Skip to content
Clawdemy

Practice: Your starting point: write down what you're protecting and from whom

Self-check

Section titled “Self-check”

Answer in your head (or on paper) before opening the collapsible.

1. What are the two questions you answer in your seed paragraph?

Show answer

Question 1: What do I want to protect? (EFF calls these your assets.) Question 2: Who do I want to protect it from? (EFF calls the party on the other side your adversary.) Two questions, one paragraph, five sentences or fewer.

2. The lesson says “my data” does not count as an answer to question 1. Why?

Show answer

“My data” is the cloud version of the answer: true but useless. It does not distinguish between information about other people in your care (student names, client records), your own personal information, credentials and account access, and work in progress. The asset list needs to be specific enough to be actionable. Aisha’s version named three concrete things: student names and report-card comments, her district login to the AI tool, and draft progress reports containing parent contact information. The specifics are what make the list something you can act on.

3. List three categories of adversary that often apply to AI-tool seed paragraphs.

Show answer

Any three of the five the lesson names: the vendor itself (anything you give the vendor is in the vendor’s possession), whoever the vendor shares your data with (business partners, advertising relationships, government legal demands), whoever might breach the vendor (attackers who access the vendor’s systems without permission), people with shared access (family members, colleagues, former partners, contractors), and you yourself in a moment of inattention (pasting sensitive content into the wrong window, sending a draft to the wrong recipient). The most common adversary in most readers’ situations is the last one.

4. What should the third sentence in your paragraph do, and is it required?

Show answer

The third sentence names the worry behind the worry: the underlying motivation or fear that makes the first two sentences matter. In Aisha’s version it was: “I am not worried about my district turning the AI tool against me; the worry is that the data trail outlives my control.” But the third sentence is a bonus, not the assignment. Two true sentences always outweigh three sentences that sound complete. If the third one comes naturally, keep it; if not, stop at two.

5. Why does the lesson say to keep the seed paragraph somewhere only you can read it?

Show answer

The seed paragraph is a planning artifact, not a shareable document. It names specific assets you are protecting and specific adversaries you are protecting them from. That information, in the wrong hands, is a map of your vulnerabilities. The paragraph is for your planning; it is not a public statement of your concerns. The lesson’s no-helplessness guard applies: you have something concrete to act on, and that concrete thing stays private so it stays useful.

6. The lesson names three common pitfalls. What are they, and what does each one cost you?

Show answer

Pitfall 1: writing the paragraph as someone else’s threat model (typically a journalist or public figure). The cost: a paragraph that is accurate but not actionable because it does not reflect your real situation. Pitfall 2: listing assets you do not actually have. The cost: a long aspirational paragraph that is harder to act on and creates false urgency about threats that do not apply to you. Pitfall 3: treating the paragraph as final. The cost: you stop engaging with it. The paragraph is a Phase 1 artifact; Phases 2 through 5 add vocabulary and tools, and lesson 6.6 grows it into a full personal privacy plan.

Applied exercise: write your seed paragraph

Section titled “Applied exercise: write your seed paragraph”

This exercise takes about 10 to 15 minutes. There is no Clawless component for this exercise; it is a thinking and writing task.

Where to write it (read this first). Use pen and paper, a local-only text file on a device only you use, or an end-to-end-encrypted note app. Do not write it in an AI chatbot conversation (the paragraph itself names what is sensitive, so the conversation becomes the very thing you are trying to protect), a shared workspace document, a draft email, a public gist, or a pastebin. The worked example in the lesson body is published because Aisha is fictional; yours will name real assets and real adversaries, so the storage location matters.

Write one paragraph, in your own words, in your own situation, that answers the two questions:

  • What am I protecting? Start with a category from the four buckets the lesson gave you, then name one specific instance of each category that applies to you. Do not begin with “my data.” Begin with something concrete: a name, a file type, a login, a conversation.

  • Who am I protecting it from? Think about the five adversary categories: the vendor, the vendor’s downstream partners and legal obligations, a potential breach of the vendor’s systems, people with shared access, and yourself in a moment of inattention. List the ones that actually apply to your situation. Cross out the ones that do not.

Keep the paragraph to five sentences or fewer. If you are stuck, use this prompt to start the first sentence: “I am protecting [specific thing] from [specific party].” One true sentence is a complete seed paragraph; build from there.

The paragraph you write here is the artifact lesson 6.6 returns to. After every phase of this track has added to what you know, you will revise this first version and grow it into a full personal privacy plan. The first version does not have to be complete or polished. It has to be true.

When you are done, keep it somewhere only you can read it.

Flashcards

Section titled “Flashcards”

Ten cards. Click any card to reveal the answer. Use the Print flashcards button to print the set as one card per page.

Q. What are the two questions the lesson's seed-paragraph exercise asks you to answer?
A.

Question 1: What do I want to protect? (EFF term: your assets.) Question 2: Who do I want to protect it from? (EFF term: your adversaries.) Two questions, one paragraph, five sentences or fewer.

Q. What is an 'asset' in the EFF Surveillance Self-Defense framework?
A.

Something you value and want to protect. In the context of digital security, an asset is usually some kind of information: emails, contact lists, direct messages, location, documents. Your devices themselves may also be assets. The lesson adds a practical shape for AI-tool users: information about other people in your care, information about yourself you keep close, credentials and account access, and original work in progress.

Q. What is an 'adversary' in the EFF framework, and why does the definition include people you trust?
A.

A person or entity that poses a threat to your assets. EFF’s definition is deliberately broad: it includes your boss, law enforcement, a former partner, a government, or a hacker. It also includes people you would otherwise trust who might accidentally compromise your assets by being careless with their own security. An adversary is any party that could come into possession of your assets in a way that costs you something, regardless of intent.

Q. Name the four asset buckets the lesson gives for AI-tool users.
A.
  1. Information about other people who trust you (students, clients, patients, sources, family members). 2. Information about yourself you have reason to keep close (health status, legal exposure, professional drafts, opinions not yet published). 3. Credentials and account access (logins, recovery info, professional credentials, family accounts). 4. Original work in progress (anything not yet finished or published whose premature exposure would cost you something concrete).
Q. Name the five adversary categories the lesson identifies for an AI-tool seed paragraph.
A.
  1. The vendor itself. 2. Whoever the vendor shares your data with (third parties, partners, legal demands). 3. Whoever might breach the vendor (external attackers). 4. People with shared access (family, colleagues, former partners, contractors). 5. You yourself in a moment of inattention (pasting into the wrong window, sending to the wrong recipient, leaving tabs open).
Q. What is the 'third sentence' the lesson mentions, and is it required?
A.

The third sentence names the worry behind the worry: the underlying motivation that makes the first two sentences matter. In Aisha’s version: “I am not worried about my district turning the AI tool against me; the worry is that the data trail outlives my control.” It is a bonus, not the assignment. Two true sentences always outweigh three sentences that sound complete. Write it if it comes naturally; stop at two if it does not.

Q. Pitfall 1: what does it mean to write someone else's threat model?
A.

It means writing a seed paragraph that looks like a journalist’s or public figure’s threat model because privacy literature is full of those cases. The cost is a paragraph that is accurate but not actionable for your real situation. A teacher’s paragraph is not a journalist’s paragraph. Resist the urge to borrow gravity from a situation that is not yours.

Q. The lesson says the seed paragraph is 'a Phase 1 artifact.' What does that mean?
A.

It means the paragraph is the starting point, not the finished product. It will be revised. Phase 2 shows you what AI tools actually do with your assets. Phase 3 gives you a four-category threat vocabulary. Phase 4 adds a vendor rubric. Phase 5 introduces architectural alternatives. Lesson 6.6 returns to the paragraph and grows it into a full personal privacy plan. The first version has to be true; it does not have to be complete.

Q. What is the 3-step recovery the lesson offers if you are stuck on writing the paragraph?
A.

If stuck on assets: name three buckets, then one specific instance of each. If stuck on adversaries: write down every party whose possession of your assets would cost you something, then cross out the ones whose possession would not actually cost much. If stuck on the whole paragraph: complete this sentence: “I am protecting [specific thing] from [specific party].” One true sentence is enough to start.

Q. What action did Aisha take after writing her seed paragraph, and why does the lesson end with it?
A.

She put a sticky note on the front of her laptop reading “check what’s in the tab before you paste.” The lesson ends with it because the seed paragraph’s purpose is not documentation; it is a changed behavior. The sticky note is the smallest unit of action that the paragraph prompted, made by a person who had just decided what she was protecting and from whom. The lesson’s point is that the first paragraph does not have to be grand; it has to exist and it has to connect to something you will actually do.