Set Up Anonymous Browsing the Right Way: A Full Technical Walkthrough of Browsers, VPNs, and Tor

By this point in the series, you've audited your exposure (Part 1) and started removing yourself from data broker sites (Part 2). This part is about closing the tap — making sure your everyday browsing stops generating fresh information for those same systems to collect.

Most articles on this topic say "use a VPN" and consider the job done. That's not just incomplete — it can actually leave you with a false sense of security. Here is the complete setup, broken into specific technical layers, with an honest explanation of what each one does and does not protect against.

Layer 1: Choose and configure your browser

The browser is your foundation, and the choice matters more than people assume. Firefox and Brave are both strong starting points — they're built around limiting tracking by default, rather than treating your browsing activity as a product to be measured and sold. Avoid browsers made by companies whose primary revenue comes from advertising or data collection; their core incentives don't align with keeping your activity private, no matter what their settings menu claims.

Once you've picked a browser, go into its settings and configure the following:

1. Set tracking protection to "Strict" mode (Firefox) or enable "Aggressive" shield settings (Brave). This is usually a single toggle, and it meaningfully reduces the number of trackers that load on every page you visit.

2. Disable third-party cookies entirely. These are small files that let advertisers and analytics networks recognize you as you move from site to site, building a behavioral profile over time. Turning this off removes a large share of cross-site tracking immediately, with essentially no impact on how normal websites function.

3. Turn off "predictive" features, such as search suggestions that send your keystrokes to your search engine before you've finished typing, and link pre-loading that opens pages in the background based on guesses about where you'll click next. Both quietly transmit your activity to third parties.

4. Clear cookies and site data automatically when you close the browser. Most browsers have a setting to do this on exit, which prevents long-term tracking identifiers from accumulating across sessions.

5. Use separate browser profiles for separate contexts — for example, one profile for work accounts and one for personal browsing. This is a built-in feature in most major browsers, and it acts as a simple wall that keeps cookies, logins, and history from one part of your life from blending into another.

Layer 2: Add a dedicated tracker-blocking extension

Browser settings alone won't catch everything. Install a reputable tracker-blocking extension such as uBlock Origin. Once installed:

1. Switch its filter lists to include privacy-focused tracker lists, not just ad-blocking lists — most tracker blockers let you enable additional lists in their settings, and the privacy-oriented ones specifically target tracking scripts rather than just visual ads.

2. Check its activity panel occasionally after visiting a major website. You'll often see dozens of blocked tracking attempts on a single page load — this is a good way to actually see, in real time, just how much invisible tracking a normal browsing session involves.

Layer 3: Change your DNS settings

This is the layer most privacy guides skip entirely, and it's genuinely technical — but not difficult to set up. Every time you visit a website, your device performs a "DNS lookup" to translate the site's name into an address it can connect to. By default, this lookup often passes through your internet provider in plain, unencrypted form — meaning your provider can see a list of every website you visit, even if the site itself is encrypted.

To close this gap:

1. Switch to a DNS provider that supports encrypted lookups (commonly labeled "DNS over HTTPS" or "DNS over TLS") and that publishes a clear policy of not logging your queries. Several privacy-focused DNS providers (ex. Adguard, Quad9, and Cloudflare) offer this as a free service.

2. Configure it at the device or browser level — most modern browsers and operating systems have a setting specifically for entering a custom encrypted DNS provider; search your browser or device settings for "DNS over HTTPS" to find it.

3. Test that it's working by searching for "DNS leak test" and running one of the available tools — it will show you which DNS provider your connection is actually using, confirming whether the change took effect.

This single change closes a tracking channel that almost nobody thinks to check, because it happens completely invisibly in the background of every single page you load.

Layer 4: Switch to a private search engine

Mainstream search engines build a long-term profile from every search you make, often linking it to your account, your location, and your browsing habits. Search engines such as Brave Search or Startpage are built specifically not to do this — they don't store your search history or build an advertising profile from it.

Set one of these as your default search engine in your browser's settings (this is usually a dropdown menu under "Search" in the settings panel). It's a two-minute change that quietly removes one of the largest and most continuous sources of behavioral tracking from your daily routine.

Layer 5: Use a VPN — and understand precisely what it changes

A VPN encrypts the connection between your device and a server operated by the VPN provider, then sends your traffic onward from there. This accomplishes two specific things: it prevents the network you're connected to (a cafe's Wi-Fi, an airport hotspot, a hotel router) from seeing what you're doing, and it prevents your internet provider from building a record of every site you visit.

What it does not do is make you anonymous to the websites and services you log into. The moment you sign into your email or social media account through a VPN, that service knows exactly who you are — your login did that, not your connection.

To set one up properly:

1. Choose a provider that has published the results of an independent security audit, and that clearly states — and has had verified — that it does not keep logs of your activity.

2. Install its app on every device you use regularly, and enable any "kill switch" feature it offers — this blocks all internet traffic if the VPN connection drops unexpectedly, so you're never accidentally exposed mid-session.

3. Set it to connect automatically when you join an unfamiliar Wi-Fi network — most VPN apps have this as a configurable option under network or connection settings.

Use it by default whenever you're on a network you don't fully control — which, realistically, includes most networks outside your own home.

Layer 6: Know exactly when Tor is the right tool

Tor Browser routes your traffic through several independent relays operated by volunteers around the world, layering encryption so that no single relay can see both who you are and what you're requesting. This is a genuinely strong form of anonymity — but it's designed for situations where that level of separation actually matters: investigative research into sensitive subjects, communicating in circumstances where being identified could create real risk, or any activity where the connection between your identity and your actions must remain fully separated.

For everyday browsing, Tor is noticeably slower, and in some contexts, using it can actually draw more attention rather than less — simply because it's a far less common way to browse than a regular connection. Keep it installed and available for the specific situations that call for it, rather than making it your daily driver.

Putting all six layers together

Here's what a fully configured setup looks like in practice:

1. Privacy-respecting browser, hardened with strict tracking protection and third-party cookies disabled

2. Dedicated tracker-blocking extension with privacy filter lists enabled

3. Encrypted DNS configured at the device or browser level, and verified with a leak test

4. Private search engine set as the default

5. Audited, no-log VPN installed on every device, with kill switch enabled and set to auto-connect on unfamiliar networks

6. Tor Browser kept installed separately, reserved specifically for situations that genuinely call for it

Configuring all of this from scratch takes roughly an hour. From that point forward, it runs quietly in the background every time you go online — and it closes off most of the everyday tracking channels that, until now, have been working without your awareness.

Coming up in Part 4

Private browsing stops you from generating new exposure. But the accounts you already have can still be linked together — and that's often exactly how someone assembles a complete picture of a person from a handful of small, seemingly unconnected details. In Part 4, we'll go through, step by step, how to separate your different identities so that no single leak can expose everything else connected to it.