Learn to protect
your privacy.

How to Filter Junk Email in Gmail, Yahoo & Xfinity

Your inbox is a battlefield. Every day, marketers, spammers, and scammers compete for your attention — and your data. Learning to filter, block, and unsubscribe safely is one of the most practical privacy skills you can develop.

Gmail — Setting Up Filters

Gmail's filter system is powerful but buried. Here's how to use it to automatically delete, archive, or label junk before it hits your inbox.

1. 01Open Gmail on desktop → click the search bar → click the filter icon (three sliders) on the right side of the search bar.
2. 02Enter the sender's email address or a keyword that appears in junk mail — like "unsubscribe" or "offer expires".
3. 03Click Create filter → choose what to do: Delete it, Skip Inbox, Mark as read, or Apply a label.
4. 04Check Also apply filter to matching conversations to clean up existing emails too.
5. 05Click Create filter to save. Gmail will now automatically handle matching emails.

Yahoo Mail — Spam Filters & Blocked Senders

1. 01Open Yahoo Mail → Settings (gear icon) → More Settings → Filters.
2. 02Click Add new filters → give it a name → set your conditions (From, Subject, Body).
3. 03Choose the folder — select Trash to auto-delete matching emails.
4. 04To block a sender directly: right-click any email → Block Sender. Yahoo will move future emails from that address to spam.

Xfinity / Comcast Email

1. 01Log into your Xfinity email at connect.xfinity.com.
2. 02Go to Settings → Email Settings → Spam Filter.
3. 03Enable spam filtering and set the sensitivity level. Medium is a good starting point.
4. 04Add specific senders to your blocked list under Blocked Senders.

Unsubscribe vs. Delete — Which Is Safer?

Legitimate marketing emails: Use the unsubscribe link. Reputable companies are required by law (CAN-SPAM Act) to honor unsubscribe requests within 10 business days.

Suspicious or unknown senders: Never click unsubscribe. Clicking confirms your email address is active, which can result in more spam. Just delete or block.

Hidden Tracking Pixels

Many marketing emails contain invisible 1x1 pixel images. When you open the email, your email client loads the image, silently notifying the sender that you opened it, along with your approximate location and device type.

In Gmail: Settings → See all settings → General → Images → select "Ask before displaying external images".

In Apple Mail (iPhone/Mac): Settings → Mail → Privacy Protection → enable Protect Mail Activity.

Why You Should Switch to Proton Mail

Gmail is free because Google reads your email to serve you ads. Proton Mail is free because they built a business model that doesn't require your data. It's end-to-end encrypted, based in Switzerland, and has been audited by independent security researchers.

This isn't a niche privacy tool — it's a full-featured email service used by millions of people, including journalists, lawyers, and healthcare workers who legally can't have their email read by a third party.

What "End-to-End Encrypted" Actually Means

Your email is encrypted on your device before it leaves. Proton can't read it. If someone were to subpoena Proton for your emails, all they could hand over is scrambled data. Google, by contrast, has handed over user email data to law enforcement thousands of times.

Free Plan vs. Paid

1. Free1 email address, 1GB storage, end-to-end encryption — plenty for most people testing it out.
2. PaidCustom domains, 15GB+, multiple addresses, calendar and Drive included. About $4/month.

How to Get Started

1. 01Create a free account at proton.me — no phone number required.
2. 02Set up the Proton Mail app on your phone (iOS or Android).
3. 03Start using it for anything sensitive — banking, medical, legal. Keep Gmail for newsletters if you want.
4. 04Over time, update important accounts to your Proton address.

What Is DNS & Why Does It Matter for Your Privacy?

Every time you visit a website, your device performs a DNS lookup — a query that translates a domain name like google.com into an IP address your device can connect to. This happens thousands of times per day, for every device on your network.

By default, these queries are sent in plain text to your ISP's DNS servers. Your ISP can see every domain you look up — every website, app, and service your household uses.

What Is DNS Over HTTPS (DoH)?

DNS over HTTPS encrypts your DNS queries so they can't be intercepted or logged by your ISP. Instead of plain text queries going to Comcast, your queries travel encrypted to a private DNS resolver.

How to Enable DoH on Your Devices

iPhone/iPad: The easiest way is to install a DNS profile. Harbor Privacy customers receive a personal profile — but you can also use Cloudflare's free profile at 1.1.1.1/dns/.

Android/Pixel: Settings → Network & Internet → Private DNS → enter a DoH hostname. Cloudflare's free option is one.one.one.one.

Windows 11: Settings → Network & Internet → your connection → DNS server assignment → Edit → set to Manual → enable DNS over HTTPS.

Mac: System Preferences → Network → Advanced → DNS — add a DoH server. Requires a configuration profile for full DoH support.

How Your ISP Tracks You — And What You Can Do About It

In 2017, Congress voted to allow ISPs to collect and sell your browsing data to advertisers without your consent. Comcast, Verizon, AT&T, and others can legally monitor your internet activity and monetize it.

What ISPs Can Collect

1. →Every website you visit via DNS queries — even in incognito mode
2. →How long you spend on each site
3. →What devices are on your network
4. →Your general location based on IP address
5. →Unencrypted browsing traffic (HTTP sites)

How to Limit ISP Tracking

1. 01Use DNS over HTTPS — encrypts your DNS queries so your ISP can't log which domains you visit. This is the single most effective step for most households.
2. 02Use HTTPS websites — look for the padlock in your browser. HTTPS encrypts the content of your browsing so your ISP can only see the domain, not the specific pages.
3. 03Use a reputable VPN — routes all traffic through an encrypted tunnel. Effective, but requires trusting the VPN provider. Free VPNs often sell your data themselves.
4. 04DNS-level ad blocking — blocks tracker domains before they load, reducing the data footprint your devices create.

Unbound & Recursive DNS — What It Actually Means

Most DNS resolvers — even privacy-focused ones like 1.1.1.1 — still see every query you make. You're trusting a third party not to log or sell that data. Unbound cuts that out entirely.

Harbor Privacy runs Unbound, which means your DNS queries go directly to the authoritative servers for each domain — no middleman, no upstream resolver logging your activity. When you look up google.com, the query goes to Google's own nameservers directly, not through Cloudflare or your ISP first.

How Normal DNS Works

Your device asks your ISP's resolver → ISP asks a root server → root server points to the TLD → TLD points to the authoritative server. Your ISP sees every single step.

How Unbound Works

Your device asks Harbor Privacy → Harbor Privacy asks the root server directly → gets the answer → done. No ISP in the loop. No third-party resolver logging your queries.

Why This Matters

DNS-over-HTTPS encrypts the query so your ISP can't read it. Unbound goes a step further — it eliminates the upstream resolver entirely. Combined, nobody in the middle can see what you're looking up.

How to Spot Phishing Emails & Malicious Links

Phishing attacks are responsible for the majority of data breaches and identity theft cases. They work by tricking you into clicking a link or entering credentials on a fake website.

Red Flags in Emails

1. →Urgency and fear — "Your account will be suspended in 24 hours." Legitimate companies don't rush you into clicking links.
2. →Mismatched sender address — the display name says "PayPal" but the actual email is from a random domain. Always check the full email address.
3. →Suspicious links — hover over any link before clicking. The URL that appears should match the company. paypa1.com is not PayPal.
4. →Generic greetings — "Dear Customer" instead of your name. Legitimate companies know your name.
5. →Unexpected attachments — never open attachments you weren't expecting, even from people you know.

How to Check a Suspicious Link

1. 01On desktop — hover over the link. The actual URL appears in the bottom of your browser.
2. 02On mobile — press and hold the link. A preview of the URL appears.
3. 03Use virustotal.com — paste any suspicious URL and it will scan it against dozens of security databases.
4. 04When in doubt — go directly to the website by typing it in your browser instead of clicking the link.

If You Think You've Been Phished

1. 01Change your password immediately on the affected account — from a different device if possible.
2. 02Enable two-factor authentication (2FA) on the account.
3. 03Check for unauthorized activity — logins, purchases, sent emails.
4. 04If financial information was entered, contact your bank or card issuer immediately.
5. 05Run a malware scan on the device you used.

Router Security Basics — The Three Things Most People Skip

Your router is the front door to your entire home network. Every device — your phone, your TV, your kids' tablets — connects through it. Most people set it up once and never touch it again. That's a problem.

The default login credentials for most routers are publicly listed online. Someone on your street with basic knowledge could attempt to log into your router if you haven't changed them.

Step 1 — Change the Default Admin Password

1. 01Open a browser and go to your router's admin page. Common addresses: 192.168.1.1 or 192.168.0.1. You can also find it in your phone's Wi-Fi settings under "Gateway."
2. 02Log in with the default credentials (usually printed on the router label — something like admin/admin or admin/password).
3. 03Find the admin password setting — usually under Administration, Management, or System.
4. 04Set a strong, unique password. Use a password manager to store it.

Step 2 — Update the Firmware

Router manufacturers regularly release firmware updates that patch security vulnerabilities. Most people have never updated theirs.

1. 01In your router's admin panel, look for Firmware Update, Software Update, or Advanced Settings.
2. 02Check for updates and install if available. Some routers do this automatically — enable that if you can.

Step 3 — Set Up a Guest Network

A guest network is a separate Wi-Fi network that's isolated from your main network. Put smart TVs, Alexa devices, and anything a guest might use on the guest network. If one of those devices gets compromised, it can't reach your computers or phones.

1. 01In your router admin panel, look for Guest Network or Guest Wi-Fi under wireless settings.
2. 02Enable it, give it a different name (SSID) than your main network, and set a password.
3. 03Make sure "Access to main network" or "AP isolation" is set so guests can't see your main devices.

Password Managers & Two-Factor Authentication

The number one way accounts get hacked isn't because someone guessed your password — it's because you used the same password somewhere else, and that site got breached. Password managers solve this by generating and storing a unique password for every account.

Why You Need a Password Manager

There have been billions of credentials exposed in data breaches over the past decade. If you've used the same email and password on multiple sites, there's a real chance your login is already circulating on hacker forums. You can check at haveibeenpwned.com.

Bitwarden — Free and Open Source

Bitwarden is the most recommended free password manager in security communities, consistently praised on Reddit's r/privacy and r/netsec. It's open source, independently audited, and the free plan covers everything most people need.

1. 01Go to bitwarden.com and create a free account.
2. 02Install the browser extension and the app on your phone.
3. 03Let it generate a unique password every time you create or update an account. You never need to remember them — Bitwarden does.
4. 04Set a strong master password and store it somewhere safe offline.

Two-Factor Authentication (2FA)

2FA adds a second step to logging in — usually a code from an app on your phone. Even if someone gets your password, they can't log in without your phone.

1. 01Download an authenticator app: Aegis (Android, free, open source) or Raivo OTP (iPhone, free).
2. 02Go to the security settings of any important account — banking, email, social media.
3. 03Find "Two-Factor Authentication" or "2-Step Verification" and enable it.
4. 04Scan the QR code with your authenticator app. Done.

Browser Fingerprinting — The Tracking That Ignores Your Cookie Settings

You cleared your cookies. You turned on private browsing. You blocked third-party trackers. And yet advertisers are still following you around the web. That's browser fingerprinting — and most privacy tools don't touch it.

What Is a Browser Fingerprint?

Every browser reveals a huge amount of information about itself: your screen resolution, installed fonts, browser version, operating system, graphics card, time zone, language settings, and dozens of other data points. Combined, these create a fingerprint that's unique to your device — and it persists even if you delete cookies or use incognito mode.

Sites like coveryourtracks.eff.org (run by the Electronic Frontier Foundation) will show you exactly how unique your browser fingerprint is right now.

What Can You Do About It?

1. 01Use Firefox with uBlock Origin — Firefox has fingerprinting resistance built in. Enable it under Privacy & Security → Enhanced Tracking Protection → Strict.
2. 02Try Brave Browser — Brave randomizes your fingerprint slightly with each website visit, making it much harder to track you across sites. It's based on Chrome so most extensions and sites work identically.
3. 03Avoid installing unnecessary browser extensions — every extension you install makes your fingerprint more unique.
4. 04Keep your browser updated — outdated browsers have more identifiable quirks that stand out in fingerprints.

Data Broker Opt-Outs — Making Them Delete Your Info

There are hundreds of companies you've never heard of that have your name, home address, phone number, relatives' names, and estimated income. They bought this data from public records, retail loyalty programs, and other data brokers. And they sell it to anyone who pays.

This is one of those topics that Reddit's r/privacy threads constantly surface — people are genuinely shocked when they Google their own name and find their address and family members listed on sites like Spokeo, Whitepages, and BeenVerified.

The Big Ones to Opt Out From First

1. 01Spokeo — spokeo.com/optout. Paste your listing URL and submit your email for verification.
2. 02Whitepages — whitepages.com/suppression_requests. Takes about 24 hours to process.
3. 03BeenVerified — beenverified.com/opt-out. Creates an account-free opt-out.
4. 04Intelius — intelius.com/opt-out. Requires a photo ID — use a scanned copy with your SSN and financial info blocked out.
5. 05PeopleFinder — peoplefinders.com/manage. Enter your info and request removal.

The Ongoing Reality

Data brokers re-aggregate your information constantly from public records. Opting out isn't a one-time fix — listings can reappear in 3--6 months. Services like DeleteMe ($129/year) automate the process. For most people, doing the manual opt-outs on the top 10 sites is enough to significantly reduce exposure.

Kids' Online Privacy — What Apps Collect and How to Protect It

Children's apps are one of the most aggressively tracked categories in the app stores. A 2020 study found that over 60% of apps aimed at children shared data with third-party advertisers — often in violation of COPPA, the federal law designed to protect kids under 13.

The FTC has fined companies like Google and TikTok hundreds of millions of dollars for illegally collecting data on children. The problem isn't going away.

What Gets Collected

1. →Device identifiers (used to build a profile that follows the child across apps)
2. →Location data — sometimes precise GPS
3. →Behavioral data — what they tap, how long they play, what they watch
4. →In-app purchase behavior and browsing habits

Simple Steps for Every Parent

1. 01Review app permissions — on iPhone: Settings → Privacy & Security → review each category. On Android: Settings → Apps → Permissions. Revoke location, microphone, and camera for apps that don't need them.
2. 02Enable Screen Time / Digital Wellbeing — iPhone's Screen Time and Android's Digital Wellbeing let you set app limits and content restrictions without a third-party app.
3. 03Use a kids-specific Apple ID or Google account — with Family Sharing or Google Family Link, you approve every app download.
4. 04Put their device on a separate network — a guest network or a dedicated VLAN keeps kids' devices isolated from your computers and phones.

Smart Home Devices Are Watching More Than You Think

That smart TV, the Alexa in the kitchen, the Roomba — they're all constantly phoning home. Not just for updates. For behavioral data, usage patterns, voice snippets, and in some cases video metadata.

What Gets Sent

Smart TVs are among the worst offenders. Vizio was fined $2.2 million by the FTC for collecting viewing data without consent. Most smart TVs use Automatic Content Recognition (ACR) — software that screenshots whatever is on screen every few seconds and sends it back to the manufacturer.

Smart speakers send audio clips back to Amazon and Google for "quality review." Even your robot vacuum maps your home — iRobot explored selling floor plan data to smart home companies before public backlash killed the plan.

Turn Off ACR on Your Smart TV

1. SamsungSettings → Support → Terms & Privacy → Viewing Information Services → Off
2. LGSettings → All Settings → General → LivePlus → Off
3. VizioMenu → System → Reset & Admin → Viewing Data → Off
4. RokuSettings → Privacy → Smart TV Experience → uncheck "Use info from TV inputs"

What Harbor Privacy Blocks

At the DNS level, Harbor Privacy blocks the tracking endpoints these devices use — ACR servers, telemetry endpoints, ad targeting domains. Your Alexa still works. Your TV still streams. The data collection side just gets cut off before it leaves your network.