Threat-model yourself

Generic privacy advice fails because it treats every threat as equal. Yours aren't. Most first responders have three to five real adversaries, and the list is knowable.

Sit down with a notepad and write the names. Be specific.

• Defendants you put away. The ones who said something on the way out of court. The ones whose families packed the gallery. The ones who got out last year. You don't need every arrest — pull the cases where someone showed up emotionally, made a threat, or had reach.
• Ex-partners and ex-spouses. Especially anyone who didn't take the breakup well, has access to old photos, knows your routines, and may have your old passwords. This is the most underestimated category for officers and nurses.
• Professional adversaries. Civil-suit plaintiffs, internal-affairs targets you testified against, defense investigators with a long memory, anyone who filed a complaint that didn't go their way.
• Online harassers. Anyone who has named you on TikTok, Twitter/X, or a doxxing forum. Anyone whose video of you went sideways. The activist account that started a thread with your face on it.
• Domestic abusers in your past or your spouse's past. Often forgotten until they resurface. Treat as live threats unless confirmed otherwise.
• Random fixated strangers. The one in a thousand who decided you're the cop or nurse they're going to follow. Rare but real, and usually ramps up quietly.

Fewer than three names is optimistic. More than fifteen is abstract. Defend against people, not "the internet."

Different actors want different things. The defense changes accordingly.

Walk each name on your list through these three questions:

• What outcome do they want? Show up at your house. Show up at your spouse's job. Get your kids' school. Get you fired. Sue you and get a deposition with your home address. Post your address online. Make a SWAT call. Each outcome needs a different piece of information as the input.
• What do they already know? A defendant has your name, your face, the courtroom you testified in, and sometimes your unit. An ex-partner has all of that plus your phone, your old address, your family's names, and your routines. A random online harasser usually starts with just your name and a department. Knowing the starting point tells you what they still need to find.
• Where will they look first? This is the OSINT part. A defendant uses what's free and obvious — Google, TruePeopleSearch, Spokeo, maybe a paid one-time lookup. An ex-partner skips the brokers because they already know you and goes straight to your spouse's social media or your kid's sports roster. A professional investigator uses court records, property records, and business filings.

Build a small grid. Actor on the left, what they want, what they have, where they look. Two pages of legal pad covers most cops.

The grid does the work. Once you can see "the defendant who threatened me in 2019 wants my address, has my full name, and will check Spokeo first," the defense is obvious — kill the Spokeo listing. Generic advice would have told you to "improve your privacy." Specific threat modeling tells you which broker to pull down today.

Connect each actor to the path of least resistance. Most paths share a few chokepoints. Close those and you defend against multiple actors at once.

Common attack paths for first responders:

• Name to address via a data broker. The most common path by a wide margin. A defendant Googles you, a broker page shows your address. Closing the broker network defends against this for nearly every actor on your list. Highest-leverage fix, cheapest fix. Run a free scan to see what's currently live.

• Name to address via a relative. The "known relatives" link on broker sites bridges your name to your parents' or sibling's address, then back to yours. Closing the household, not just yourself, shuts this down. See family-member OSINT leaks.

• Face to identity via reverse image search. A photo from a scene, a body-cam still, a department promotion shot. The adversary runs it through a face-search engine and gets your name. See reverse image search yourself.

• Address to home via property records. Once they have your name, they pull the property records for the deed. Harder to close, worth knowing about. Sometimes a trust or LLC owns the home.

• Routine to predictability via social media or fitness apps. Your gym check-ins, your kid's sports schedule, your Strava routes. The path an ex or stalker uses, less so a defendant.

Look at your grid. Which two or three fixes close the most paths for the most actors? For nine out of ten first responders, the answer is broker cleanup plus a household conversation. Both doable in a weekend.

Threat modeling is on you. We can't tell you which defendant from 2017 still has it in for you. You know that.

What we handle is the broker layer that almost every actor on your list uses as their starting point. The defendant Googling your name, the ex-partner refreshing your address, the online harasser building a doxx — they all hit the same broker pages first. Closing that layer disrupts every path that runs through it.

A free scan shows which broker pages are surfacing for your name today, and we file removals across the network and re-check monthly because brokers re-publish. That covers the cheapest, highest-volume attack path against you regardless of which actor is running it.

The actor-specific paths that don't run through brokers — an ex-partner who already has your data, a stalker watching your routines, a fixated stranger — need the operational habits in operational privacy hygiene and OPSEC for first responders. Threat modeling tells you which of those matter most for your specific list.