Privacy and document security

There are roughly 750 registered data brokers in the United States and an estimated 4,000 to 5,000 globally, each maintaining databases of your name, address, phone number, relatives, and often your daily routine, estimated income, and political affiliation. That information is available to anyone willing to pay a few dollars for a search. During a disruption — when you've evacuated, when you've lost your wallet, when someone knows where you keep your food stores — the gap between what strangers know about you and what you know about them becomes a practical security problem. Privacy is not paranoia; it is data hygiene with operational consequences.

This page covers both halves of the problem: digital privacy (what can be found about you online and on your devices) and physical document security (the paper trail that proves who you are and what you own).

Digital privacy

Your data broker footprint

Data brokers aggregate public records, purchase history, app location data, and social media activity. Removing your records is possible but tedious: each broker has its own opt-out process, most require email confirmation, and many re-populate their databases within months from other sources. Researchers estimate the manual process would take 304 hours or more for a thorough removal across all major brokers.

A practical approach divides the problem into tiers:

High-priority brokers: Whitepages, Spokeo, BeenVerified, Intelius, and PeopleFinder are the most commonly searched when someone wants to find a person quickly. Opt out of these first. Each has an opt-out or data removal link, usually buried in the footer.
Aggregator services: Tools like DeleteMe or Optery (paid, budget to moderate investment per year) automate removal requests and re-submit them as brokers repopulate. Useful if you want ongoing suppression rather than a one-time pass.
California residents (as of January 1, 2026): California's DROP (Delete Request and Opt-Out Platform) allows simultaneous deletion requests to all registered in-state brokers from a single submission. Other states are developing similar mechanisms.

Passwords and authentication

A password manager (Bitwarden, 1Password) generates and stores a unique 20-character random password for every account. This eliminates credential stuffing — the attack where a breach at one site gives access to others using the same password. Enable two-factor authentication on every account that offers it; authenticator apps (not SMS) are more resistant to SIM-swapping attacks.

Account recovery is where most password hygiene fails. Recovery phone numbers and email addresses are often older, less-secure accounts or numbers tied to a carrier that has been SIM-swapped before. Review recovery options for your primary email and financial accounts. Use a dedicated email address — one that has never been used for signups — as your recovery address.

Encrypted DNS

Every website you visit requires a DNS lookup — a query from your device to a server asking "what IP address does this domain resolve to?" By default, that query travels in plaintext, visible to your internet service provider and anyone on the same network. Switching to an encrypted DNS resolver costs nothing and takes five minutes.

Cloudflare 1.1.1.1 is the fastest public DNS resolver globally. Set it as your primary DNS in your router settings (primary: 1.1.1.1, secondary: 1.0.0.1) and all devices on your network use it automatically. Cloudflare logs a minimal amount of non-identifying query data and deletes it within 25 hours. Enable DNS-over-HTTPS (DoH) for encrypted transport.

NextDNS offers more configurability — you can enable custom blocklists, see detailed query logs, and set per-device filtering rules. The free tier covers most households; the paid tier (affordable) removes query limits.

DNS encryption prevents ISP-level surveillance and passive network eavesdropping. It does not hide the IP addresses you connect to; a VPN is required for that.

VPN selection

A VPN routes your traffic through a server in another location, hiding your IP address from sites you visit and your browsing destinations from your ISP. The practical use case for preparedness: using public networks (shelter, library, hotel) without exposing traffic to whoever controls that network.

Evaluate VPN providers on these criteria — not marketing claims:

No-logs policy, independently audited: Mullvad, ProtonVPN, and IVPN publish third-party audit reports. "We never log" in a marketing header is not a substitute for a published audit.
Jurisdiction: Providers in 14-Eyes countries (US, UK, Canada, Australia, and others) are subject to data sharing treaties. Mullvad (Sweden) and ProtonVPN (Switzerland) operate under different legal constraints.
Kill switch: Automatically cuts internet access if the VPN connection drops, preventing accidental plaintext exposure.
WireGuard protocol: Faster and cryptographically simpler than older OpenVPN or IKEv2. Most current providers support it.

Free VPN services typically monetize by selling the traffic data you were trying to protect.

Device encryption

Full-disk encryption renders your device's contents unreadable without the password. If a device is lost, stolen, or confiscated, encryption prevents data extraction.

Windows: BitLocker is built into Windows 10/11 Pro and Enterprise. Enable it in Control Panel → System and Security → BitLocker Drive Encryption. Choose to save the recovery key to your Microsoft account or print it — never store it only on the encrypted drive itself.

macOS: FileVault is available on macOS 10.13 and later. Enable it in System Preferences (or System Settings on macOS Ventura and later) → Privacy & Security → FileVault → Turn On. Apple uses AES encryption; the recovery key should be stored in a physically secure location, not only in iCloud.

Mobile: Modern iOS devices (iPhone 5s and later) encrypt by default when a passcode is set. Android full-disk encryption is enabled by default on devices running Android 10 and later with a screen lock enabled.

Browser fingerprinting

DNS and VPN do not address browser fingerprinting — the technique of identifying a specific browser instance based on its unique combination of screen resolution, installed fonts, browser version, time zone, and dozens of other attributes. Even with a VPN, your browser fingerprint may be unique enough to track you across sites.

Mitigations: Firefox with the uBlock Origin and Privacy Badger extensions substantially reduces fingerprint exposure. The Brave browser enables fingerprint randomization by default. The Tor Browser provides the strongest fingerprint protection at the cost of speed. For sensitive research or planning, use a separate browser profile or a dedicated device used for nothing else.

Field note

Compartmentalize by purpose. Use one browser and one email address for shopping and social accounts (expect tracking). Use a separate browser profile or device for preparedness research, group communications, and anything you want separated from your commercial identity. The separation costs nothing and dramatically reduces cross-contamination between your public and operational profiles.

Physical document security

The gap between what you can prove and what you own collapses the moment your wallet is stolen, your house burns, or you evacuate without time to grab anything. The documents listed below take weeks to months to replace through normal channels — and during a disruption, normal channels may not be functioning. Protecting them before an event is the only practical strategy.

The critical document set

Organize your document security thinking into four categories:

Identity documents — these prove you are who you say you are. Without them, accessing financial accounts, crossing borders, or applying for disaster assistance becomes difficult to impossible.

Passports (current and expired — expired passports establish identity history)
Birth certificates for every household member
Social Security cards
Driver's licenses or government-issued ID cards
Naturalization certificates and immigration documents

Financial documents — these prove what you own.

Property deeds and mortgage documents
Vehicle titles
Home, health, vehicle, and life insurance policies (including policy numbers and insurer contact information)
Bank account records with account numbers and routing numbers
Investment account statements

Medical documents — these govern treatment and legal authority during incapacitation.

Vaccination records for all household members
Current prescription lists with dosages and prescribing physician contact
Medical power of attorney
Advance directives and DNR orders if applicable
Records for chronic conditions requiring ongoing treatment

Emergency planning documents — these coordinate your household's response.

Emergency contact list with ICE (In Case of Emergency) numbers
Comms plan copy (see your communications plan)
Evacuation routes with primary and alternate paths
Shelter locations for your region
Copies of vehicle and homeowner insurance policy numbers

Home fireproof safe

A home fireproof safe protects originals against fire — still the most common cause of total document loss. The ratings that matter:

UL Class 350 (the correct rating for paper documents): interior temperature stays below 350°F (177°C) for the rated duration when exterior temperature reaches 1,700°F (927°C). Paper chars at around 387°F (197°C) and ignites at roughly 451°F (233°C), so the 350°F interior limit provides a meaningful safety margin. The minimum useful rating is 1-hour; 30-minute safes are cheaper but provide less margin in large-structure fires.

UL Class 125 (for digital media — USB drives, hard drives, optical discs): interior temperature stays below 125°F (52°C). Digital media fails well below 350°F (177°C), so a document-rated safe will not protect a USB drive. If you store a backup USB in your home safe, it needs either a Class 125 compartment or a separate data safe.

Choose a safe in the affordable to moderate investment range — small document safes are affordable; larger models with combination locks and more capacity represent a moderate investment. Size matters less than the rating and the installation method: bolt the safe to a floor or through a wall stud. A portable safe is just a container a burglar walks away with.

Fireproof is not waterproof

Firefighting water, flooding, and burst pipes destroy documents inside safes that survive fires. Most residential fireproof safes have no water-resistance rating. Store documents inside sealed ziplock bags or a dry waterproof pouch inside the safe. This costs nothing and survives both failure modes.

Bank safe deposit box

A safe deposit box at a bank keeps your most critical originals off your property entirely — immune to home fires, burglaries, and flood damage at your address. Annual fees are inexpensive. The significant limitation: you cannot access it outside banking hours, during bank closures, or in a grid-down scenario that disrupts normal banking operations. During the 2017 Houston floods, many residents discovered their safe deposit boxes were inaccessible for weeks.

The practical approach: keep originals of the hardest-to-replace documents (passports, birth certificates, property deed, vehicle titles) in a safe deposit box, and keep duplicates or certified copies of the same documents at home in your fireproof safe. You want the box as the primary custodian and your home safe as the recovery copy — not the reverse.

Trusted family or friend offsite copy

For lower-sensitivity documents — vaccination records, insurance policy numbers, vehicle titles — a sealed waterproof envelope left with a trusted family member or close friend at a different address achieves the offsite redundancy of a safe deposit box with no cost and no banking-hours dependency.

Label the envelope clearly with your name, the contents list, and a contact number. Store it in a sealed waterproof envelope, not just a paper folder. Update annually or when documents change. This works best as a complement to a home safe, not as a replacement: it requires trust and relies on their home not being affected by the same event that hits yours.

Field note

The "sealed envelope with a relative" approach fails most often because people never update it. Put a recurring calendar reminder for the first week of January: open the envelope, swap outdated documents, reseal, and return it. A vaccination record from 2019 is not useful for emergency school enrollment in 2026.

Waterproof document bag for go-bags

A portable waterproof document pouch carried in your bug-out bag or vehicle bag bridges the gap between home storage and active evacuation. These pouches are inexpensive and provide meaningful splash and submersion protection for short durations — they are not rated for prolonged flood immersion, and they offer no fire protection.

Your go-bag document kit should contain:

Color photocopies of passports for every household member
Copies of birth certificates
Insurance cards (health, vehicle, home)
Medication list with current prescriptions, dosages, and prescribing physician contact
Emergency contact card with ICE numbers (laminated)
Property insurance policy number and insurer claims phone number
Two-week medication supply prescription list (for requesting emergency pharmacy refills)

Keep originals at home or in a safe deposit box. The go-bag copy is your field-expedient identity kit — sufficient to access emergency services, check into hotels, or begin insurance claims, even if your house is gone.

Digital backup strategy

A scanned copy of every critical document, stored on an encrypted drive at an offsite location, is the most resilient single upgrade to document security most households can make. If your home is destroyed and you are evacuated, an encrypted USB at a relative's house lets you begin recovery before a single replacement document arrives.

Creating the scans: Scan at 300 DPI minimum, save as PDF. Name files descriptively: doe-jane-passport-2026.pdf rather than scan0047.pdf. A clear filename matters when you are searching under stress.

Encryption choices:

VeraCrypt (free, cross-platform): Creates an encrypted container file on the USB drive that mounts as a virtual drive on any computer with VeraCrypt installed. Open-source and independently audited. The strongest choice if the USB will be used on multiple operating systems (Windows, macOS, Linux).
BitLocker To Go (Windows built-in): Encrypts the entire USB drive with AES-256. Simpler setup than VeraCrypt; requires Windows Pro or Enterprise. Accessible natively on any Windows machine; needs the BitLocker reader app on macOS.

Both use AES-256, which is adequate. The risk is not the algorithm — it is the passphrase. Use a passphrase that is long and memorable to you, not an 8-character password. Write the passphrase on a separate piece of paper, seal it in an envelope, and store it at yet another location from the USB drive itself.

Cloud backup: A zero-knowledge encrypted cloud service (ProtonDrive, Tresorit) adds a third copy that is geographically distributed and accessible from any internet-connected device. Do not upload unencrypted documents to standard cloud storage — photos of your Social Security card in an iCloud account are readable by Apple and any attacker who compromises your Apple ID.

Update discipline: Update the backup drive annually and whenever a document changes (new passport, new vehicle title, new insurance policy). Set a calendar reminder.

Destroying sensitive waste

Documents you discard create the same risk as documents you lose. Financial statements, pre-approved credit card offers, prescription labels, medical EOBs, and anything with an account number or Social Security number must be destroyed before disposal.

Shredder ratings (DIN 66399 standard):

P-2: Strip-cut. Strips are easily reassembled — avoid for anything sensitive.
P-4: Cross-cut. Particles are no larger than 160 mm² with a width no greater than 6 mm. Adequate for most household sensitive documents.
P-5: Micro-cut. Particles no larger than 30 mm². The appropriate choice for Social Security numbers, tax documents, and financial account numbers.

For most households, a P-4 cross-cut shredder covers everyday needs. For documents containing Social Security numbers, full account numbers, or medical record details, a P-5 micro-cut shredder is the better standard.

Rural and off-grid option: Complete burning — in a metal burn barrel or fire pit with sufficient heat — destroys paper document material thoroughly. Partial burning (smoldering, insufficient heat) leaves readable fragments. Ash from fully burned documents is not recoverable.

Identity theft during displacement

Natural disasters and prolonged evacuations are peak periods for identity theft. Federal Emergency Management Agency (FEMA) registration forms, insurance claims, disaster assistance applications, and shelter sign-ins all create new records containing your personal information, often handled under chaotic conditions.

After any major disruption:

Monitor your credit at all three bureaus (Equifax, Experian, TransUnion) for 90 days
Place a credit freeze at all three bureaus — free under federal law — if you are displaced for more than a few weeks. A freeze prevents new credit accounts from being opened in your name without a PIN you control. Unfreeze when needed; refreeze afterward.
Do not leave document copies in temporary housing, vehicles, or shelters any longer than necessary

Your OPSEC practices and your digital privacy hygiene are complementary — each addresses threats the other misses. Digital privacy limits remote profiling; physical document security protects your identity when physical access to your records is the threat.

Privacy and document security checklist

Digital privacy

Opt out of Whitepages, Spokeo, BeenVerified, and Intelius
Install a password manager and create unique passwords for email, banking, and critical accounts
Enable two-factor authentication (authenticator app, not SMS) on primary email and financial accounts
Switch router DNS to Cloudflare 1.1.1.1 / 1.0.0.1 with DoH enabled
Enable BitLocker (Windows) or FileVault (Mac) on all computers
Enable screen lock and verify full-disk encryption on all mobile devices

Physical documents