guest@~/privacy$ cat start-here.txt

Start here.

Before you install anything, answer one question: what are you actually protecting, and from whom? Ten minutes of thinking here saves months of cargo-culting tools that solve someone else's problem.

~/threat-modeling

what is threat modeling?

Threat modeling is a fancy name for something you already do. You lock your bike differently in a small town than outside a train station. You don't tell a stranger what you told your doctor. You already adjust your defenses to the threat; this page just applies that instinct to your digital life.

Without a threat model, privacy advice is noise. "Use Tor!" "Self-host everything!" "Get off Google!": useful for some people, pointless overhead for others, and occasionally actively harmful (an exotic setup can make you more conspicuous, not less). With a threat model, you can read any recommendation (here or anywhere) and know whether it's for you.

The goal isn't maximum security. Maximum security is a phone in a lake. The goal is the right security for your actual situation, at a cost you'll sustain past the first week.

the three questions

1 · what are you protecting?

Your assets. Browsing history, location, messages, photos, finances, identity, a source's name, who you associate with. Be specific: "my privacy" is not an asset, "my home address staying off people-search sites" is.

2 · from whom?

Your adversaries. Advertisers and data brokers? A thief with your phone? An abusive ex? Your employer? Scammers? A government? Each one has different capabilities, and most people's real list is shorter than they fear.

3 · at what cost?

Your budget: in money, time, and daily friction. A defense you abandon protects nothing. The honest version of this question: what inconvenience will you still be tolerating in six months?

building your model

  1. List what you'd hate to lose or leak. Write it down, actually. Most lists converge on: email account, photos, finances, private conversations, location patterns, and one or two things specific to you: health records, immigration status, a business idea, who you date.
  2. Name who'd want each item, realistically. For most people the honest list is: data brokers and ad networks (want everything, passively), opportunistic criminals (want money, not you specifically), and maybe one personal adversary: a hostile ex, a stalker, a bad landlord. Targeted state surveillance is real but rare; designing for it first is how people burn out and quit.
  3. Rate likelihood × damage, roughly. Phone theft: likely, recoverable if prepared. Password-reuse breach: very likely, expensive. Targeted hacking: unlikely for most, catastrophic for a few. The point isn't precision: it's noticing that the boring threats are the probable ones.
  4. Defend the top of the list first. For nearly everyone that means: a password manager, 2FA on email and finance, automatic updates, and a pause before granting any app its permissions. That set neutralizes the likely threats before you spend a minute on the exotic ones.
  5. Revisit when life changes. New job, new country, new relationship, kids, activism, divorce: threat models have a shelf life. A yearly skim of yours costs ten minutes.
worked example A nurse with a vindictive ex isn't worried about the NSA. Her model: location data and her new address (assets) versus one specific person with normal-person skills (adversary). That means: people-search-site removal, locked-down social media, a new email he never had, check the phone for shared accounts and stalkerware; and Tor solves none of it. Same tools site, completely different page order. That's a threat model doing its job.

your model in practice

"Data brokers profile me" → a tracker-blocking browser, filtered DNS, email aliases, and saying no to loyalty programs. Cheap, low-friction, covers the adversary that targets literally everyone.

"A stolen password ends me" → a password manager and hardware-key 2FA on the accounts that matter. This is the highest return-on-effort pairing on the entire site.

"My conversations are sensitive" → Signal with disappearing messages, and a provider that can't read your mail.

"A person, not a corporation, is after me" → device access, shared accounts, and location sharing first: the intimate-threat playbook is different and mostly isn't about encryption. The hardened setup covers some of it; specialist resources (like the Coalition Against Stalkerware) cover the rest.

"My government is in my model" → Tor, Tails, compartmentalized identities, and advice beyond this site's scope. Start with the hardened setup, then go deeper with sources written for your specific situation.

where to go next

guides

Pick a setup

Three complete configurations mapped to threat models: beginner, standard, and hardened. Tools, order, and setup steps included.

 highest impact

Password manager first

If your model says "do the basics," and it does, this is the basic that pays for all the others.

 browse

All tool categories

Ten categories of researched picks, each explaining what matters and who each tool is for.