How do you remain rational while studying, being aware of, and mitigating your threat model?

So, on a personal note, I am no one of interest. I am not worried about the government coming after me or someone trying to get my info for corporate espionage.

My interest in data privacy is purely driven by personal interest rather than necessity. I am however struggling to retain a level of rationality in what I do. General example: I installed linux on my laptop and I have no problem trying to fix something that isn’t working for the most part, at least til this laptop and the brightness doesn’t go off of max on any distros I’ve tried. After a while I give up and install windows in defeat because I can’t stand max brightness. Looking to the coming year or so I plan on upgrading my phone but in trying to remain privacy conscious I am starting to feel like my only option is whatever the latest model pixel is with Graphene OS.

I don’t particularly want a pixel… but I also don’t want that nagging feeling of, “Well I should degoogle it.” Leading to, “okay so I am running x rom on y hardware” wondering how much I am expanding the surface area that can be attacked and questioning what am I vulnerable to and how many of the updates just give me a false sense of security once the phone is no longer getting updates from the carrier.

I like things like Proton, Signal, etc because they work in a fairly easy fairly straight forward manner and add a level of privacy (when others use similar software) which is great. The problem is I am no security expert but I can think of off the top of my head so many ways everything I do would be rendered useless. How do you differentiate between meaningful choices and spinning your wheels in the mud? Whether you’re just cutting off options you may even really want or see value in to uphold what slowly just sorta becomes it’s own personal dogma?

1 Like

I think the main thing is that you shouldn’t be asking yourself what you might be theoretically vulnerable to, you should be wondering who you’re defending against. Vulnerabilities will always exist, but realistic attacks are much more limited in scope and depend greatly on who the attacker would be.


Me neither

Oh, I definitely am! I know several people who have been convicted for small stuff like defamation and the evidence to convict them was provided by Google/Facebook/Microsoft and the likes of it. They provide location data, access to email inboxes, unencrypted whatsapp backups, etc. Nowadays here in Portugal the tax authority can request similar info under some circumstances.

All of it stuff that normally wont put you behind bars even if you are found guilty but that will potentially cost you a lot of money in fines and restitution to aggrieved parties as well as a criminal record.


I’m not worried about anyone coming after me. Today, that is. Tomorrow, too. But 10 years from now? Or 20? Who knows how the world will have changed. Most of the information collected today won’t disappear. Much of it will remain relevant for the rest of your life. Fingerprints and DNA, for example, basically never change. Financial activity, community memberships, political affiliations, controversial activities – all these things have the potential to become issues in the future. Your government may prohibit ex post facto laws and punishment. Currently. What guarantee do you have that won’t change?

Any time you share information with someone, you are trusting them not to abuse it. Most of it may be inane and ultimately irrelevant. Are you certain your relationships, your location, your beliefs, your background, your job and your spending are irrelevant? People all over the world are persecuted based on such factors every day.

My opinion is sharing sensitive information with anyone other than a trusted friend/associate is irrational. From where I’m standing, our world is incredibly irrational.