Online shopping is more convenient than ever, but it comes with serious privacy risks. Every purchase you make generates a trail of personal data — your name, address, payment details, browsing habits, and purchase history. Data brokers collect and sell this information, advertisers use it to profile you, and cybercriminals are constantly looking for ways to intercept it. Here is how to protect your privacy every time you shop online.
Verify HTTPS and the Padlock Icon
Before entering any personal information or payment details on a website, always check that the URL begins with https:// and that a padlock icon appears in your browser's address bar. HTTPS encrypts the data transmitted between your browser and the website, preventing attackers from intercepting your information through man-in-the-middle attacks.
Be cautious of websites that only use HTTP (without the "s"). While HTTPS alone does not guarantee a site is legitimate, the absence of it is a clear red flag. Also watch for subtle URL misspellings that indicate phishing sites — for example, "amaz0n.com" instead of "amazon.com."
Use Virtual Credit Cards
Virtual credit cards generate temporary, disposable card numbers that are linked to your real account but do not expose your actual card details. If a retailer experiences a data breach, your real card number remains safe.
- Privacy.com: Lets you create single-use or merchant-locked virtual cards for free
- Capital One Eno: Generates virtual card numbers for online purchases
- Apple Pay and Google Pay: Use tokenization to shield your actual card number from merchants
Virtual cards also make it easy to cancel a card tied to a specific merchant if you notice unauthorized charges or want to stop a subscription without affecting your primary payment method.
Shop with Email Aliases
Every time you create an account with an online retailer, you hand over your email address — which then becomes a target for marketing, data sharing, and potential breaches. Email aliases solve this problem by creating unique, forwarding-only addresses for each store.
- Apple Hide My Email: Built into iCloud+ and Safari
- Firefox Relay: Free tier offers five aliases, premium offers unlimited
- SimpleLogin: Open-source option with generous free tier
If one alias starts receiving spam or is compromised in a breach, you simply disable it without affecting your primary inbox. This also makes it easy to identify which retailer sold or leaked your data.
Why Email Aliases Matter
When you use a unique email alias for each retailer, you create a clear audit trail. If you start receiving spam on an alias you only used at one store, you know exactly where the leak occurred. This accountability also discourages retailers from sharing your information carelessly.
Avoid Shopping on Public WiFi
Public WiFi networks at coffee shops, airports, and hotels are notoriously insecure. Attackers can set up fake hotspots or intercept unencrypted traffic to capture your login credentials and payment information. If you must shop while away from home, take these precautions:
- Use a VPN: A virtual private network encrypts all your internet traffic, making it unreadable to anyone on the same network
- Use your mobile data: Your cellular connection is significantly more secure than public WiFi
- Wait until you are on a trusted network: If possible, hold off on purchases until you are home
Use Private Browsing and a Privacy-Focused Browser
Regular browsing sessions accumulate cookies, trackers, and cached data that retailers and advertising networks use to build detailed profiles of your shopping behavior. To limit this tracking:
- Use private or incognito mode: This prevents cookies and browsing history from being stored after you close the window
- Switch to a privacy-focused browser: Browsers like Brave, Firefox, and DuckDuckGo browser block third-party trackers by default and offer additional privacy protections
- Install privacy extensions: uBlock Origin blocks ads and trackers, while Privacy Badger automatically learns to block invisible trackers
Keep in mind that incognito mode does not make you anonymous — your internet service provider and the websites you visit can still see your activity. For stronger privacy, combine private browsing with a VPN.
Enable Passkeys Where Available
Passkeys are replacing passwords as the most secure way to log into online accounts. As of 2026, 48% of the top websites support passkeys, and the number is growing rapidly. Passkeys use cryptographic key pairs stored on your device, which means:
- There is no password for attackers to steal in a data breach
- Passkeys are inherently phishing-resistant — they only work on the legitimate website
- You authenticate with biometrics (fingerprint or face) or a device PIN
Whenever an online retailer offers passkey support, enable it. For accounts that still require passwords, use a password manager to generate and store unique, strong passwords for each site.
Beware of Phishing Deals
Cybercriminals frequently create fake shopping deals that arrive via email, text, or social media ads. These "too good to be true" offers often lead to phishing sites designed to steal your credentials and payment information. Always navigate directly to a retailer's website rather than clicking links in unsolicited messages, and verify deals on the official site before entering any personal information.
Check Privacy Policies Before You Buy
Before making a purchase from a new retailer, take a moment to review their privacy policy. Look for key details:
- What data they collect: Some retailers collect far more than necessary
- Whether they sell or share your data: Many retailers share customer data with third-party advertisers and data brokers
- How long they retain your data: Shorter retention periods reduce your long-term exposure
- How to request data deletion: Reputable retailers provide clear opt-out and deletion processes
Do Not Store Payment Information on Retailer Sites
Many online stores encourage you to save your credit card for faster checkout. While convenient, this means your payment details are stored on their servers — and if they experience a breach, your card information is at risk. Instead, use a password manager to auto-fill payment details, rely on virtual credit cards, or use Apple Pay or Google Pay, which do not share your actual card number with the merchant.
Use a VPN for All Online Shopping
A VPN encrypts your internet traffic and masks your IP address, preventing your internet service provider, advertisers, and potential attackers from monitoring your shopping activity. This is especially important when shopping from locations where your traffic might be monitored. Choose a reputable, no-log VPN provider that has been independently audited.
Protect Your Data Beyond the Checkout
Even if you follow every step above, your purchase history and personal information can still end up in the hands of data brokers. These companies collect data from public records, loyalty programs, retailer partnerships, and other sources — then sell detailed consumer profiles that include your shopping habits, estimated income, and purchasing patterns.
PrivacyOn helps you fight back by removing your personal information from over 100 data broker sites, so your shopping patterns and personal details are not available for anyone to buy. Combined with 24/7 dark web monitoring and family plans covering up to 5 people, PrivacyOn provides a comprehensive layer of protection that goes beyond what you can do at checkout. Plans start at just $8.33 per month.
Online shopping does not have to mean giving up your privacy. By combining the techniques above — HTTPS verification, virtual credit cards, email aliases, passkeys, private browsing, and a VPN — you can shop confidently while keeping your personal and financial data secure.