Threats

Three threats. Plain language. No fearmongering. Each one paired with a concrete move.

1. Data harvesting

Big Tech's business model is your data. Gmail, Drive, Photos, Maps, Search, the keyboard on your phone — the value flows from observing you, not from the software itself. The software is the bait.

This is the threat most people are most exposed to and least worried about. Not because it's small — it's huge — but because it doesn't feel like a threat. It feels like convenience.

What it actually does: builds a behavioral profile of you, sells targeting access to advertisers, trains models on your private content, and keeps the profile even if you delete the account. Some providers also legally hand the profile to law enforcement on request, sometimes without notifying you.

What we offer: migration paths to providers whose business model isn't your data — Proton, Tuta, Infomaniak, Murena, EU-jurisdiction storage. See deGoogle flows.

2. Structural surveillance

Governments dragnet everyone. The U.S. CLOUD Act lets U.S. authorities compel U.S. providers to hand over data even when that data sits in Frankfurt. The provider often can't tell you it happened.

This is not about whether you personally are interesting to a state. It's about whether the data flows you depend on are sitting in jurisdictions that respect your rights when you're not in the room.

Switzerland, Germany, France, Iceland, and Norway are the jurisdictions we lean on. Not perfect — nowhere is — but materially better than the U.S. for non-citizens.

What we offer: EU-jurisdiction-first stack, end-to-end encryption where possible, open-source clients you can audit (or pay someone to audit), and a grading rubric that takes jurisdiction seriously.

3. Hackers and theft

Someone steals your laptop. Someone picks up your phone in a café. Someone breaks into a service you use and your password ends up in a dump. This is the boring, non-political threat — and it's the one most likely to actually happen to you.

What we offer: bundled defaults, not a 40-item checklist:

Disk encryption on every device. It's a checkbox now — FileVault, BitLocker, LUKS.
2FA on email, banking, and one or two keystone accounts. Hardware keys if you can.
A password manager. Bitwarden or 1Password. Stop reusing passwords.
Backups for the few files you couldn't reconstruct — not for everything.

What we don't address

The v1 site is honest about what's out of scope:

Targeted state-level attack. If a nation-state is after you specifically, you need a different stack. See Advanced.
Supply-chain compromise. Important, deep rabbit hole, scares people away. We mention it on Methodology and link out.
Hardware management engines (Intel ME, AMD PSP). Real concern, deferred to Advanced.
Tor / mixnets / strong anonymity. Different tool, different audience.

Done with threats? See what we're building →