I've created a highly specific and actionable privacy guide, sorted by importance and venturing several layers deep into the privacy iceberg. I start with the basics (password manager) but also cover the obscure (dodging the millions of Bluetooth tracking beacons which extend from stores to traffic lights; anti-stingray settings; flashing GrapheneOS on a Pixel). I feel strongly motivated by current events, but the guide also contains a large amount of timeless technical content. Here's a preview.
Digital Threat Modeling Under Authoritarianism by Bruce Schneier
Being innocent won't protect you.
This is vital to understand. Surveillance systems and sorting algorithms make mistakes. This is apparent in the fact that we are routinely served advertisements for products that don’t interest us at all. Those mistakes are relatively harmless—who cares about a poorly targeted ad?—but a similar mistake at an immigration hearing can get someone deported.
An authoritarian government doesn't care. Mistakes are a feature and not a bug of authoritarian surveillance. If ICE targets only people it can go after legally, then everyone knows whether or not they need to fear ICE. If ICE occasionally makes mistakes by arresting Americans and deporting innocents, then everyone has to fear it. This is by design.
This guide will help you protect your communications and information so you can think and speak freely. The privacy won't be perfect, but it should give you breathing room. As more people reclaim their privacy, their networks grow more secure and resistant to authoritarian punishment.
Obligatory disclaimer: I work on AI alignment at Google DeepMind but am only expressing my own views.
What should I read?
This guide is long. Don't try to complete it all at once. My website has long-lasting checkbox functionality (my site hosts the article you are previewing). As you complete items, check them off to remember your place in the guide.
| Tier | Time for tier | Cost of tier | Protection level |
|---|---|---|---|
| Quick start | 50 minutes | $0 | Online accounts secured against most hacking. Limited private communication ability. |
| Privacy basics | 90 minutes upfront + 45 minutes for YubiKey setup when it arrives | $110 + $13/month | Significant privacy against mass surveillance. Govt. has a harder time seeing who you talk to and can't easily monitor what you say on the Signal app. |
| End-to-end encrypt your data | At least 4.5 hours | $14/month | Mass surveillance unlikely to capture your important data or communications. |
Each tier builds on the previous, so do them in order.
- Something is better than nothing. Even a few hours can transform your privacy.
- If money is hard to come by, don't worry—many of the best interventions are free.
- If you find this subject distressing, you're not alone because I do as well. Do what you can.
What's your risk level?
| Your situation | Threat level | Recommended sections |
|---|---|---|
| Living in a stable democracy, a Trump supporter who does not belong to any marginalized groups | Low | Quick Start & Privacy Basics |
| US citizen who does not support Trump | Medium | This guide and the sequel, all sections |
| Immigrant, journalist critical of regime, opposition politician | High | Both guides & consult security professionals |
| Facing imminent arrest or deportation | Critical | This guide is insufficient—seek legal counsel immediately |
This guide is about protecting yourself, but it's not necessarily about hiding. I personally think what's going on right now is horrible and that most citizens should act. At the same time, you should take intelligent risks via intentional public statements—not avoidable risk because the government spies on your private communications.
⚠️ Warning: These posts do not suffice to protect you against targeted surveillance. If you're at risk of that, read this guide and the more advanced sequel but also refer to a more hardcore guide with targeted surveillance in mind and consult a security professional.
What information this guide will and won't help you protect
If your phone is connected, cell towers track your approximate location. License plate readers track your car. Facial recognition identifies you in public spaces and others' photos. You will be hard-pressed to turn invisible while participating in modern society.
This guide will teach you to protect a limited selection of your data:
- Content of your communications (Signal E2EE),
- What you're researching and reading (VPN hides websites),
- Your organizing documents and plans (E2EE cloud storage),
- Your network and contacts (E2EE contact storage & calendar),
- Correlation across identities (pseudonymity, email aliases).
In high-risk situations, leave wireless-enabled devices at home, in airplane mode, or in Faraday bags for truly sensitive meetings. Otherwise, pessimistically assume the government knows where you are at all times. Also, financial privacy is hard and this guide only helps a bit on that front.
Overview of the technical recommendations in each post
Privacy Despite Authoritarianism
Tier 1: Quick-start essentials (50 minutes, free) Bitwarden password manager, Proton Authenticator for 2FA (not SMS—exploited by China), Signal for E2EE messaging, iOS Advanced Data Protection, strong device passwords.
Tier 2: Privacy basics (90 minutes + 45 min, $110 + $13/month) ProtonVPN with kill switch (though iOS breaks VPNs), Brave browser, privacy search engines, two YubiKeys for hardware 2FA, minimize app permissions, disable geotagging.
Tier 3: End-to-end encrypt your data (4+ hours, $14/month) Migrate to Proton Mail, Proton Drive, Proton Calendar, Ente Photos, EteSync contacts, OsmAnd maps—all E2EE. Commercial tracking feeds government surveillance via data brokers.
Advanced Privacy Despite Authoritarianism
Harden your hardware (12+ hours, $900+ or free) GrapheneOS on Pixel, Linux Mint (free) replacing Windows, GL.iNet router with OpenWrt for whole-home VPN & DNS-level adblock, optional Apple TV and Home Assistant.
Secure your digital footprint (3 hours, $15/month) Pseudonyms via Bitwarden, SimpleLogin email aliases, Privacy virtual credit cards, delete PayPal, opt out financial data sharing, local LLMs or Apple Private Cloud.
Advanced mobile & travel security (1 hour, free) LibRedirect privacy frontends, disable Bluetooth/Wi-Fi scanning (beacon tracking), disable 2G (stingrays), disable AirDrop, turn off devices at borders, generic device names.
Medium-term strategic shifts Emergency cash reserves (the regime threatens financial warfare), migrate Slack to Element (E2EE Matrix protocol), gradually leave X for Bluesky/Mastodon (federated censorship resistance).
The rest of the post is on my website. The main reason is that my site offers checkboxes to track progress on the many detailed recommendations. Continue reading here.