What Layer Are You At? #

Find your current privacy level across the 7 Layers—then get a personalized action plan.

Privacy isn’t all-or-nothing. You’re somewhere on the spectrum across multiple layers. This assessment helps you:

1. Identify where you are now (honestly)
2. Understand what each layer means
3. Prioritize which layer to improve first

No judgment. Everyone starts somewhere.

---

📊 THE 7 LAYERS (Quick Reference) #

Layer 0: Hardware (devices, chips, firmware)
Layer 1: Operating Systems (Windows, Mac, Linux, mobile OS)
Layer 2: Software & Applications (browsers, apps, tools)
Layer 3: Internet & Network (VPN, DNS, Tor, mesh)
Layer 4: Communications (email, messaging, voice/video)
Layer 5: Identity & Authentication (passwords, 2FA, biometrics)
Layer 6: Data Storage & Sovereignty (cloud, encryption, backups)
Layer 7: Social & Behavioral (OpSec, awareness, community)

---

🔍 SELF-ASSESSMENT (Rate Yourself 1-10 Per Layer) #

LAYER 0: Hardware #

Rate yourself:

• ❌ 1-3: Using mainstream devices (Intel ME/AMD PSP, stock phones), no awareness of hardware risks
• ⚠️ 4-6: Aware of hardware backdoors, considering privacy-focused devices
• ✅ 7-9: Using privacy-respecting hardware (System76, Purism, Pixel w/ GrapheneOS)
• 🏆 10: Libreboot ThinkPad or RISC-V devices, hardware kill switches

Where are you? [1-10]: _

If 1-5: Focus on higher layers first (hardware is hardest to change)
If 6-8: Good foundation, maintain awareness
If 9-10: You’re advanced, help others

Deep Dive: Layer 0 (Framework KB, Doc 2.2.1)

---

LAYER 1: Operating Systems #

Rate yourself:

• ❌ 1-3: Windows 10/11 or stock Android/iOS (default settings, heavy telemetry)
• ⚠️ 4-6: Using macOS or hardened Windows/iOS (some privacy settings enabled)
• ✅ 7-9: Linux (Ubuntu, Fedora, Mint) or GrapheneOS/CalyxOS
• 🏆 10: Qubes OS, Tails, or Arch Linux (full control, no proprietary blobs)

Where are you? [1-10]: _

Action plan:

• If 1-3: START HERE (biggest impact) → Linux Guide (2.3.3) or Harden Windows (3.2.3)
• If 4-6: Consider dual-boot Linux → Guide (2.3.9)
• If 7+: Maintain, help others switch

---

LAYER 2: Software & Applications #

Rate yourself:

• ❌ 1-3: Mostly proprietary (Microsoft Office, Adobe, Chrome, mainstream apps)
• ⚠️ 4-6: Mix of open-source and proprietary (Firefox + some FOSS apps)
• ✅ 7-9: Primarily open-source (LibreOffice, GIMP, F-Droid apps)
• 🏆 10: 100% FOSS, audit software before use, contribute to projects

Where are you? [1-10]: _

Action plan:

• If 1-3: Swap 1 app/week → App Swaplist (1.2.4)
• If 4-6: De-Adobe, De-Microsoft → Guides (2.4.4, 2.4.5)
• If 7+: Teach others, audit software

---

LAYER 3: Internet & Network #

Rate yourself:

• ❌ 1-3: No VPN, ISP DNS, no awareness of network privacy
• ⚠️ 4-6: Using free/questionable VPN or only on public WiFi
• ✅ 7-9: Privacy VPN (Mullvad, ProtonVPN, IVPN) + encrypted DNS (Quad9, NextDNS)
• 🏆 10: Self-hosted VPN, Tor for sensitive tasks, mesh networking (Meshtastic)

Where are you? [1-10]: _

Action plan:

• If 1-3: Get VPN NOW → VPN Guide (2.5.2)
• If 4-6: Switch to privacy VPN → Mullvad Setup (3.6.2)
• If 7-9: Add encrypted DNS → Guide (2.5.7)
• If 10: Teach others, contribute to mesh networks

---

LAYER 4: Communications #

Rate yourself:

• ❌ 1-3: Gmail, WhatsApp, SMS, Zoom (unencrypted or metadata-rich)
• ⚠️ 4-6: ProtonMail + Signal (but still use some mainstream)
• ✅ 7-9: ProtonMail, Signal, Element/Matrix (E2E encrypted everything)
• 🏆 10: Self-hosted email, SimpleX Chat, PGP-encrypted comms, no metadata

Where are you? [1-10]: _

Action plan:

• If 1-3: Switch to ProtonMail + Signal → Guides (3.4.2, 3.5.2)
• If 4-6: Migrate fully to encrypted tools → 30-Day Challenge (1.2.3)
• If 7-9: Explore SimpleX, self-host → Guides (3.5.3, 2.6.4)
• If 10: Teach OpSec to activists

---

LAYER 5: Identity & Authentication #

Rate yourself:

• ❌ 1-3: Reused passwords, no 2FA, browser-saved passwords
• ⚠️ 4-6: Password manager (Bitwarden), SMS 2FA on some accounts
• ✅ 7-9: Unique passwords everywhere, authenticator app 2FA (Aegis/2FAS)
• 🏆 10: Hardware keys (YubiKey), anonymous accounts, segmented identities

Where are you? [1-10]: _

Action plan:

• If 1-3: Install Bitwarden TODAY → Guide (3.7.2)
• If 4-6: Enable 2FA everywhere → Guide (2.7.3)
• If 7-9: Get hardware key → Guide (2.7.4)
• If 10: Teach threat modeling

---

LAYER 6: Data Storage & Sovereignty #

Rate yourself:

• ❌ 1-3: Google Drive, Dropbox, iCloud (unencrypted cloud)
• ⚠️ 4-6: Encrypted cloud (ProtonDrive, Tresorit) or local backups
• ✅ 7-9: Self-hosted Nextcloud or Syncthing (P2P)
• 🏆 10: Encrypted self-hosted + 3-2-1 backup rule, airgapped backups

Where are you? [1-10]: _

Action plan:

• If 1-3: Switch to ProtonDrive or encrypt with Cryptomator → Guides (3.8.2, 3.8.4)
• If 4-6: Set up backups (3-2-1 rule) → Guide (2.8.4)
• If 7-9: Self-host Nextcloud → Guide (2.8.5)
• If 10: Help others self-host

---

LAYER 7: Social & Behavioral #

Rate yourself:

• ❌ 1-3: No OpSec awareness, fall for phishing, share too much online
• ⚠️ 4-6: Aware of threats, some good habits (lock screen, skeptical of links)
• ✅ 7-9: Strong OpSec (compartmentalization, threat modeling, physical security)
• 🏆 10: Activist-level OpSec (assume surveillance, dead drops, community security)

Where are you? [1-10]: _

Action plan:

• If 1-3: Learn threat modeling → Guide (2.9.2)
• If 4-6: Build OpSec habits → Guide (2.9.5)
• If 7-9: Join local privacy node → Find Node (5.2.2)
• If 10: Lead workshops, teach others

---

📈 YOUR TOTAL PRIVACY SCORE #

Add up your scores: [Layer 0] + [Layer 1] + … + [Layer 7] = _ / 70

Convert to percentage: (Your score / 70) × 100 = _ %

---

🎯 WHAT YOUR SCORE MEANS #

0-20% (Beginner – High Risk) #

You’re vulnerable. Most people start here. Focus on Layer 1, 4, 5 immediately.

Priority Actions:

1. Install password manager (Layer 5)
2. Switch to privacy browser (Layer 2)
3. Enable 2FA (Layer 5)
4. Install Signal (Layer 4)
5. Get VPN (Layer 3)

Timeline: 1 week to get to 40%

Start here: Your First 5 Privacy Wins (1.2.1)

---

21-40% (Basic Privacy – Medium Risk) #

You’ve started. Some good habits, but gaps remain.

Priority Actions:

1. Migrate to ProtonMail (Layer 4)
2. Set up VPN (Layer 3)
3. Dual-boot Linux (Layer 1)
4. Encrypted backups (Layer 6)

Timeline: 30 days to get to 60%

Continue: 30-Day Privacy Challenge (1.2.3)

---

41-60% (Intermediate Privacy – Moderate Protection) #

You’re ahead of 90% of people. Time to go deeper.

Priority Actions:

1. Full Linux switch (Layer 1)
2. Self-hosting basics (Layer 6)
3. Advanced OpSec (Layer 7)
4. Join local privacy node (Layer 7)

Timeline: 3-6 months to get to 80%

Next: Intermediate Roadmap (1.3.2)

---

61-80% (Advanced Privacy – Strong Protection) #

You’re in the top 5%. Focus on operational security and community.

Priority Actions:

1. Self-host critical services (email, cloud)
2. Hardware upgrades (privacy-focused devices)
3. Teach others (workshops, local nodes)
4. Mesh networking (Layer 3 advanced)

Timeline: 6-12 months to get to 90%+

Explore: Advanced Guides (KB4)

---

81-100% (Expert Privacy – Maximum Protection) #

You’re at activist/journalist level. Your role: Teach and lead.

Priority Actions:

1. Contribute to FOSS projects
2. Start/lead local privacy node
3. Mentor beginners
4. Share case studies (what works, what doesn’t)

Your mission: Multiply impact by helping 10 others reach 60%

Join: Node Leader Community (5.2.5)

---

🛤️ CHOOSE YOUR NEXT STEP #

Based on your score, pick ONE path:

Score 0-40: → Beginner’s Roadmap (1.3.2)
Score 41-60: → Intermediate Path (1.3.3)
Score 61-80: → Advanced User Fast-Track (1.3.4)
Score 81-100: → Become a Leader (5.2.3)

---

Retake this assessment every 30 days to track progress.

Download Self-Assessment Worksheet (PDF):
[DOWNLOAD: Layer-by-Layer Tracker]