// Comparison

Extreme Privacy vs Hacks, Leaks, and Revelations: Which Should You Read?

Two cybersecurity books on Privacy, compared honestly: who each is for, what each does best, and which to read first.

Intermediate

5/52024

What It Takes to Disappear

Michael Bazzell

Michael Bazzell's defender-side companion to OSINT Techniques: a step-by-step program for removing yourself from data brokers, public records, and the everyday surveillance economy without going off-grid.

Beginner

4/52024

Hacks, Leaks, and Revelations

The Art of Analyzing Hacked and Leaked Data

Micah Lee

Micah Lee on the operational craft of working with leaked datasets: authentication, OPSEC for sources and journalists, and the Python tooling to actually parse what arrives in your dropbox.

Read this if

Anyone whose threat model includes stalkers, doxxers, abusive ex-partners, hostile foreign governments, or simply the data-broker industry. Also the canonical reference for journalists, executives, public defenders, and investigators who need their personal footprint to stop being a vector.

Investigative journalists, threat intel analysts, and OSINT practitioners who routinely handle leaked datasets. Lee covers verification, OPSEC for sources, and the practical Python tooling that turns a multi-gigabyte dump into a story or a finding.

Skip this if

Readers who want philosophical privacy theory rather than a 558-page operational checklist. Bazzell does not argue for privacy — he assumes you're sold and shows you the work. Also US-centric; the LLC, mail-forwarding, and DMV chapters require translation outside North America.

Readers wanting traditional pentest tradecraft. The book is about post-leak analysis, not about how to obtain data. Different domain entirely.

Key takeaways

Privacy is a continuous practice, not a one-time purge: data brokers re-acquire your records every quarter, and the workflow is what holds the line.
The hardest links to break are the ones you created yourself — utility accounts, professional licensing, vehicle titles — and most of the book is the playbook for breaking them.
Most leaks come from people who used to know you; the book's chapters on family, devices, and shared services are the most underrated.

Verification is half the work; the book's framing of authentication-by-cross-reference and provenance-by-metadata is the cleanest in print.
Source OPSEC is structural, not personal; the book's chapters on SecureDrop, Tails, and Tor align with current practitioner standards.
Python plus Aleph plus DataSette plus a few small custom scripts is enough to handle most real-world leaks; the book's pragmatic tooling choices avoid academic over-engineering.

How they compare

We rate Extreme Privacy higher (5/5 against 4/5 for Hacks, Leaks, and Revelations). For most readers, that means Extreme Privacy is the primary pick and Hacks, Leaks, and Revelations is a useful follow-up.

Extreme Privacy is pitched at intermediate level. Hacks, Leaks, and Revelations is pitched at beginner level. Read the easier one first if you're not yet comfortable with the topic.

Extreme Privacy and Hacks, Leaks, and Revelations both cover Privacy, OSINT, so reading them in sequence reinforces the same material from different angles.

Keep reading

Extreme Privacy

→ Alternatives to Extreme Privacy → What to read after Extreme Privacy