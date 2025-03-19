Andrej Karpathy, the former Tesla autopilot head and an ex-OpenAI researcher has outlined practical steps to improve digital privacy and security, offering a clear roadmap for anyone looking to better protect their online identity.

What Happened: In a new blog post titled "Digital Hygiene" that was published on Monday, Karpathy shared a detailed guide to improving privacy and cybersecurity in everyday computing.

Here are the highlights:

Passwords, Security Keys, And Biometrics

Karpathy said that the use of a password manager like 1Password generates and stores strong, unique passwords for every service. He urges users to pair this with a hardware security key—his preferred brand is YubiKey—to secure critical accounts with a physical second factor.

Privacy-Focused Tools

He also recommends Signal for secure messaging, Brave for browsing and searching, and NextDNS or Pi-hole to block trackers at the DNS level. Karpathy is critical of “smart” IoT devices, calling them a significant privacy risk, and encourages users to avoid them whenever possible.

Financial And Email Safety

To minimize exposure to fraud and data leaks, Karpathy suggests using services like Privacy.com to generate unique virtual credit cards per merchant, and virtual mailboxes instead of real addresses. He also advises caution with email—never clicking links and disabling image loading to avoid being tracked.

“[Signal] it does not store metadata like many other apps do (e.g. iMessage, WhatsApp). Turn on disappearing messages (e.g. 90 days default is good),” he stated.

I wrote a quick new post on "Digital Hygiene".



Basically there are some no-brainer decisions you can make in your life to dramatically improve the privacy and security of your computing and this post goes over some of them. Blog post link in the reply, but copy pasting below… pic.twitter.com/gRyeVouko5 — Andrej Karpathy (@karpathy) March 18, 2025

Why It's Important: Karpathy's guide arrives at a time when digital threats—from phishing to data breaches—are escalating in both frequency and sophistication.

According to data from Statista, social media platforms were the primary target of phishing attacks worldwide in the third quarter of 2024, accounting for 30.5% of incidents. Web-based software services and webmail followed closely, making up 21.2% of reported attacks.

Meanwhile, financial institutions were also heavily targeted, representing 13% of phishing attempts during the period.

