// What this guide covers
The Ghost Protocol removes your past exposure. This guide builds a privacy-first technical foundation so new exposure stops accumulating. Each module is independent — deploy them in any order, skip ones that don't apply to your threat model. All tools listed have free tiers that cover everything described.
Your primary email address is the single most exposed identifier you have. Every site that gets breached, every form you fill out, every forum you sign up for — they all collect it. The fix: stop giving out your real address entirely. Use aliases that forward to it instead.
Recommended Tools
How to Deploy
-
01
Create your SimpleLogin account using your real email
This is the only place your real address is stored. Use a strong unique password and enable 2FA immediately after signup.
-
02
Install the browser extension (Chrome, Firefox, Safari)
The extension adds a one-click alias generator to any email field in your browser. You never have to think about it — just click when signing up anywhere.
-
03
Create a naming convention for your aliases
Example system: site-name@youralias.simplelogin.com — so you always know which site leaked your address when spam arrives.
-
04
Update your highest-risk accounts to use aliases
Start with: shopping sites, forums, newsletters, apps you rarely use. Do not alias: banking, government accounts, or critical services that need to reach you reliably.
⚠ IMPORTANT
Never use an alias for your primary bank, IRS, or healthcare accounts. Aliases are for reducing exposure on low-trust services — not for accounts where delivery failure has real consequences.
Password reuse is the single most exploited attack vector in credential theft. The solution isn't memorizing more passwords — it's using a password manager to generate and store a unique 20+ character password for every single account. You only need to remember one master password.
Password Rules (Non-Negotiable)
-
R1
Minimum 20 characters, randomly generated
Use Bitwarden's built-in generator. Never create passwords yourself — human-generated passwords have predictable patterns that cracking tools exploit.
-
R2
Every account gets a unique password. No exceptions.
Even slight variations (adding a number, changing a symbol) are defeated by modern credential stuffing tools that test thousands of variations automatically.
-
R3
Master password must be a passphrase, not a password
Use 5–6 random unrelated words: maple-frog-circuit-window-88. Long and memorable. Never write it down digitally.
-
R4
Enable emergency access and backup your vault
Export an encrypted backup of your Bitwarden vault quarterly. Store it on an encrypted USB drive or encrypted local folder. Losing vault access = losing all accounts.
2FA stops 99% of automated account takeover attacks. But not all 2FA is equal — SMS-based 2FA can be defeated by SIM-swap attacks in under 10 minutes. Authenticator app-based 2FA cannot. Here's how to upgrade your entire account stack.
| 2FA Method |
SIM-Swap Proof |
Phishing Resistant |
Works Offline |
Verdict |
| SMS / Text Code |
✗ |
✗ |
✗ |
Avoid |
| Email OTP |
✗ |
✗ |
✗ |
Avoid |
| Authenticator App (TOTP) |
✓ |
~ |
✓ |
Use This |
| Hardware Key (YubiKey) |
✓ |
✓ |
✓ |
Gold Standard |
Account Priority Order for 2FA Upgrade
1
Primary email account
Your email is the recovery key for every other account. If it falls, everything falls. Enable authenticator 2FA here first.
2
Banking and financial accounts
Every bank, brokerage, PayPal, Venmo, Cash App. If SMS is the only 2FA option, consider calling your bank to ask about adding a security PIN to prevent SIM-swap.
3
Password manager (Bitwarden)
Enable 2FA on your Bitwarden account immediately. This protects the master vault containing all other credentials.
4
Social media and Google/Apple accounts
These accounts are commonly targeted for account takeover and used to impersonate you or access linked apps.
5
Everything else
Enable on any remaining accounts that support it. Takes 2 minutes per account — work through your Bitwarden vault alphabetically.
Your browser leaks your identity constantly — through fingerprinting, trackers, cookies, and search history. You don't need to switch browsers entirely. These configuration changes reduce 80% of passive tracking with zero impact on your browsing experience.
Essential Extensions (Free)
🛡
uBlock Origin
Best ad and tracker blocker available. Blocks fingerprinting scripts, malicious ads, and data collection networks. Install this before anything else.
Free · Essential
🍪
Cookie AutoDelete
Automatically deletes cookies from sites you're no longer visiting. Prevents cross-site tracking via cookie accumulation.
Free · Recommended
🔒
HTTPS Everywhere / Smart HTTPS
Forces encrypted HTTPS connections on sites that support it. Prevents network-level snooping on your browsing.
Free · Quick Win
🔍
DuckDuckGo (Default Search)
Switch your default search engine. DDG doesn't build a profile on your searches. Settings → Search Engine → DuckDuckGo.
Free · 2 Minutes
Firefox Privacy Settings (Copy These Exactly)
-
01
Type about:config in Firefox address bar → accept the risk
Set privacy.resistFingerprinting → true. This randomizes browser fingerprint data to prevent sites from identifying you across sessions.
-
02
Settings → Privacy & Security → Enhanced Tracking Protection
Set to Strict. Enable "Delete cookies and site data when Firefox is closed." Enable DNS over HTTPS using Cloudflare or NextDNS.
-
03
Disable telemetry data collection
Settings → Privacy & Security → Firefox Data Collection → uncheck all boxes. This stops Firefox from sending your usage data to Mozilla.
Your phone is the most personal data collection device you own. Every app requests permissions it doesn't need. Location data, contacts, microphone access, and advertising IDs are harvested constantly. These settings disable the worst offenders without breaking your phone.
A VPN hides your browsing from your ISP and masks your IP address from websites — but it does NOT make you anonymous. It shifts trust from your ISP to your VPN provider. The free tier of Proton VPN is the only free VPN worth using.
⚠ AVOID FREE VPNs
Most free VPN providers sell your browsing data to ad networks — which is the exact privacy violation you're trying to prevent. The only exception: Proton VPN's free tier, which has a verified no-logs policy and is backed by a Swiss privacy law non-profit.
When to Use a VPN
-
✓
Always use on public WiFi (cafes, airports, hotels)
Public networks are trivial to monitor. VPN encrypts your traffic so other users on the network can't intercept your data.
-
✓
When researching sensitive topics
Health conditions, legal matters, financial research — your ISP logs every domain you visit. VPN prevents this logging.
-
✗
Don't rely on VPN alone for anonymity
If you're logged into Google while using a VPN, Google still knows who you are. VPN hides your IP — it doesn't hide your identity from sites you log into.
Every major AI platform is training on user data by default. Most have opt-out mechanisms buried 4–6 settings deep. This module gives you the exact path for each platform. Do this before anything else — these opt-outs do not retroactively remove data already used in training, but they stop future collection.
| PLATFORM |
OPT-OUT PATH |
WHAT IT STOPS |
DIFFICULTY |
| ChatGPT / OpenAI |
Settings → Data Controls → Disable "Improve the model for everyone" |
Your chats used in model training |
EASY |
| Google / Gemini |
myaccount.google.com → Data & Privacy → Web & App Activity → Manage → Auto-delete (3 months max) |
Search + AI assistant history used in training |
MEDIUM |
| Meta AI |
facebook.com/privacy/policy/ → Generative AI → Use of info for AI → Submit objection form |
Posts, likes, messages used to train Meta AI |
HARD |
| Microsoft Copilot |
account.microsoft.com → Privacy → Activity history → Clear + disable "Send optional diagnostic data" |
Copilot prompts, Office usage fed to training |
MEDIUM |
| Apple Intelligence |
Settings → Privacy & Security → Analytics → Disable "Share iPhone Analytics" and "Improve Siri" |
Siri requests, on-device AI learning |
EASY |
| Amazon Alexa |
Alexa app → More → Settings → Alexa Privacy → Manage Your Alexa Data → Auto-delete recordings (3 months) |
Voice recordings used in speech model training |
EASY |
| LinkedIn AI |
Settings → Data Privacy → Data for Generative AI Improvement → Off |
Profile, posts, messages used in LinkedIn AI |
EASY |
| X / Twitter AI |
Settings → Privacy and Safety → Grok → Allow your posts to train Grok → Off |
Tweets, DMs, interactions used to train Grok |
EASY |
| Adobe Firefly |
account.adobe.com → Privacy & Personal Data → Content Analysis → Disable |
Your content used in Adobe AI training |
EASY |
// PRO TIP
Set a quarterly calendar reminder to re-audit these — platforms silently re-enable AI training after major updates or terms-of-service changes. Takes 15 minutes. Worth it every time.
Every query you send to ChatGPT, Gemini, or Copilot is logged, analyzed, and potentially used for training. Local LLMs run 100% on your hardware — no internet connection required, no data sent anywhere. Ollama makes this zero-config on Mac, Windows, and Linux.
// STEP 1 — INSTALL OLLAMA
01
Download Ollama
Visit
ollama.com → click Download for your OS (Mac, Windows, Linux). One-click installer. Runs as a background service.
02
Pull Your First Model
Open Terminal / Command Prompt. Run: ollama pull llama3.2 — downloads Meta's Llama 3.2 (2GB). Zero cloud dependency once downloaded.
03
Chat Locally
Run: ollama run llama3.2 — starts a local chat session in your terminal. Or install Open WebUI for a ChatGPT-style browser interface.
04
Add a Private Browser UI (Optional)
Install
Open WebUI via Docker:
docker run -d -p 3000:8080 ghcr.io/open-webui/open-webui — gives you a full ChatGPT-style interface at localhost:3000, running entirely offline.
// RECOMMENDED MODELS BY USE CASE
ollama pull llama3.2
General purpose. Fast. Best for everyday tasks. 2GB download.
ollama pull mistral
Strong reasoning. Great for writing + analysis. 4GB.
ollama pull phi4-mini
Tiny + fast. Runs on older hardware. 2.5GB.
ollama pull deepseek-r1
Best for code. Comparable to GPT-4 on programming tasks. 7GB.
// MINIMUM HARDWARE
RAM: 8GB minimum, 16GB recommended
Storage: 5–15GB free per model
GPU: Not required — runs on CPU only
// FINAL UPGRADE
Your stack is locked. Now protect your family.
Your partner, kids, and elderly parents are the easiest path around your defenses. The Family Protection Protocol covers AI voice cloning scams, parental digital controls, safe-word protocols, and a full family audit system — in plain language anyone can follow.
Your complete privacy infrastructure when all modules are deployed. Each layer addresses a different exposure vector. Together they form an integrated, zero-cost privacy stack that prevents most passive data collection.
✉️
Email Layer
SimpleLogin aliases shield your real address from all third-party services
SimpleLogin · Free
🔑
Credential Layer
Bitwarden stores unique 20+ char passwords for every single account
Bitwarden · Free
📱
Authentication Layer
Aegis / Raivo TOTP replaces vulnerable SMS 2FA on all critical accounts
Aegis · Free
🌐
Browser Layer
Firefox + uBlock Origin blocks fingerprinting, tracking, and ad networks
Firefox · Free
📲
Device Layer
Permission audits + ad ID reset stop app-level data harvesting
Settings · Free
🔐
Network Layer
Proton VPN encrypts traffic on untrusted networks and masks IP from sites
ProtonVPN · Free
🔍
Exposure Layer
Digital Ghost Protocol removes existing footprint from brokers and search
Ghost Protocol · Done
// Stack Complete
Your Privacy Infrastructure Is Live.
You've removed your past exposure with the Ghost Protocol and built a system that prevents future accumulation. One module remains — protecting your family.
Family Protection Protocol → Available Separately
What is the best private email alternative to Gmail?
The best private email alternatives to Gmail are ProtonMail (end-to-end encrypted, Swiss privacy laws, free tier available), Tutanota (end-to-end encrypted, German jurisdiction), and Fastmail (no ad tracking, paid plans from $3/month). For maximum privacy, use ProtonMail with a custom alias that does not contain your real name and does not link to your existing Gmail account.
How do I run AI locally on my computer without sending data to the cloud?
You can run AI models locally using Ollama (ollama.ai), which installs in minutes on Mac, Windows, or Linux. Ollama supports Llama 3, Mistral, Phi-3, and Gemma models. With 8GB RAM you can run smaller models; 16GB+ enables larger models. All inference happens on your device — no data is sent to any server. The Ghost Stack Setup Guide covers the full Ollama installation and recommended model selection.