websec.gr logo
websec.gr Modern Privacy & Security Lab
Threat model first, tools second

Threat-Model–Driven Anti-Surveillance Playbook

This playbook is for defensive privacy and safety. It helps you reduce unnecessary data exhaust, harden endpoints, and stay calm under pressure. It does not teach evidence destruction or evasion of lawful investigations.

Quick start Threat map Patterns

Use the builder to pick a small set of actions you will really do this week. Consistency beats “perfect OPSEC”.

Quick start

A sane baseline in 30 minutes

If you do nothing else, do this. These are boring, but they work because most compromises and privacy leaks hit easy targets first.

Device

  • Update OS and apps. Reboot after updates.
  • Use a strong screen lock. Prefer a long passcode.
  • Remove unused apps. Keep a small app set.
  • Review permissions. Camera, mic, and location are crown jewels.

Accounts

  • Turn on MFA. Prefer hardware keys where possible.
  • Use a password manager. Unique passwords everywhere.
  • Check account recovery options. Remove weak fallbacks.
  • Enable login alerts for email and cloud accounts.

Comms

  • Pick one trusted messenger and keep it updated.
  • Verify safety codes for high risk contacts.
  • Be careful with links and attachments. Many attacks start there.

Data

  • Back up what you need. Do not back up everything forever.
  • Decide retention: what you keep and for how long.
  • Know where your photos, chats, and docs sync to.

Privacy is not invisibility. The baseline goal is to reduce exposure and make compromise harder, louder, and shorter.

Future graphics

Threat surface map

This map visualizes where surveillance and compromise usually land. The highlighted nodes change based on your selections in the builder. Hover nodes (desktop) to see what they mean. On mobile, tap once and drag to explore.

threat.surface / defense.map
primary focus defensive leverage high visibility
Reading the map: endpoints and accounts are usually the biggest win. Encryption helps, but it cannot save a compromised phone. The goal is to reduce data exhaust and shrink the attack surface without breaking your normal life.
Threat model builder

Turn your scenario into priorities

This does not generate a magic answer. It gives you a reasonable set of priorities, based on common real-world risk patterns.

See map
Note: this stays in your browser. No tracking, no sending data anywhere.

Your priority plan

You want 3 to 7 actions you will really do this week. Not 50 things you will never do.
Select options and press “Generate plan”.
How to think about tradeoffs

Stronger controls often reduce convenience. Your goal is not perfect privacy. Your goal is a calm, consistent posture that fits your life and your legal environment.

If you suspect compromise by spyware or a serious attacker, do not “experiment” on the same device. Preserve evidence, reduce exposure, and move carefully.

Patterns by layer

Where surveillance and compromise usually land

Most real-world problems do not start with crypto breaks. They start with weak endpoints, weak accounts, and too much data exhaust.

Layer 1: Endpoint

  • Keep OS supported and patched.
  • Use strong lock, encryption, and safe backups.
  • Separate profiles. Work and personal should not mix.
  • Reduce sensors and background access.

Layer 2: Accounts

  • MFA everywhere. Hardware key for high risk.
  • Protect email. Email is the master key for resets.
  • Limit recovery methods and SIM swap exposure.
  • Review third-party app access regularly.

Layer 3: Comms

  • Use updated messengers. Verify keys when it matters.
  • Assume metadata exists. Reduce what you can control.
  • Do not treat encrypted apps as spyware-proof.

Layer 4: Network

  • Avoid unknown Wi‑Fi for sensitive work.
  • Keep home router updated and locked down.
  • Prefer simple, audited setups over exotic stacks.
Forensics-friendly privacy

Privacy and accountability can coexist. Keep the logs you actually need, protect them, and rotate them. Do not hoard everything forever. Do not destroy evidence.

- Decide what you log (auth, admin, changes). - Protect logs (access control, integrity). - Rotate and expire logs on schedule. - Keep a clean chain of custody for incidents.
Response play

When something feels wrong

The goal is to reduce damage and preserve clarity. Do not panic. Do not improvise on your only device.

Red flags

  • Account reset emails you did not request.
  • New login alerts, new devices, strange forwarding rules.
  • Battery drain plus odd permissions plus unknown profiles.
  • Contacts receiving messages you did not send.

First moves

  • Secure email and critical accounts from a clean device.
  • Rotate passwords and revoke sessions.
  • Backup evidence safely if you can do so without tampering.
  • Consider professional help for high-risk cases.

If the adversary is abusive monitoring, treat safety as primary. Controls should not escalate risk for the victim.