Frequently Asked Questions

Online privacy refers to your ability to control what personal information you share on the internet and who can access it. This includes everything from your name and email address to your browsing history, location data, and online purchases.

Why does it matter? Without privacy, your personal data can be collected, sold, or exploited by companies, hackers, or government surveillance. Protecting your online privacy helps prevent:

• Identity theft - Criminals using your information to open accounts or make purchases
• Financial fraud - Unauthorized access to your bank or credit card accounts
• Unwanted tracking - Companies building detailed profiles about your habits and interests
• Targeted manipulation - Using your data to influence your behavior or beliefs
• Reputational damage - Private information being exposed publicly

In today's digital world, privacy isn't about having something to hide - it's about having something to protect. Everyone deserves control over their personal information.

Your digital footprint is the trail of data you leave behind when using the internet. This includes active footprints (posts, comments, photos you intentionally share) and passive footprints (data collected without your direct knowledge like browsing history, location tracking, and search queries).

How to reduce your digital footprint:

• Delete old unused accounts - Use services like JustDeleteMe to find deletion links
• Adjust privacy settings on social media to limit who can see your information
• Use privacy-focused search engines like DuckDuckGo or Startpage that don't track you
• Browse in private or incognito mode to prevent local storage of history and cookies
• Use a VPN to hide your IP address and encrypt your traffic
• Regularly clear cookies and cache from your browser
• Opt out of data broker sites like Whitepages, Spokeo, and BeenVerified
• Think before posting - Once something is online, it can be very difficult to remove completely

Our Data Footprint Checker tool can help you analyze your current digital footprint and identify areas for improvement.

Public Wi-Fi networks in coffee shops, airports, and hotels are inherently insecure because anyone on the same network can potentially intercept your traffic. This is called a man-in-the-middle attack.

Essential protection tips:

• Always use a VPN on public Wi-Fi - this encrypts all your traffic
• Avoid accessing sensitive accounts like banking, email, or work systems when possible
• Ensure websites use HTTPS - look for the padlock icon in your browser address bar
• Turn off file sharing and AirDrop on your device
• Forget the network after use so your device doesn't automatically reconnect
• Use your phone's hotspot instead of public Wi-Fi when possible
• Enable your firewall to block unauthorized incoming connections

Remember: Without a VPN, assume everything you do on public Wi-Fi is visible to others on the same network, including passwords, emails, and browsing activity.

AES-256 (Advanced Encryption Standard with 256-bit keys) is military-grade encryption that protects your data by scrambling it into unreadable code. It is the same standard used by the U.S. government to protect Top Secret information, by NATO, by global financial institutions, and by security experts worldwide.

How it works:

• Your data is transformed using complex mathematical algorithms
• A unique encryption key (your password) is required to decrypt it
• The 256-bit refers to the key length - 2^256 possible combinations
• This number is astronomically large: 115 quattuorvigintillion (that is 78 digits)
• Even supercomputers would take billions of years to crack AES-256

Is it really unbreakable? With current technology, yes. Practical quantum computers capable of breaking AES-256 are likely decades away, if ever. For all practical purposes today, AES-256 is unbreakable.

PrivNotepad uses client-side AES-256 encryption - meaning your data is encrypted in your browser before it ever leaves your device. We never see your unencrypted data or your password.

Encryption and hashing serve different purposes in data security. Here is the key difference:

Encryption (Two-way function):

• You can encrypt data with a password
• You can decrypt it back to the original using the same password
• Used for secure communication, file storage, and data transmission
• Example: Hello encrypted to 7b3d8f2a then decrypted back to Hello

Hashing (One-way function):

• Converts data into a fixed-length string called a hash
• Cannot be reversed - impossible to get original data from hash
• Used for password storage, data integrity verification, digital signatures
• Example: Hello hashed to 8b1a9953c5 (cannot go back to Hello)
• Same input always produces the same hash output

Real-world applications: Websites store password hashes, not actual passwords. When you log in, they hash your input and compare hashes. WhatsApp messages are encrypted end-to-end so only sender and receiver can read them.

PrivNotepad offers both encryption tools like Secret Message Lock and hashing tools like Hash Maker and MD5 Generator.

End-to-end encryption ensures that only the sender and intended recipient can read a message. Even the service provider cannot decrypt it. Regular encryption might protect data in transit, but the service provider holds the keys and could theoretically access your data.

Regular encryption (like standard HTTPS): Protects data between your browser and the server. The server can decrypt and read your data. The company could potentially access your information. Examples include standard website logins and most cloud storage.

End-to-end encryption: Data is encrypted on your device before sending. Only the recipient's device can decrypt it. The service provider cannot read the content - even if compelled by law. Examples include Signal, WhatsApp, ProtonMail, and PrivNotepad's Secret Message Lock.

PrivNotepad uses client-side encryption - your data is encrypted in your browser before it ever leaves your device. This is similar to end-to-end encryption principles. We never have access to your unencrypted data or your encryption keys. Only someone with your password can decrypt your messages.

A strong password has four key characteristics: length, complexity, randomness, and uniqueness.

1. Length (most important): At least 12-16 characters minimum. Each additional character exponentially increases security. An 8-character password can be cracked in hours; 16-characters takes billions of years.

2. Complexity: Mix of uppercase and lowercase letters, include numbers, include symbols like !@#$%^&*

3. Randomness: Not dictionary words, not personal information like birthdays or pet names, not common patterns like qwerty or 123456

4. Uniqueness: Never reuse passwords across different sites. Each account needs its own unique password.

Better alternative: Passphrases - Instead of a complex password you cannot remember, use a passphrase of 4-6 random words like "correct-horse-battery-staple" or "coffee-sunset-mountain-banana". These are long, memorable, and highly secure.

Always use our Strong Password Maker to generate unbreakable passwords, and store them in a password manager.

A password manager is a secure vault that stores all your passwords and automatically fills them when you log into websites. You only need to remember one master password to access all your other passwords.

Do you need one? Absolutely yes. Here is why:

• The average person has 70-100 online accounts
• Remembering unique, strong passwords for each is impossible without help
• Most people reuse passwords - this is dangerous because one breach compromises all accounts
• Password managers generate and store truly random, unbreakable passwords

Popular password managers: Bitwarden (free, open-source, highly recommended), 1Password (paid but excellent), Apple Keychain (free for Apple users), KeePass (free, offline, for advanced users), and NordPass (good free tier).

Security concerns? Password managers are actually more secure than not using one. They use strong AES-256 encryption and have been audited by security experts. The risk of a password manager being hacked is far lower than the risk of you reusing weak passwords.

Use our Strong Password Maker to generate passwords for your password manager.

Two-factor authentication (2FA) adds an extra layer of security beyond just a password. After entering your password, you need a second factor to prove it is really you.

The three types of authentication factors: Something you know (password, PIN), something you have (phone, hardware key), and something you are (fingerprint, face scan).

Should you use it? YES - on every account that offers it. Even if your password is stolen, the attacker cannot access your account without the second factor. 2FA blocks 99.9% of automated account takeover attacks.

Types of 2FA from most to least secure: Hardware keys like YubiKey are most secure and phish-proof. Authenticator apps like Google Authenticator or Authy are very secure and free. SMS text messages are better than nothing but vulnerable to SIM swapping. Email codes are less secure because email accounts can be hacked.

Our OTP Code Maker tool can help you generate verification codes if you need test codes.

Use our Password Leak Tester tool or visit HaveIBeenPwned.com to check if your password appears in known data breaches.

How it works privately and securely: Your password is hashed (converted to a unique fingerprint) in your browser. Only the first 5 characters of the hash are sent to the breach database API. The API returns all hash suffixes that match those first 5 characters. Your browser checks locally if your full hash is in the list. Your actual password never leaves your browser.

What to do if your password is leaked: Immediately change that password on all accounts where you used it. Never reuse passwords across different sites. Use our Strong Password Maker to create a unique, unbreakable password. Enable two-factor authentication on all important accounts. Store your new passwords in a password manager.

Important: If you used the same password on multiple sites (which you should not), a breach on one site puts all your accounts at risk. This is why password managers and unique passwords are essential.

Self-destructing messages automatically delete themselves after being read or after a set time. They are perfect for sharing sensitive information like passwords, API keys, or confidential documents.

How PrivNotepad's self-destruct feature works:

• Step 1: Write your message and set an expiration time (1 minute to 7 days) or choose burn after reading for one-time access
• Step 2: Your message is encrypted with AES-256 in your browser
• Step 3: You receive a unique, unguessable link to share
• Step 4: Send the link to your recipient via any method like email, chat, or SMS
• Step 5: When the recipient opens the link, the message is decrypted and displayed
• Step 6: After viewing OR when the timer expires, the encrypted data is permanently deleted

Why use self-destructing messages? No permanent record means sensitive information does not linger in chat history or email. Limited exposure window means even if someone finds the link later, the message is gone. You get peace of mind knowing your secrets do not stay online forever.

Try our One Time Message and Self Destroy Text tools for secure, temporary communication.

Use our IP Leak Test tool to check if your VPN is properly protecting your real IP address. VPNs can leak your real IP in several ways.

Types of VPN leaks our tool detects: DNS leaks where your DNS requests bypass the VPN and go to your ISP's DNS servers. WebRTC leaks where your browser's real-time communication features expose your real IP. IPv6 leaks where your VPN only protects IPv4 traffic but your device uses IPv6.

How to test: Connect to your VPN. Visit our IP Leak Test tool. Run the test - it will show your detected IP addresses. If you see your real IP address (the one from your ISP, not the VPN server), your VPN is leaking.

How to fix leaks: For DNS leaks, change your VPN's DNS settings or use a custom DNS like Cloudflare at 1.1.1.1. For WebRTC leaks, disable WebRTC in your browser or use extensions like WebRTC Leak Prevent. For IPv6 leaks, disable IPv6 on your device or choose a VPN that supports IPv6. Enable your VPN's kill switch feature.

Run the IP Leak Test regularly, especially after changing VPN settings or browsers.

Browser fingerprinting is a tracking method that collects information about your browser and device to create a unique identifier - without using cookies. Unlike cookies, fingerprints cannot be easily deleted.

What information is collected? Screen resolution and color depth. Installed fonts and browser extensions. Timezone, language, and location settings. Operating system and browser version. Hardware information like CPU, GPU, and memory. Canvas and WebGL rendering fingerprints. Audio context fingerprinting. Hundreds of other browser attributes.

How to prevent browser fingerprinting: Use privacy-focused browsers like Firefox with privacy settings, Brave, or Tor Browser. Disable JavaScript when possible using NoScript extension. Use anti-fingerprinting extensions like Privacy Badger, CanvasBlocker, or Chameleon. Regularly change browser settings such as different window sizes and different user agents. Use Tor Browser which makes all users look identical, defeating fingerprinting.

Test your browser's uniqueness with our Browser Fingerprint tool. You will likely see that your browser is highly unique - that is why fingerprinting works so well.

VPN (Virtual Private Network) and Tor (The Onion Router) both protect your privacy but work very differently. Each has different strengths and weaknesses.

VPN: Routes your traffic through an encrypted tunnel to a server operated by the VPN company. Your ISP sees you are using a VPN but not what you are doing. A single company handles your traffic (potential trust issue). It offers faster speeds - good for streaming, gaming, and daily browsing. Works with all websites and apps. Easier to set up and use.

Tor: Routes your traffic through multiple volunteer-operated relays (usually 3). Each layer of encryption is peeled off like an onion (hence the name). No single node knows both the source and destination. Much slower because traffic bounces through multiple countries. Some websites block Tor traffic. Provides stronger anonymity against sophisticated adversaries.

Which should you use? Use a VPN for everyday privacy, bypassing geo-restrictions, torrenting, and protecting public Wi-Fi. Use Tor for high-stakes anonymity, whistleblowing, accessing the dark web, and avoiding state surveillance. Advanced users sometimes use both: VPN first, then Tor for maximum anonymity.

Our VPN Detector and DNS Leak Test tools can help you verify your VPN is working correctly.

A DNS leak occurs when your DNS queries bypass your VPN and go to your ISP's DNS servers instead. This exposes which websites you are visiting, even if your VPN is supposedly protecting you.

Why DNS leaks are dangerous: Your ISP can see every website you visit (even if your traffic is encrypted). This defeats the purpose of using a VPN for privacy. Your browsing history is exposed to your ISP, government, and anyone who can access ISP logs. Even if your IP is hidden, DNS leaks reveal your activity.

How DNS leaks happen: VPN misconfiguration - not routing DNS through the VPN tunnel. IPv6 leaks - VPN only protects IPv4 but your device uses IPv6 for DNS. Transparent DNS proxies - some networks force DNS through their servers. VPN kill switch failure - VPN disconnects but DNS continues using ISP.

How to test for DNS leaks: Connect to your VPN. Use our DNS Leak Test tool. The tool shows which DNS servers are handling your queries. If you see your ISP's DNS servers (not your VPN's), you have a leak.

How to fix DNS leaks: Enable your VPN's DNS leak protection feature. Use a custom DNS like Cloudflare at 1.1.1.1 or Quad9 at 9.9.9.9. Disable IPv6 on your device. Switch to a VPN provider that has better DNS handling.