Defensive strategies

../../_images/defensive-strategies.png

Defence at every level, whether the defender is a citizen, an NGO, a company, a research institution or a state, sits downstream of the same structural conditions: what the surrounding system rewards, who benefits from leaving it as it is, and why technically sound counsel keeps losing to the status quo. Name those first, or any advice is only motion.

Where the models stop fitting

The threats described in these models do not affect everyone equally. A civil society organisation operating in a country with functional judicial oversight faces a different landscape than one operating where the courts cannot be relied upon. A researcher at a well-resourced university has options that a freelance journalist does not. A citizen who is already a known activist is under different pressure than one who has no current profile but may acquire one.

Generalising across these situations produces recommendations that are accurate for some readers and irrelevant or even misleading for others. The alternative, producing bespoke guidance for every possible context, is not feasible.

The models were built with specific, recurring threat patterns in mind: commercial data extraction, nation-state surveillance, and partner abuse. The defensive guidance follows from those patterns. Where a situation diverges significantly from the framing, because the adversary is different, the jurisdiction unusual, or the threat model more acute, the framing bends to the situation, not the situation to the framing.

A general model read as precise guidance for a specific context is its own category of error.

Last reviewed: 2026-07-08.