Defensive strategies¶

These pages offer possible responses to the threats described in the models elsewhere in this greenhouse. They are organised by who is doing the defending, because the constraints, resources, and adversaries differ enough that a single set of recommendations would be dishonest.

A word on generalisations¶

Every page in this section generalises. It has to, and it is worth being transparent about what that costs.

The threats described in these models do not affect everyone equally. A civil society organisation operating in a country with functional judicial oversight faces a different landscape than one operating where the courts cannot be relied upon. A researcher at a well-resourced university has options that a freelance journalist does not. A citizen who is already a known activist is under different pressure than one who has no current profile but may acquire one.

Generalising across these situations produces recommendations that are accurate for some readers and irrelevant or even misleading for others. The alternative, producing bespoke guidance for every possible context, is not something these pages can do.

The models were built with specific, recurring threat patterns in mind: commercial data extraction, nation-state surveillance, and partner abuse. The defensive guidance follows from those patterns. Where your situation diverges significantly from the framing — because your adversary is different, your jurisdiction unusual, or your threat model more acute — treat this guidance as a starting point for thinking, not a checklist to follow.

Treating a general model as if it were precise guidance for your specific context is itself a category of error.