Naomi Best Practices

📧 Email Hygiene

Use a unique email address for every service, merchant, and interaction. Your personal email address is a powerful linking identifier — every company you give it to can potentially share or sell it, and data brokers use it to stitch your activities together into a detailed profile. The fix is to never reuse the same address twice.

Email aliases (e.g. SimpleLogin) — Generate a unique forwarding address on the fly for each signup or purchase. If one address starts receiving spam, you know exactly who sold it, and you can disable it without touching your real inbox. Naomi personally uses an alias for every online purchase.

Catch-all addresses on a custom domain — If you own a domain, configure it so that any address @yourdomain.com lands in one inbox. You can hand out unique addresses (e.g. amazon@yourdomain.com, netflix@yourdomain.com) without pre-creating them. This also means you can migrate email providers without losing your addresses.

Custom domain email — Owning your own domain decouples your identity from any single provider. If you ever need to switch from ProtonMail to another service, your address stays the same. It's the email equivalent of owning rather than renting.

Key principle: break the chain before it forms. A new email address alone won't help if you keep the same phone number and credit card tied to your accounts — change multiple identifiers at once for maximum effect.

📞 Phone Numbers & Compartmentalization

Stop giving out your real cell number. Your cell number is more valuable to advertisers, data brokers, and criminals than your credit card number or Social Security Number — because you keep it for decades and hand it to everyone. It becomes a permanent unique identifier that links your medical records, shopping history, social media, and government accounts into one profile.

Use VoIP numbers instead. Services like MySudo (US) or Cloaked let you generate multiple virtual phone numbers. Assign a different number to different areas of your life — one for shopping, one for healthcare, one for work, one for social signups. If any one number is compromised or starts getting spam calls, you close it without disrupting anything else.

Silo your SIM onto a separate device. Naomi does not keep a SIM card in her main phone. Instead she uses a mobile hotspot as a separate SIM-carrying device, keeping her main phone internet-only. This separates your cellular identity (which is tied to your real name via your carrier) from your app activity and online behavior.

Use prepaid SIM cards for situations where a real cell number is unavoidable and you don't want your personal number attached. Pay with cash where possible.

Compartmentalize your digital identities. The goal is to ensure that a breach, leak, or data sale in one area of your life doesn't expose everything else. Using different numbers, emails, and usernames per context is the core of this approach — Naomi refers to it as building "different proxy identities for different areas of your life."

🛒 Private Online Shopping

Apply minimum disclosure at every checkout. Most online checkout forms ask for far more personal information than the transaction actually requires. Naomi's principle: provide the minimum necessary to complete the purchase, and use privacy tools to avoid linking the purchase back to your real identity.

Use a Private Mailbox (PMB) as your shipping address. A PMB is rented from a Commercial Mail Receiving Agency (CMRA) like The UPS Store. Unlike a PO Box, it provides a real street address that all carriers can deliver to. You can set it up under an alternate recipient name, so your home address and real name are never attached to your purchases.

Use a masked virtual card for billing. Services like Privacy.com generate single-use or merchant-locked card numbers linked to your real bank account. The virtual card carries no real name or address. At checkout, if a billing name and address are required, you can enter anything — the card will still process.

Use an email alias just for that purchase. Create a SimpleLogin alias specifically for the merchant, then disable or delete it once the order is complete. This prevents the merchant from emailing you, selling your address, or linking the purchase to other accounts.

Use a VoIP number at checkout. When a phone number is required, use a virtual number from Cloaked or MySudo rather than your real cell. You can close the number after the purchase is complete.

💳 Financial Privacy

Understand how much your card reveals. Each credit or debit card transaction is shared with your bank, the card network, the merchant, the point-of-sale system, the retailer's bank, and any financial apps you use — and all of those entities share it further. The result is a detailed, timestamped record of everywhere you go and everything you buy.

Use cash for in-person purchases wherever practical. Cash is the most private payment method available — it leaves no digital record and requires no identification.

Use masked virtual cards for online purchases. Privacy.com cards can be set to work only with a specific merchant, capped at a specific spending limit, or generated as single-use. This prevents merchants from charging you again, and prevents your real card details from being exposed in a data breach.

Consider cryptocurrency for donations and sensitive purchases. Traditional payment methods make it risky to support certain causes — your bank and the card network can see exactly who you donated to. Privacy-preserving cryptocurrencies can make these transactions more private. Naomi covers this specifically in her financial privacy video.

📍 Location Privacy

Understand all the ways your phone leaks location. Most people think of GPS as the main tracking method, but your phone also reveals location through cell tower triangulation (even without GPS), WiFi scanning (your device broadcasts its MAC address and logs nearby networks), and Bluetooth beacons. These methods work even when you think location is "off."

Use Airplane Mode when you need real signal silence. Airplane Mode is the most effective way to stop cellular and WiFi tracking simultaneously. Note that on some devices, GPS can still function in Airplane Mode — Naomi covers this nuance in her location tracking video.

Turn off WiFi and Bluetooth when not actively using them. This is one of Naomi's most repeated tips across her videos. When WiFi is on, your phone scans for networks and logs their locations even if you don't connect. Bluetooth beacons in shops and airports can silently track your movement.

Disable Location Services for apps that don't need them. Go through your app permissions and revoke location access from any app that doesn't have a clear, immediate need for it. Most apps that request location do so for data collection rather than functionality.

Use a Faraday bag for complete radio silence. A Faraday bag blocks all wireless signals — GPS, cellular, Bluetooth, NFC, and WiFi. Naomi recommends them for travel, sensitive meetings, or any situation where you want to be certain your device cannot be tracked or remotely accessed.

Name your WiFi network with a privacy opt-out tag. Appending _nomap or _optout to your home WiFi network's SSID signals to Google and Microsoft's location databases that your network should not be used to locate devices. It's a small step but reduces how your home network contributes to location tracking of others.

🚗 Car Privacy

Your car is not a private space. Modern connected cars collect and transmit location data, driving behavior, voice recordings, and in some cases video footage. Some manufacturers explicitly include data collection on sexual activity in their terms of service. This data is shared with third parties and often sold.

Don't connect your phone to your car. When you plug in or pair via Bluetooth, your car ingests your contacts, messages, call history, and photos — and shares that data with third parties via manufacturer apps. The phone also receives data from the car in return. Naomi recommends treating your car's infotainment system as untrusted.

Disconnect WiFi and Bluetooth in your car so it doesn't automatically connect to networks or devices without your knowledge.

Be cautious with remote access features. Emergency response and remote start services require your car to be trackable at all times. Understand the privacy tradeoff before opting in — these services share location data continuously and are not end-to-end encrypted, meaning anything accessible remotely (cameras, microphones, maps) can also be accessed by the companies providing the service.

Check your car's data collection at vehicleprivacyreport.com. This site shows what data your specific make and model collects, and helps you opt out of some collection where that option exists.

Choose dealerships that are transparent about data collection. Research by Privacy4Cars found that fewer than one in twenty dealerships proactively inform customers about data collection. Seek out dealerships that disclose this and respect your right to privacy.

📱 Phone & Device Practices

Install GrapheneOS on a Pixel device. This is Naomi's most significant phone privacy recommendation. GrapheneOS is a hardened Android operating system that removes Google's tracking infrastructure, sandboxes apps more aggressively, and gives you granular control over what each app can access. She recommends installing it yourself to guarantee the integrity of the installation.

Reboot your devices regularly. Most people leave their phones running for weeks or months. Rebooting clears memory-resident trackers, resets certain attack vectors (particularly those that require persistent access), and resolves accumulated software issues. Naomi covers this as a simple, overlooked privacy and security habit.

Keep your phone in Airplane Mode by default and only enable connectivity when you need it — particularly in unfamiliar locations or when you don't want your movement logged.

Cover your camera at all times with a physical webcam cover. Software-based camera indicators can be bypassed; a physical cover cannot.

Use a USB data blocker whenever charging from an unknown port. Public USB ports at airports, hotels, and cafes can transfer data as well as power — a data blocker passes only the power pins.

Use a wired ethernet connection instead of WiFi where possible, via a USB-C to ethernet adapter. This eliminates WiFi-based location tracking and reduces your wireless attack surface entirely.

Choose private keyboard apps. Your keyboard has access to everything you type — passwords, messages, credit card numbers, search queries. Naomi warns that many popular third-party keyboards quietly transmit keystrokes. On GrapheneOS, she recommends open-source options like Aegis, OpenBoard, or FlorisBoard that have no network permissions.

🌐 Browsing & Network Habits

Switch your browser and make a secondary search engine your homepage. Chrome and Google Search are the two most significant everyday data collection points for most people. Switching to Brave (browser) and Brave Search or Startpage is one of the highest-impact, lowest-effort changes you can make.

Keep a VPN running at all times. A VPN masks your IP address from every website you visit, preventing sites and data brokers from easily building a location and identity profile. Naomi keeps one running permanently. However, she stresses that VPN selection matters enormously — much of the industry is made up of scam apps. Only use audited, reputable providers like Mullvad or ProtonVPN.

Set up DNS blocklists on your home network. DNS-level blocking (via pfSense or a Pi-hole setup) stops tracker and ad requests before they leave your network entirely — more effective than browser-based blocking alone, and it protects every device on your network including smart TVs and IoT devices.

Encrypt your DNS. Your ISP can see every domain name you look up even if the page content is encrypted. Switching to an encrypted DNS resolver like Quad9, and enabling DNS-over-HTTPS or DNS-over-TLS, prevents this passive surveillance of your browsing habits.

Watch YouTube through private front-ends. Naomi recommends Invidious or NewPipe as privacy-respecting ways to watch YouTube content without Google tracking your viewing habits, building an ad profile, or requiring a login.

Be extremely selective about browser extensions. Extensions can read everything on every page you visit. Naomi's video on browser extensions warns that many legitimate-looking extensions are data collectors or outright malicious — and that checking permissions alone is not enough to assess safety. Use as few extensions as possible.

🔒 Account & Identity Security

Never reuse usernames, emails, or phone numbers across services. Each shared identifier is a data point that brokers use to link your accounts into a unified profile. Using unique credentials per service means a breach at one company cannot be cross-referenced to expose your activity elsewhere.

Use a password manager and generate unique passwords for every account. Reused passwords are one of the most common causes of account takeover. A password manager generates and stores unique, random passwords so you never have to reuse or remember them.

Enable 2FA on every account — but use an authenticator app, not SMS. SMS-based 2FA is vulnerable to SIM-swapping attacks, where an attacker convinces your carrier to transfer your number to their device. An offline authenticator app (like Aegis) generates codes locally and cannot be intercepted over the network.

Be proactive, not reactive. Once a data profile is built on you, you cannot undo it. The time to implement privacy measures is before your data is collected — not after a breach. Naomi emphasizes that privacy is something you protect in advance, not something you recover after the fact.

Regularly audit your app permissions. Periodically go through the apps on your phone and review what each one can access — location, microphone, camera, contacts, photos. Revoke anything that doesn't have a clear, ongoing need. Many apps accumulate permissions over time that they no longer use for their stated function.

🏠 Physical & In-Person Privacy

Decline to provide personal information when businesses ask unnecessarily. Shops, pharmacies, and websites routinely ask for your name, phone number, email, and address when none of it is required for the transaction. You are generally not obligated to provide this. Naomi's video "They Asked For My Name. I Said No." walks through exactly how to handle these situations.

Use a Private Mailbox (PMB) instead of your home address. For any delivery, subscription, or registration where you don't want your home address on record, use a PMB at a CMRA like The UPS Store. You can list an alternate recipient name, and all major carriers can deliver there — unlike a PO Box.

Use a privacy screen on your phone and laptop in public. Shoulder surfing is a real and underestimated threat. Thieves watch people enter their phone PINs — via CCTV or in person — and then steal the device to drain banking apps. A privacy screen prevents anyone beside or behind you from seeing your display.

Be aware of Automatic License Plate Readers (ALPRs). These cameras are mounted on street corners, utility poles, police cars, and even garbage trucks. They scan and log every license plate they see, feeding into cloud databases that record your vehicle's location over time. Naomi covers this in depth in her FLOCK video — the data is retained for months or years and is accessible to law enforcement and private parties.

Normalize privacy tools in your daily life. The more people use privacy-preserving practices and tools, the less suspicious they appear — and the stronger the overall privacy ecosystem becomes for everyone, including the most vulnerable members of society. Every choice you make either funds companies that protect people or companies that normalize surveillance.