liminfoPrivacy Checklist
Free web tool: Privacy Checklist
Social Media Security
0/6Device Security
0/6Account Security
0/6Browser/Internet
0/6About Privacy Checklist
The Privacy Checklist is a personal online privacy self-assessment tool with 24 actionable items organized into four practical categories: Social Media Security (6 items), Device Security (6 items), Account Security (6 items), and Browser/Internet (6 items). Each item is a concrete, binary check — either you have done it or you have not — making it easy to identify your privacy gaps without needing specialized security knowledge.
Privacy-conscious individuals, IT professionals setting up devices for family members, and anyone who has recently experienced a privacy incident use this checklist to systematically harden their digital life. The four categories address the most common attack surfaces in everyday digital use: oversharing on social platforms, unpatched devices and weak lock screens, password reuse and missing two-factor authentication, and browser-based tracking and phishing susceptibility.
When all 24 items are checked, the tool displays a completion message confirming an excellent privacy protection level. Each item is independently actionable — you can work through the categories in any order and return at any time to continue. Because the tool runs entirely in your browser with no account required and no server storage, your self-assessment remains completely private.
Key Features
- Social Media Security: 2FA setup, profile visibility restriction, location tag disable, unused account deactivation, third-party app review
- Device Security: screen lock, OS/app updates, VPN on public Wi-Fi, Bluetooth hygiene, remote lock/wipe setup, regular backups
- Account Security: unique passwords per account, password manager use, 12+ character passwords, email 2FA, breach monitoring, recovery info currency
- Browser/Internet: ad/tracker blocker installation, regular cookie clearing, HTTPS-only browsing, phishing recognition, search personalization review
- Per-category item counters showing progress within each privacy domain
- Overall progress bar with 100% completion celebration message
- Strikethrough styling on completed items for immediate visual clarity
- 100% browser-based with no account required and no server storage — the self-assessment itself is private
Frequently Asked Questions
Why is enabling 2FA on social media the first item?
Social media accounts are high-value targets because they contain personal history, connections, and are often used as identity verification elsewhere ("Sign in with Google/Facebook"). A compromised social account can cascade into other account takeovers. Two-factor authentication (2FA) prevents account hijacking even if your password is stolen in a breach.
What is the risk of leaving location tags enabled on social media?
Automatic location tagging reveals your real-time or habitual location patterns. This creates risks including: burglars can identify when you are away from home, stalkers can track your movements, and building a profile of your daily routine for targeted social engineering attacks. Disabling automatic location tagging eliminates this passive data leakage.
Why use a VPN only on public Wi-Fi, not always?
Public Wi-Fi networks (cafes, airports, hotels) are unencrypted and allow anyone on the same network to potentially intercept traffic using a MITM (man-in-the-middle) attack. A VPN encrypts your traffic between your device and the VPN server, preventing local eavesdropping. On your home network (which you control), a VPN is less critical for local security, though some users use one persistently for ISP-level privacy.
What is a password manager and why is it important?
A password manager is software that generates, stores, and autofills strong unique passwords for every account. Without a password manager, most people reuse passwords across sites — meaning a single breach at a low-value site gives attackers credentials they can reuse ("credential stuffing") at banks, email, and other high-value accounts. A password manager makes unique passwords per site practical at scale.
What does "breach monitoring" mean in the Account Security section?
Breach monitoring means regularly checking whether your email addresses or passwords appear in known data breach databases — using services like Have I Been Pwned (haveibeenpwned.com). When a service you use suffers a data breach, your credentials may be exposed. Breach monitoring lets you change affected passwords before attackers can use them for account takeover.
What is a tracking blocker and how is it different from an ad blocker?
Ad blockers primarily block advertisements from loading. Tracking blockers specifically target the invisible tracking scripts, pixels, and cookies that advertisers and data brokers use to follow you across websites — building a profile of your browsing behavior even when you are not interacting with ads. Tools like uBlock Origin and Privacy Badger combine both functions. Installing one significantly reduces your cross-site tracking exposure.
How do I know if a site is HTTPS and why does it matter?
HTTPS sites show a padlock icon in your browser address bar and their URL starts with "https://". HTTP sites transmit data unencrypted, meaning anyone on your network can read the content including any data you submit (login credentials, form inputs). HTTPS encrypts the connection between your browser and the server. Modern browsers mark HTTP sites as "Not secure" as a warning.
How do I recognize a phishing email or link?
Key signals include: sender email address does not match the claimed company domain (e.g., "support@app1e.com" vs. "apple.com"), urgent language pressuring immediate action, links that show a different URL when you hover over them, requests for credentials or payment outside of the legitimate app, generic greetings like "Dear customer" from a service that should know your name, and unexpected attachments.