You are in a fishbowl, fully exposed to all the watchful eyes on the internet.

Big Tech has every click, every purchase, every “like” - going back at least a decade - cataloged and replicated across sprawling data centers the size of suburban shopping malls. Your digital history isn’t just for posterity, it’s for sale. And it’s valuable, fueling artificially intelligent systems used by groups such as political consulting firms to predict interests and behavior. It’s a highly lucrative bottom line: Google and Facebook, two companies that sell AI ad-targeting technology to the highest bidder, are valued at over a trillion dollars combined.

Most people don’t even realize they need to protect themselves, and even fewer know how. But it’s time to admit that the precautions you should have taken years ago are now just a start. Exactly how deep you want to go is up to you.

Step One: Protect Yourself

Large tech companies aren’t the only ones out for your data. Organized cybercriminals and rogue hackers trade known vulnerabilities to break into phones and computers for financial gain. On dark-web markets, “fullz” - a full set of personal information, including Social Security number, birth date, address - can sell for a few hundred dollars if the credit score is right.

The good news is that subpar digital security is one of the easiest things to fix. First step: examine every URL. Do you trust the site? Will it infect your computer with a drive-by download? Are you staring at an imposter page designed to steal usernames and passwords? Only install software from sites you absolutely trust, and run downloads through VirusTotal, a free service (owned by a subsidiary of Google’s parent company, Alphabet Inc.) that checks for malware by running files through dozens of antivirus services.

To protect your growing number of logins, use two-factor authentication with every site that supports it, from Amazon to Snapchat to your online bank, and faithfully apply software updates to patch vulnerabilities. Enable full disk encryption – standard on Windows 10 and OS X Yosemite or later – which converts exfiltrated information into mumbo jumbo, making it worthless to prying eyes.

As a final precaution, revisit your passwords. All of them. Repeated names and phrases are a single point of failure; once cybercriminals break into one internet account, they have access to everything – email, social media, banks. Use a password manager like LastPass to generate and store strong, unique passwords. Also consider buying a physical two-factor authenticator, such as Security Key ($20) or YubiKey 5 NFC ($45) from Yubico.

Step Two: Avoid Detection

If you’re wary that Facebook manipulates users with AI to boost engagement, as critics charge, there’s a simple fix: delete your Facebook account. If you can’t quite take that leap, at least reduce your footprint on social media. Unfriend everyone you don’t know. Install Social Fixer to turn off Facebook’s AI-ranked posts and ads; the plug-in lets users choose from ready-made filters that strip newsfeeds of unwanted subjects (like politics) or keywords (“Putin”). If you want to do something similar on Twitter, try Larry Filter.

Even creepier: it’s time to worry about facial recognition. Today’s software can identify objects and people - not just who those people are but what they’re doing and how they feel doing it. Amazon Web Services provides image recognition technology to companies and developers on a pay-per-use model, and use of the tech is widely unregulated. One previous client: the White House.

You can opt out of facial recognition on Facebook, with one catch: the software has to remember you in order not to recognize you. Instagram is no better: photos posted there are stored in Facebook’s data centers, where the company pulls identities and context from the photos and stories. Next time you consider a selfie, ask yourself how much that like is really worth.

Step Three: Close the Blinds

Ditch Chrome for Firefox. Google’s business model depends on collecting and monetizing your data. Firefox is operated by Mozilla, a nonprofit corporation that promotes privacy.

Toggling Firefox’s Do Not Track setting tells websites not to track you, meaning ad networks won’t be able to spam you with ads for products you browsed on other sites. The catch: there’s no legislation or regulation requiring companies to honor this setting, and a website can ignore it with little or no consequence. The fix: a browser extension called Privacy Badger prevents uncooperative websites from using third-party tracking, while another called uBlock Origin uses customizable lists to block ad servers. Install both.

Also, it’s hard to hide from Google when you’re googling. Switch to an anonymous search engine like StartPage, Qwant or DuckDuckGo. The results are generated independently from your identity or geography since these sites don’t store personal information.

Step Four: Cover Your Tracks

It’s time to disassociate from Verizon, Comcast or whatever internet service provider (ISP) gets you onto the web. Most people do this with a virtual private network (VPN), such as NordVPN, which encrypts web traffic and assigns users a virtual IP address. This means no one can pin your internet use to a physical location.

To stay truly anonymous, you’ll want to purchase the VPN service through Tor, a group of volunteer-operated servers that let you surf the web anonymously, using a fake email account. Use a prepaid Visa card and a burner phone — preferably one bought with cash at a garage sale with cash.

You’ll also need your own Wi-Fi router, not the cheap one that your ISP rents to you monthly with your internet service plan. Get a Linksys WRT3200ACM ($179) or ASUS AC5300 ($245) — both are fast and customizable. No matter what you choose, pay for it with cash and bolster its defenses by installing DD-WRT, an open-source, Linux-based firmware that gives you additional security options.

Step Five: Become a Nomad

If you’ve completed steps one through four properly and practice good operational security, only a supremely sophisticated entity, like a nation-state’s security agency, will be able to penetrate your defenses. But there is a deeper level of impermeability.

To become a true nomad, untethered from any fixed position on the internet, you need to boot your computer from a USB stick carrying TAILS, or The Amnesic Incognito Live System. This replaces default operating systems, like Microsoft Windows or macOS, ensuring your browsing activity is both anonymous and immune from forensic discovery. Buy a USB stick with at least eight gigabytes of storage from a reliable manufacturer like SanDisk or Kingston Technology.

Still, a thorough scan of your network activity could identify a Tor browsing session — a way in. The only unassailable defense: make public internet connections in public cafés and libraries, and never return to the same location twice.

Then and only then will you truly be a ghost in the machine.