If you’re worried about getting hacked or spied on you have to first think about what’s called a threat model.
Threat modeling is one—if not the—most important and perhaps least understood component of staying secure online. So what is threat modeling exactly? It’s none other than thinking about what data you want to protect, and who you’re trying to protect it from. In other words: what are you worried about that might get hacked?
For example, say you’re trying to protect your email account from a snoopy friend, then it’s probably enough if you don’t share the password with that person, and don’t log into your email on their computer. But if you’re worried about cops or spies accessing that email account, then you might need to take other steps.
Again, it all depends on the threat (spies, hackers, cops, abusive partners, etc.) you’re worried about, and the data you’re trying to protect (your email, your Facebook or Twitter accounts, intimate pictures, etc.)
To help you figure out your threat model, consider these five questions:
By answering those questions, and figuring what solutions and tools you want to adopt based on them, you will come up with a threat model that works for you.
Overestimating your threat can be a problem too: if you start using obscure custom operating systems, virtual machines, or anything else technical when it's really not necessary (or you don't know how to use it), you’re probably wasting your time and might be putting yourself at risk. At best, even the most simple tasks might take a while longer; in a worst-case scenario, you might be lulling yourself into a false sense of security with services and hardware that you don’t need, while overlooking what actually matters to you and the actual threats you might be facing.