I gave myself one month to vanish. No social platforms, no Google services, no real name attached to anything new. Encrypted email through Tuta, a Mullvad account number where my login used to be, cash for groceries, a pseudonym on any account I couldn’t avoid creating. The plan was to come back on Day 31 and write about what I’d learned.
I made it eleven days.
This is a field report on why. The encryption held. The VPN routed cleanly. The Tuta inbox stayed quiet. The collapse came from somewhere I hadn’t planned for — not from the technical surface I was defending, but from the social and infrastructural surface I hadn’t accounted for. Underneath that: a category of exposures no privacy service can erase, regardless of how disciplined the user is. Both findings reshape what a realistic privacy practice should look like, and neither matches what most beginner guides describe.
The Starting Stack and What It Cost
The starting loadout was conservative — not a privacy researcher’s setup, just what a curious person finds at the top of a privacy guide on Day 1. Four rules defined the experiment.
The first rule was deactivation, not deletion. Every social account paused but recoverable. Deletion is irreversible on most platforms, and torching a decade of contacts to prove a point felt like a different experiment than the one I wanted to run. The second rule was a new email account on Tuta Mail — German-hosted, end-to-end encrypted, no phone number required to sign up. Tuta moved to a post-quantum hybrid encryption protocol called TutaCrypt for new accounts in March 2024, combining Kyber-1024 and X25519 key pairs, which made it the most credible default for someone starting fresh in 2026. The free plan offers 1 GB of storage — enough for a stripped-down identity. The third rule was no Google services: search, Maps, Drive, YouTube, all out, with replacements found as needs arose. That clause was the one that broke me, and I should have known it would. The fourth rule was a pseudonym on any new account, with cash for in-person purchases and Privacy.com virtual cards for online ones.
The Mullvad VPN account was already running before the experiment — flat $5/month, paid in cash mailed to a Swedish PO box, identified only by a randomly generated account number with no email attached. That stayed.
What I didn’t have on Day 1, and should have: a data broker removal subscription, a privacy-focused phone carrier, an offline maps app pre-loaded with my city, a self-hosted file sync, a hardware security key, or any prepared answer for what to do when a client asked for a Google Doc. I treated the setup as a starting position. It was actually the position from which I was going to fail.
Eleven Days in Field Notes
The collapse wasn’t clean. Real life rarely is.
Days 1–3 were quiet euphoria. I slept eight hours. I read two books. The phone got dramatically quieter — that part was easier than I’d expected. By the third evening, the loneliness started to register. Not the absence of feeds, but the absence of small unscheduled exchanges. A coworker would have sent a meme on a normal Tuesday. No one did, because I had no inbox they knew to send it to.
Day 4 was the first slip I admitted to. A friend’s birthday plan moved from group text to a Signal group I had quietly left. I rejoined “just to read.” I posted within an hour. Once I’d posted, the group’s thread of last week’s photos pulled me through twenty minutes of catching up. The reentry was not into Signal as a service — Signal is fine. The reentry was into a social context I had pretended I could exit unilaterally.
Days 5 and 6 are blurred in my notes. Quick searches I made without thinking, on a browser I had forgotten was logged into Google for an unrelated reason. A YouTube link from Signal that I clicked because I was tired. Notes I stopped writing in my offline notebook because the friction was too high. There were more slips than I logged. The honest answer is that I don’t fully know what I touched on those two days.
Day 7 was when work cracked it open. A client needed to review a contract. Could I share it on Drive? My “burner” Google Workspace account had my real name on its signature line within an hour. I told myself this was a controlled exception. It wasn’t. By the end of the day I had opened the same account three more times for unrelated tasks because the muscle memory was already there.
Day 11 was the slip I couldn’t lie about. 10:47 pm. A pharmacy was closing at 11. I needed it open. I opened Maps without thinking, logged in to confirm the hours, drove there, and on the way back I checked Instagram on the same logged-in browser. I stopped pretending after that.
The official failure was Day 11, but Day 11 was just the slip I couldn’t talk myself out of. The real failure had been progressive since Day 4. The interesting question isn’t why I gave up on Day 11. It’s why I lasted as long as I did, and what specifically broke each time.
What Actually Broke Me
I had assumed the hardest part of disappearing would be willpower against my own habits — the dopamine loops, the phantom buzz, the boredom. That was not what happened. The phone got quieter, and quieter quickly became normal. What I had misjudged was that the lock-in is not on the apps. It is on the people around me, and on the workflows we share.
Plans don’t reroute for an absent person. A birthday, a project standup, a school pickup roster — these move through whatever channel the group already uses, and that channel is whatever’s most convenient for the majority. Opting out costs them effort, not just you. The polite move from their perspective is to keep moving and let the absent person catch up later. The result is that the cost of staying out compounds: by Day 4, I had four days of unread context to recover, and the easiest path was to rejoin.
Other people’s tools become yours by handoff. A client’s Google Doc, a friend’s WhatsApp invite, a calendar share, a shared Notion page. Every collaboration is a re-entry point you didn’t choose. You can refuse, but each refusal is a small social or professional tax — paid by you, by them, or by both. Most people don’t pay that tax for long, and I was not the exception I had assumed I would be.
Defaults beat intentions when attention runs out. Tired or rushed, the brain reaches for the easy tool — usually the one everyone else is already using. The privacy-conscious option takes three minutes to load, three taps to authenticate, and another minute to remember why I’d switched away from the default in the first place. The default takes three seconds. At 10:47 pm, in a parking lot, looking for a pharmacy that closes in thirteen minutes, the default wins. Not because I’d made a moral choice, but because I’d run out of cognitive surface area for the moral choice.
These observations aren’t original — privacy researchers have written about each of them — but I had underestimated how completely they would govern the experiment. I came in thinking willpower mattered. Willpower didn’t matter. The structure of the rest of my life mattered.
The Stack Audit
The eleven days produced a sharper inventory than thirty would have. Some of the swaps survived after the experiment officially ended. Others were good ideas I hadn’t pre-staged and therefore never actually adopted, because by the time I needed them I had already given up. The pattern, in retrospect, is that everything I had configured before Day 1 stayed in my life. Everything I planned to configure “as needed” did not.
The pattern in that table is the lesson. If OsmAnd had been on my phone with my city pre-downloaded on Day 0, the pharmacy lookup on Day 11 wouldn’t have ended the experiment. If a Cryptpad workflow had been in place by Day 1, the client doc on Day 7 wouldn’t have crashed my pseudonym. The experiment didn’t fail because the alternatives don’t exist. It failed because alternatives that require setup-on-demand never get set up on demand.
The Unfixable Floor
Here is the part most “disappear from the internet” guides skip, because the answer is uncomfortable. Even a perfectly executed thirty days would have left a stack of exposures untouched. Some categories of personal data are not addressable by any privacy service, no matter how much you spend or how disciplined you are. They are the floor below which privacy work cannot reach.
haveibeenpwned.com exists for a reason.A reader who walks away from this article with one realization should walk away with that table. Privacy work has a ceiling, and the ceiling is determined less by what you do than by what other people, public agencies, prior breaches, and your own body have already exposed. None of the disciplined privacy practice in the world rolls back the Equifax breach or untags your face from a friend’s old wedding album. The corollary: time spent fighting the unfixable is time stolen from the fights that are actually winnable.
The Realistic Playbook
If I were starting again next month, the plan would be smaller, slower, and aimed at being unprofitable to track rather than invisible.
The first move is email migration, executed in waves over weeks rather than overnight. Open a Tuta or Proton alias on Day 0. Forward the old inbox for sixty days while updating the accounts attached to it — banks, taxes, doctors, employers, two-factor recovery — at a pace of one or two per evening, tracked in a spreadsheet so nothing slips. Only after the spreadsheet is fully checked off does the old account get deactivated. Never delete it; deletion bricks recovery for any service that still has it on file and breaks the audit trail you need to confirm what you migrated.
The second move is paying a service to fight data brokers continuously. The three credible options at the personal-tier price point are Incogni, Optery, and DeleteMe. None is a one-time fix; the entire category exists because brokers re-add records every 30–90 days from public sources or partner exchanges, so the services re-send opt-out requests on rolling cycles.
The third move is demoting Google rather than quitting it. Browser default to Brave or LibreWolf. Search default to DuckDuckGo. Maps default to OsmAnd with your city pre-downloaded. Don’t try to leave Google in a single weekend. Try to stop being its default. Switching defaults is a one-time cost. Sustaining pure abstinence is a daily one, and as the Day 11 collapse showed, the daily cost is exactly what fails first.
The fourth move is telling two real humans what you’re doing. A friend and one work contact. The experiment dies in silence — when the only people who know your new email are companies you don’t trust to use it correctly. It survives when at least two people in your life know to text instead of DM, to email Tuta instead of Gmail, to ask before Drive-sharing.
The fifth move, which I would have considered overkill on Day 1 and now consider essential, is porting the phone number to a privacy carrier. Services like US Mobile’s anonymous plans or JMP.chat for SMS-based 2FA remove one of the highest-leverage data points brokers and adversaries use for cross-correlation. The friction is real — some banks reject “unrecognized” carriers and a few will require a callback to verify — but the upside is meaningful, and most modern services have moved off SMS-based 2FA toward authenticator apps anyway.
Frequently Asked Questions
How long do data broker removals actually last? Most brokers re-add records within 30–90 days, often pulling fresh data from public sources or from partner exchanges. The major services re-send opt-out requests on a 60-day cycle precisely because of this. Treat removal as ongoing maintenance, not a one-time job.
Should I use Tor for everyday browsing? No, unless your threat model genuinely requires it. Tor is slow, breaks many sites, and draws attention from network operators. For everyday “I don’t want to be profiled by advertisers” privacy, a reputable VPN plus a hardened browser (Brave, LibreWolf, or Firefox with the arkenfox user.js configuration) is the right tool. Save Tor for activity where the latency and breakage are worth the much stronger anonymity guarantee.
What about deleting accounts entirely? Counterintuitively, deletion is often worse than deactivation. A deleted Facebook account, for example, removes your ability to see what photos others have tagged you in while not actually removing those photos. A deactivated account preserves recovery and visibility. Delete only when you’re certain you’ll never need to see what the platform still holds about you.
Is Tuta enough on its own, or do I need Proton too? Tuta is enough for email and calendar. Proton’s advantage is the bundled stack — Drive, Pass, VPN — under one account. If you want a single-vendor replacement for Google, Proton is the closer match. If you want strictly the most secure email at the lowest price, Tuta wins. Tuta Drive entered closed beta in April 2026, which may change this calculus by year-end.
What Eleven Days Was Enough to Learn
The internet doesn’t let you leave. It lets you go quiet. That sentence is the cleanest one I wrote during the experiment, and it’s the one I’d ask any reader of this piece to take with them. You can dial down your discoverability, opt out of the broker resale market, harden the channels you control, and keep the rest of your life navigable. You cannot vanish from a system that other people, public agencies, and your own past selves have already filled with traces of you.
The point isn’t to disappear. The point is to make yourself worth less to the people aggregating you than the cost of aggregating you. That goal is achievable on a normal life schedule, and it survives contact with closing pharmacies and client deadlines. Disappearing doesn’t.
