Threat modeling is important. It’s basically just the underlining decision of what it is you’re trying to protect yourself from. For me, I hide from corporations, but I’m not really worried about government entities or state level actors.
I would divide what I do into three separate levels.
Level 1, the lowest level of protection that I do for myself is that I don’t use shopping memberships, or provide (real) email or phone number at any business that I use.
- I use Simple Login to create alias email addresses that can forward to my inbox if I want to receive a message. After I create them, many are just switched off.
I create these aliases in advance and mark them “unused”, so that when I’m out and about if I have to provide an email address, I can just open the app and select an unused one without having to do other steps of creating it.
Level 2, the next level deeper, is that I do not use gmail, Yahoo, msn/hotmail, etc. I use protonmail, so that my email inbox is not scanned and spammed. Using the combination of protonmail and simple login has basically reduced the spam that I received to almost nothing.
- Protonmail and Tutanota are the most prevalent for me in this category but there are a few other providers out there.
Level 3, the step that’s seemed to be the hardest, I deleted social media. No Facebook. I did miss it for a while. But honestly, I missed Google Drive more. Lol.
- I also use signal messenger as my main communication method with those close to me. I still use SMS with some people but I really try to stick with signal messenger.
- I use graphene OS on my phone. It’s super easy to set up and there’s no excuse not to use it unless you don’t currently own a pixel device. Get a pixel device when you buy your next phone if you want to try it.
That’s some of what I did for myself as a base level three-step program, Your steps may be different. The first thing you need to decide is what it is you’re trying to keep private.
I didn’t want my day-to-day habits of using the credit card or debit card or the grocery store or what I buy and where I buy it from to just be searchable by anyone. By not using a shopping club number or my real email or phone, makes the algorithm have to contact the credit card agency to get this information… which won’t be there in cases where I use cash to pay.
I didn’t want to open my email and have a bunch of spams from Google scanned my inbox and decided that I might be interested in “x” offer.
I feel like Facebook is basically like a survey and a profile all the time. I didn’t like filling it out like a survey to a supervillain. I didn’t like sharing my life or other preferences willingly, or having them exposed through an algorithm.
Also, since the Patriot Act all phone messages are recorded, stored, or otherwise catalogued. a SMS message is basically a postcard. A private phone call is recorded by the state, no matter what you do. So to minimize that footprint, I use signal, which either deletes or encrypts my communications. It makes it incredibly easy for other people to use encrypted communications by just installing that app. The best way to get out of people to use it is to start using it yourself even if you only have one person in your life that would use it.
I’ve considered in the past posting my own signal username online so that other people who want to use or try signal have someone to message.
Hope this helps you.