Privacy for people who have something to lose.

Most privacy advice is written for people who are slightly paranoid.
This one is written for people who have a real reason to care.

Every digital trail leads somewhere. Know yours.

WHAT you find here

Privacy advice written for people with real stakes is different from general advice. It doesn’t start with “use a strong password.” It starts with who wants access to your data, what they can do with it, and what you are, and aren’t, willing to do about it. That’s what you’ll find here.

The Blog

Threat models, articles by profile.

Tool verdicts tested under real conditions. Threat analyses from documented cases. Operational protocols for people with actual stakes.

Explore →

The Glossary

The glossary. The tools.

VPN, OPSEC, Metadata, Pegasus, Cellebrite, not Wikipedia definitions. What each term means for someone in your situation.

Browse resources →

The OPSEC Brief

One email. One threat. One action.

300–500 words every week. One documented threat, one tool verdict, one thing you do today. Free. No sponsors. No noise.

Subscribe free →

WHO this is for

Pick your situation. Not all threat models are equal. A journalist protecting a source faces different risks than a lawyer managing client communications, or a military spouse posting on social media. The right tools and protocols depend on who’s coming for your data, and why.

Journalists Hostile environments & source protection Lawyers & Notaries Client confidentiality starts before you open your laptop NGO & Expats Security is not optional in the field Military Families What you post while they’re deployed matters Divorce & Legal Assume your devices are already compromised High-Risk Travel A security checklist before you land, not after Evergreen Core OPSEC principles that don’t expire Anyone Anyone who has a real reason to take their privacy seriously

WHERE operations fail, careers end, and sources get burned.

Incidents. Legal changes. Operational lessons. Updated as the world provides them. These are documented cases: arrests, seizures, breaches; where operational security failed in the real world. Not hypotheticals. Not worst-case scenarios. Things that happened, and what they teach.

WHY? Most security failures are not technical. They are human.

The failures we documented were not technical. They were people using ordinary tools under real pressure, without a threat model. A journalist who used Signal but kept five years of source contacts on one unencrypted device. A lawyer who trusted client confidentiality without auditing who else had access. The articles below are what we learned, and what changes when you know.

HOW? The tools that passed the test.

Four tools. Proton, 1Password, DeleteMe, and Mullvad. We turned down the rest, NordVPN, Surfshark, ExpressVPN. Every tool passes one test: would we use it ourselves if our security depended on it? These four passed. The others didn’t. The reasons are specific, documented, and available in the article below each recommendation.

VPN + MAIL + PASSWORDS

Proton

SEE OFFER →

PASSWORD MANAGER

1Password

SEE OFFER →

DATA BROKER REMOVAL

DeleteMe

SEE OFFER →

VPN, NO AFFILIATE

Mullvad

VISIT SITE →