Our online privacy rights have almost always eroded in the U.S., rather than improved. The Obama Administration created a new set of restrictions on Internet service providers (ISPs) intended to define more clearly and explicitly bar greater use of our information that ISPs could conceivably gather, store, and sell. A Congressional joint resolution may be signed by President Trump by the time you read this that prevents those new rules from going into effect. The status quo remains.

However, the aggressive enforcement of certain privacy rules and net-neutrality polices by the FCC and FTC during the Obama era seemed to prevent ISPs from pushing forward. With the new rules rejected and a friendlier FCC chair in place, there’s legitimate concern that ISPs will ramp up efforts to use our browsing habits and behavior to sell to marketers to better target ads against us, to create new ISP-operated targeted advertising systems, and to have information available to release to the U.S. government without the requirement of a warrant.

Many well-meaning people immediately suggested a host of different ways to block your behavior from being tracked, but some of them don’t increase your privacy—and could, in fact, reduce it. Let me look at what’s most effective and what you should avoid.

Https and VPN: Bury yourself in a tunnel

You’ve probably heard a lot (from me and everywhere else) about the increasing usefulness and need to encrypt Web communications in order to protect yourself from criminals, malicious snoopers, and overreaching government entities. Web encryption via an https connection from your browser protects end to end, though the Web server’s operator can obviously see what you’re up to. But nobody in between can.

With https, an ISP can intercept the name of the Web site to which you connect, but not the full URL with the path and potentially variables sent. It also can’t read interactions that happen in Web apps. It also prevent code injection, which some ISPs and hotspot operators use to insert popup messages, swap out or insert ads on a Web page, and otherwise interfere with the page sent from a Web site.

But ISPs can see how often you connect, when, and the size of payloads sent and returned, from which a lot of insight can be gleaned. You can’t rely on https to protect you from snooping, but it turns the dials down on a lot of specifics. The Web is rapidly moving to https being available everywhere, and beyond that to https-only Web sites.

To ratchet it up a notch, you could use a virtual private network (VPN) connection, which encrypts all the connections of any kind leaving your computer and decrypts it at some point on the Internet where the VPN operator has a termination point, usually in a data center, which can be located in a country that’s not your own. (I’ve also written about using the Tor network, which securely anonymizes browsing, but it’s difficult to use for day-to-day purposes in which you log into accounts or make purchases.)

VPNs have the advantage of cloaking everything. Neither an ISP nor any party between you and the VPN termination point can inspect what you’re doing, except the amount of traffic flowing. However, because you’re terminating at another point, this can slowdown throughput (the net amount of bytes flowing) and latency (the time between an action happening on one side of the connection and a response being received on the other). Depending on your network’s bandwidth and other factors, a VPN could slow you down or stall you quite a bit.