Your Threat Model Has Changed
or: reducing your digital fingerprint
Whoever you are, whatever you’re up to, if you live in the United States, your threat model has changed. It’s likely that this is true wherever you live in the world, because the political situation here is disrupting the political situation around the world, but I can really only speak to this here in the States. Things are different now. We are going to have to accept that.
When you’re developing a security strategy (for a house, a network, a person, a protest march, or anything), you work with what’s called a “threat model.” This is a fairly simple concept: it doesn’t do you any good to try to secure yourself against every possible threat, so instead you develop a model of the most likely threats and prepare yourself against those.
We all threat model, whether consciously or not. We look at the world around us, think about what might harm us, and take steps to mitigate that risk based on our own threat models. People lock their doors more in suburbs and cities than they do in rural areas. Folks on the west coast pay more attention to wildfire maps and evacuation routes, while folks on the east coast are more lax about fire safety. Soldiers smoke at a higher rate than the rest of the population (about 1 in 4 instead of 1 in 5). I suspect that when you are in a war zone, your longterm health becomes a lower priority in your threat analysis.
I can’t tell you what your threat model was a year ago, only that it’s different now. I can’t even tell you what your new threat model is. A cis woman’s threat model is different than a trans woman’s is different than a trans man’s is different than a cis man’s. Someone here on a student visa is in a more precarious situation than that of a US citizen. A federal worker and a construction worker might both find themselves in economic peril, but it won’t look quite the same. Of course, everyone, regardless of identity, has skin in the game when it comes to navigating a totalitarian regime
It’s worth taking time to do threat modeling, so that you can prepare yourself for the situations you consider most likely. This is something you can do with your friends, housemates, family, and/or local community. Get together and talk about what you’re worried about.
I can’t tell you what to worry about, but I can tell you some of the ways that things have changed, and I’ve got some suggestions about how to do deal with that, especially as relates to your digital fingerprint.
Twenty years ago, I knew all these techie activists who would sing the virtues of Linux and data privacy. They tried to warn us that we ought not to let our data fall into the hands of corporations. Twenty years ago, I didn’t really listen, because my threat model didn’t warrant too much worry about data privacy.
A year ago, I tended to view the political situation as a three-way fight. This is a bit of an oversimplification, but you might view “the Left” (and especially those who want a more free and cooperative world) in one corner. Capitalism and its large corporations were in another corner (what we call neoliberalism, which is a distinct thing from “being a liberal” since political terminology is so confusing). The third corner was state power. While the state was largely neoliberal itself, it was a very distinct thing from corporations, and there was a tension between the two.
Take email privacy. There have always been email providers that have been focused specifically on providing services to activists (like riseup.net), but most activists still preferred gmail. Why? On some level, the answer was convenience. But there was a case that could be made that google was actually the more secure platform. Megacorporations have substantially more resources available to them to fight hackers and even to stand up to the state. Rich corporate clients insist that their data remain secure, so Google has worked hard to keep that data secure, including from the US government.
But things are changing. With billionaires currently lining up to bend the knee before Trump, and with laws shifting to increase the repressive power of the state, big tech companies are less and less likely to offer us any substantial protection.
Big tech has always been spying on us. It’s right there in the privacy policies that we click through without reading. It’s just that they didn’t seem to be doing anything particularly dangerous with that data, so we (myself included) didn’t really care that much. Big screen smart TVs are several times cheaper than display monitors not because the technology is fundamentally different, but because the cost of producing a smart TV can be offset by selling the user’s data. A shocking array of tools in our life do this. Apps we pay for on our phones collect and sell our data. Websites we go to collect and sell our data. Social media collects and sells our data.
Tech companies have built little biographies about each and every one of us. It’s always been a bit unnerving, but it’s also largely not impacted our actual safety.
Well, now it might.
Fortunately, it’s not “too late.” We can, and should, work to reverse the damage. We can respond to a changing threat model by changing our security habits (or beginning to build them from scratch). When it comes to securing ourselves, you have to remember that perfect is the enemy of good: sometimes people, when they realize they cannot ever have perfect security, don’t bother to have security at all. This is nonsensical. Anyone who has played any roleplaying game should immediately know that this is nonsensical. A +1 shield doesn’t make you invincible, it just makes you 5% harder to hit. It is worth going through incredible effort to get a +1 shield.
Security practices are habits you build over time. Do not look at any list of suggestions and think “I can’t do all of that, so I won’t bother doing any of it.” Not all of these suggestions are necessarily applicable to you anyway. For most people, the goal is not to disappear “off the grid” and become a digital ghost, but instead to limit and control your digital fingerprint.
Some of this is a lot of work. So it goes.
Here are some suggestions. Consider this a list of “maybe you might wanna.”
First and foremost, install Signal on your phone and computer and use it in place of text messaging. There are other steps you can take with Signal, like turning on disappearing messages and turning off notification previews, but just moving to Signal at all will massively reduce the amount of data available to the state.
Consider switching to Linux from Windows or Mac. This is less convenient, and while Linux has come a long way towards being user-friendly, it still requires more work and more learning. It’s definitely cheaper, though—all the software is free. There are some programs that you won’t be able to use on a Linux computer, so you might want a second computer for certain tasks or to become comfortable with virtual machines.
If you cannot move to Linux, then look into guides to increase the privacy of Windows or Mac. There are a fair number of privacy controls available.
Move away from cloud-based programs whenever possible, especially away from unencrypted programs that harvest your data to build a profile on you and/or train AI models. The more you work on the cloud, the larger your “attack surface.” That is to say, the more ways in which your security can be compromised. Unencrypted data can be requisitioned by the police, and all signs point towards this process becoming easier, not harder. Look for “end-to-end” encryption.
Other people suggest simply moving away from US-based cloud services.
Move your social media away from your legal name. Someone looking at your ID (say at the border or an internal checkpoint) should not be able to immediately find endless information about your family, your habits, and your political views. If you are not a public figure (or an aspiring public figure), then make your accounts private and viewable only to friends. Delete old posts and pictures (some services, such as Meta, allow you to download your data in bulk, so you don’t risk losing all your photos). Help your friends and family audit their social media to make sure photos are not set to public.
Consider having an aboveground social media presence (particularly on Meta and/or X) under your legal name that is entirely benign while maintaining a demiground social media presence for your actual life.
Close down old accounts. If you’re no longer using a service, especially a social media service, deactivate your account. Some services, like X, do not delete your data when you quit, but there are applications available to delete all of your data in bulk.
Leave X. Twitter is gone. It’s not “rebranded,” it’s gone. Its data was bought by a fascist who is working to develop a totalitarian state. Delete your data and delete your account. I’m sorry.
Instagram stories are saved forever by default and would therefore be accessible to anyone with access to your data. There is a setting to turn this off, and you can delete old stories from your archive, but only one-by-one.
Degoogle your life. Move searches to Duck Duck Go, a privacy-focused search engine. Ever since the web has been consumed by AI slop articles, Google has been less and less useful anyway. If you need to keep using gmail or any google services, use a broswer like Firefox that will let you set up “containers” so that google cannot spy on the rest of your web browsing and your computer more broadly.
Stop using Chrome. Firefox and Brave are two security-focused browsers. Firefox has a longer history of trust. Brave is built on “chromium,” an open-source google-based architecture, which means it can run a lot of “chrome-only” web applications while staying reasonably secure.
Invest in a VPN, which can be used to reroute your web traffic. This might become more and more necessary as totalitarianism increases. Not all VPNs are created equal, in terms of convenience, speed, and security.
Start to practice phone hygiene. Delete unused apps. Get in the habit of leaving your phone at home sometimes, because your phone leaves a log of its location at all times and it is trivial to build profiles on us based on our phone habits. Do not bring your phone to protests, even legal protests, if at all posisble. Get a faraday bag that stops all transmissions from your phone and leave it in the bag sometimes, especially if you feel the need to bring it with you places that you maybe shouldn’t bring it.
There is a security-focused phone OS called GrapheneOS that can be installed on Pixel phones that gives you an incredible level of control over how data is collected and transmitted.
Stop connecting your phone directly to your car, because your car is accessing all of the information off your phone (or at least your contacts and call logs) and likely selling it to advertisers and turning it over to the police. Use an auxillary-in jack to listen to music, or a little bluetooth dongle if your phone doesn’t have a headphone jack. GrapheneOS (and presumably other phone OSs) can connect to a device without divulging contacts and call logs.
There is more (almost unfathomably more) that can be done to reduce your digital fingerprint. Your TV is selling your data. You can move to physical media. You can move to piracy. You can maintain a “self-hosted” media server like Plex and then firewall off your TV so that it can only communicate with your local network.
Your car is a snitch too, and every major auto manufacturer is selling your data—where you’ve been, how you drive, even sometimes who you drive with. There are two different threats here: one, data transmitted by the car through an antenna to the manufacturer, who will sell that data and might hand it over to the police. All newer cars do this. Two, even more data (the timestamp of every time the door has opened; the gps coordinates of the car at every moment; the contents of every camera on the car, interior and exterior) is being stored on a hard drive in the car, unencrypted, which is available to any law enforcement agency that takes physical control of the car.
Unfortunately, I’m not aware of any privacy-focused manufacturer (the value of your data must be too high for them to want to lose out) and I’m not aware of anyone working to “jailbreak” cars so that they’re actually controlled by their ostensible owners. I am under the impression that cars pre roughly 2014 or so have dramatically less capacity to store and transmit data, but of course maintaining older vehicles is more complicated and expensive.
There are tools that, as far as I know, have yet to be designed. I can only hope that people are working with them. I hope that the current situation leads to building more robust and user-friendly security-minded digital tools. I hope that we are able to take control of our own cars and their data. I hope that anonymous filesharing becomes easier. I hope people are able to design a way to watch youtube on a tv without giving up data. I hope people design open source, plug-and-play pre-programmed firewalls that can be hooked up to home routers to give the non-tech-savvy user a chance at locking down their data.
Of course, I also hope the social movements confronting fascism continue to grow and eventually (soon?) smash the fascist state and then recognize their own power and instead of accepting a return to the old status quo, move forward to challenge the very nature of national borders, the existence of capitalism, and the threat of climate change.
I’ve got a lot of hopes.
I think we can do it.
Thanks for that. I especially appreciate how you kept things reasonably "grounded", unlike advice that - well meant as it might be - suggests rather extreme all-or-nothing approaches, where even Signal is (supposedly) "too centralized", where then some way more obscure (and not even necessarily more secure or private) solutions get brought up; with FOSS only approaches being mixed in, etc.
"Useful, actionable" advice, and tools and solutions that "regular folks" can (and will) use, and while there might often be "more secure" or "more private" approaches, solutions, tools, etc. in some cases, those are of no use if they are way too involved to use, or too obscure for anyone to use them, for example.
Which doesn't mean there isn't value in some of the "more extreme" solutions. But that's where we'd get back to "usability" and, of course, "threat modeling" again anyway ;)
Anyway, what I'm trying to say, I think: I liked your approach here a lot!
Great advice. Here's some more I might suggest
- Encrypt your hard drive. Linux and Mac just reduce the likelihood of viruses getting onto your computer; most viruses are written for windows. Encrypting your drive makes it much harder for people to read it if they get physical access to your device. Similarly as a non-US person your US border control can copy my devices on entry, so I either need to encrypt them and/or use burner ones
- Beware of privacy degradation in services, even Firefox is becoming less useful: https://www.zdnet.com/article/the-firefox-i-loved-is-gone-how-to-protect-your-privacy-on-it-now/
- If you're sharing photos online strip out all of the exif data first. Photos from your phone can store the GPS data in the exif, some social media will auto strip it but that just means they get to read it themselves.
- Don't assume VPNs provide any decent security improvements. It'd be better to look into solutions like Tor if you're really concerned
- Turn Wifi and Bluetooth off on your phone before leaving the house. Your phone is very chatty otherwise and can leave quite a trace without realizing that. It could also lead you to connecting to unsecured networks where people could try and steal bank data etc