just ASIO.
📘 Privacy Act 1988 (and the 2024 Reforms)
Australia's primary privacy law governs how businesses and government agencies collect and store your personal data. 2024 reforms strengthened individual rights including the right to request data deletion. However, exemptions for political parties, small businesses, and media organisations remain a major gap.
📘 Your Rights Under the Australian Privacy Act
You have the right to: know what data organisations hold about you, access and correct that data, complain to the Office of the Australian Information Commissioner (OAIC) if your privacy is breached, and in many cases request your data be deleted. You can lodge a complaint at oaic.gov.au.
🔴 Five Eyes Intelligence Alliance
Australia shares intelligence — including communications data — with the USA, UK, Canada, and New Zealand under this secretive agreement. Data collected "legally" in one country can be shared with agencies in another. This is why the jurisdiction of any privacy tool you use matters enormously.
You don't have to do everything at once. Start with these steps and you'll be ahead of 90% of Australians in protecting your digital life.
Switch your browser to Firefox or Brave
Takes 5 minutes. Install uBlock Origin immediately after. This alone blocks thousands of trackers on every page you visit.
Change your default search engine to DuckDuckGo
Settings → Search Engine → DuckDuckGo. Done. No profile being built. No filter bubble shaping your world view.
Get a ProtonMail address for sensitive emails
Free to sign up. Use it for anything you want kept private — legal, medical, financial, or political communication.
Use a temp email for every online signup you don't trust
Before you type your real email into any website, ask: do I actually need to give them this? If not, use guerrillamail.com or 10minutemail.com instead.
Install a VPN — especially on public Wi-Fi
ProtonVPN has a free tier. Use it any time you're on a network you don't own — cafes, airports, hotels, libraries.
Use Signal for private messaging
Signal is end-to-end encrypted, open source, and the gold standard for private messaging. Better than WhatsApp (owned by Meta) or standard SMS.
Delete apps and use the website instead
News sites, social media, shopping, streaming, food delivery — open them in your browser. The website can't access your contacts, location, microphone, or camera. The app can. Delete the app. Bookmark the site.
Review your phone app permissions
Settings → Apps → Permissions. Revoke location, microphone, and camera access from any app that doesn't genuinely need it. If it doesn't need it to function, it has no business having it.
Privacy Is Not a Crime — It's a Right
The Australian government's surveillance apparatus is vast and expanding. Protecting your digital privacy is not suspicious — it is a fundamental right in any free society. The tools on this page are all legal to use in Australia.
Know Your Rights at OAIC.gov.au ↗
Aust Gov Sites