A lot of available guides talk about how to improve your privacy and security online, but very few begin with threat modeling. I think this is a mistake. If you don't know what you're protecting from whom and why, your efforts are going to be scattershot at best.
(No, I did not start this guide with threat modeling either. We are all learning from my mistakes here.)
"Threat Model" sounds ominous, but it's really just doing what every journalist does at the start of every news article. It's answering the Ws and H:
Without good threat modeling, you can't coordinate your efforts for maximum effect. You may also get confused by the advice that's out there.
For example, I was reading a book recently on how to "make yourself invisible" online. (Note: this is basically impossible, but I'll let the hyperbole slide as marketing for now.) Among other things, the author recommended reducing your exposure to malware by buying a cheap Chromebook and leaving it turned off except when you need to do your online banking or connect with your doctor's office.
While this approach likely does reduce your exposure to one threat (malware), it also definitely increases your exposure to another threat (Google harvesting your data). Without a threat model, you won't know whether the tradeoff - giving Google access to your info in exchange for lower malware exposure - is worth it to you. You also won't be able to assess the value of alternative plans, like using a different computer running Ubuntu, for example.
While answering the above questions, it also helps to think about the differences between anonymity, privacy, and security.
Anonymity is when people know what you're doing, but they don't know who you are. A subset of anonymity is pseudonymity, where you go about your online business under an assumed name. (Reddit is full of psuedonymous users.) The downside of pseudonymity is that it still requires care to avoid releasing too much personal information. If you talk freely about everything, you can build up enough information under a psuedonym for people to trace it back to you.
Think of Superman: No one knows he's really Clark Kent, but everyone knows when "Superman" stops a runaway train or rescues a missing orphan. Protecting his identity (psuedonymity) is more important to Superman than protecting his activities (privacy).
Privacy is when people know who you are, but they don't know what you're doing. In the US, laws like HIPAA strive to keep the contents of your medical records secret, even if anyone on the street can see you walk into the doctor's office. The voting booth is another example of privacy: Whether you voted is public record, but who you voted for is not.
Security is when only certain, limited parties can access your information. Picture a locked file cabinet. Everyone may know that you (no anonymity) put files (no privacy) in the cabinet, but only people with the key can find out what's in those files.
It's possible to have great security but no privacy. In fact, this is precisely what Google offers. The stuff on your Google Drive is actually quite secure from outside hackers. In exchannge, however, you give up your privacy - Google can and does know exactly what you've put in their storage space. Likewise, it's possible to have great privacy but no security: Photos of a random wall, with the metadata stripped out, left on an unencrypted hard drive in your local coffee shop, can't be traced back to you, but they're also free for the taking. And you can have both privacy and security - or neither - with or without anonymity or pseudonymity.
To add to our threat model questions:
There are no one size fits all answers to these questions. For example, I'm willing to do nearly all my online socializing under a single pseudonym, but I'm also careful not to connect too much of my "real life" to that name. I keep separate email accounts for banking and healthcare, family stuff, socializing, business, and spam/trash. I strip the metadata from any photos I post or send via email or text. And I use Signal for text messaging whenever possible.
Your choices may look different, and that's okay. The important thing is to understand what you're protecting and how the tools you choose help you meet that goal.
I'd love to make this a series in which I provide exhaustive, well-researched comparisons of available options. But that's going to take a level of work I don't have time to do. So maybe I wouldn't "love" that so much as "be mildly cool with it."
I do feel reasonably well equipped to pontificate on search tools, however. As a marketing and tech writer, I use these in my daily freelance work. I also use them regularly in my work as a school librarian.
The first thing to understand about search tools in the year 2025 is that the results will generally be bad because the body of available work is bad. That is, no search engine is going to filter with total accuracy for "content" written for marketing/SEO/SERP-juicing purposes. Sorry. People like me have done our jobs too well.
That said, there are search engine options that aren't actively enshittfying their offerings to get you to inadvertently click ads or to spend more time on their sites. There are also options that aren't spying on you, or that, at the very least, are spying on you less than Google.
My first recommendation: stop using Google.
Things to try instead of Google:
DuckDuckGo is my default, mostly because of the default options most commonly offered, it's the least bad. It's still bad, but again, that has to do with the content of the Web as much as anything. There are various Opinions to be had on its privacy claims, so I suggest reading the terms of service and privacy policy at the very least. As with anything.
Startpage offers Google search results, but with trackers and logs stripped out. It also doesn't save your search history. If Google results work fine for you but you don't want Google knowing more about you than everyone else in your life combined, Startpage may become your preferred choice.
Ecosia also aims to keep your searches more private and to plant some trees (literal trees) in the process.
If you want to have more fun on the Web through your search engine:
Marginalia prioritizes non-commercial content. It also comes with a "browse" function, if you want to see cool new stuff without typing in a search term.
Wiby is a curated search tool for older, more lightweight pages. Another good way to explore the classic Web that lets you focus your starting point. (The best way to explore non-commercial Web sites will always be via links, however. Remember Web surfing? We're diving back in, baby.)
FrogFind returns text-only results - letting you just read things without dealing with images, popups, or other distractions. It's ideal for use with Lynx or on older computers that can't handle Web 2.0's bloat. My at-work network blocks FrogFind for some reason, but frogfind.de works!
I regret the zombification of Google. I loved Google ca. 2002. Being good at using it made me a standout at my first full-time post-college job, where my colleagues could not believe how quickly I could get them reliable answers to questions. Today, I can't stand using it. Fortunately, we have options.
In her Cyber-Cleanse, Janet Vertesi starts people off on trying new browsers. Which makes sense, as a browser is both pretty easy to change and a pretty big part of people's daily Internet use. In terms of "bang for one's buck," persuading someone to try a browser that isn't Safari, Edge, or Chrome makes St. Barbara proud.
Scratch the surface, though, and WOW are browsers a can of worms. Everyone has their opinion on which browsers are terrible. Name even one browser, and someone will surely tell you why you are a fool for using it. And the worst part is...every single one of them is right.
Here's some stuff I've learned about browsers.
There are only two. ish. Nearly every browser out there is a direct family member of Chromium (the basis of Chrome) or Gecko (the basis of Firefox). There are a couple exceptions: Pale Moon is based on Goanna, for instance. I'm not sure what Lynx is, but I know it is AWESOME. (Will rave about Lynx more later.) Generally speaking, though, your only two options are browsers related to Chrome or browsers related to Firefox. And it's gonna stay that way for a while, because....
Building a web browser from scratch is HARD. I confess I don't know enough about the tech involved to explain how or why. But one thing was very obvious from the reading I've done so far: Building a new Web browser from scratch is a Major Challenge. It's not something you can do yourself in a weekend after following a coding tutorial (I know because I looked it up in the hopes that it was). And even if a third contender did appear, it might not be what you want, because....
Even brand-new browsers built "from scratch" have a lot of corporate backing. See Ladybird and its list of sponsors/supporters, for example.
Also, extensions might not solve your problems - and may make some of them worse. There are a few extensions I won't use a browser without, so I won't say they're all bad. But none of them are foolproof for privacy or security. In fact, too many might make you more traceable online, because they give your browser a unique profile. If no one else runs your particular version of [insert browser here] with your particular set of extensions, it's...pretty easy to tell it's you.
My solution? After a lot of reading and trying out various browsers and extensions, I've settled on four (yes, four) for my daily stuff:
LibreWolf is Firefox but with the security settings cranked up as far as they'll go. Because it's Firefox, it will run the Cloud Firewall extension, which I love. (More about that when I pontificate on extensions later.)
Ungoogled Chromium is, as the name implies, a Chromium-based browser with no Google components. This is where I run the one site I have to use that Cloud Firewall blocks (my bank). I also use it to test how my HTML looks in a non-Firefox-related browser.
Lagrange is a browser built for the Gemini protocol. It is GORGEOUS and I would die happy if I could get all my browsers to look more like Lagrange's defaults. (I recently downloaded the Stylus extension for LibreWolf to attempt it.)
Lynx is a text-only browser that runs from the computer's terminal/command line. It only loads text and links. This means a lot of Web pages break in it. But a lot don't. It's ideal for reading things without being tracked. Lynx cannot load most trackers - it doesn't recognize them as loadable - and it asks you to accept/reject individual cookies.
I have not tried Pale Moon yet. There are others out there I haven't tried either. So browsers are still a work in progress, as is everything on this journey.
Oh, and - I'm sure someone reading this will have some Strong Opinions about my browser choices. Before you fire up your email to tell me how dumb my choices are, I just want to say: You're right.
Just a lil HTML journal in which I reflect on my two-month journey of divorcing myself from Oligarch Tech. I started on January 8, 2025, when a friend shared a link to Janet Vertesi's blog The Opt-Out Project. I started there thinking "well, I already don't use Edge or Chrome, I wonder what other browsers are out there?"
Exactly two months later, on March 8, 2025, I flashed Sailfish OS to a Sony Xperia 10iii and bid my former phone, a Samsung Galaxy S10 running Android 13, goodbye. It was the last big piece of Oligarch Tech left in my daily life.
During this process, I've made several attempts to write about it. I even made a /instead page with the stuff I was using instead of Apple, Amazon, Automattic, Cloudflare, Google, Meta, Microsoft, or Twitter. But it's only now, in hindsight, that I feel like I can say anything worth using electricity on. So here is where I'll do that unpacking.