// Comparison

Extreme Privacy vs Practical Social Engineering: Which Should You Read?

Two cybersecurity books on OSINT, compared honestly: who each is for, what each does best, and which to read first.

Intermediate

5/52024

What It Takes to Disappear

Michael Bazzell

Michael Bazzell's defender-side companion to OSINT Techniques: a step-by-step program for removing yourself from data brokers, public records, and the everyday surveillance economy without going off-grid.

Intermediate

4/52022

Practical Social Engineering

A Primer for the Ethical Hacker

Joe Gray

Joe Gray's working manual for the social-engineering side of red team and threat intel: OSINT-driven recon, pretexting, phishing infrastructure, and the legal and ethical boundaries that separate professional work from criminal activity.

Read this if

Anyone whose threat model includes stalkers, doxxers, abusive ex-partners, hostile foreign governments, or simply the data-broker industry. Also the canonical reference for journalists, executives, public defenders, and investigators who need their personal footprint to stop being a vector.

Red teamers, fraud investigators, and threat-intel analysts who need to operationalize social engineering as a discipline rather than a stunt. Strongest for the OSINT-to-pretext pipeline — Gray shows how recon directly shapes what your call sounds like.

Skip this if

Readers who want philosophical privacy theory rather than a 558-page operational checklist. Bazzell does not argue for privacy — he assumes you're sold and shows you the work. Also US-centric; the LLC, mail-forwarding, and DMV chapters require translation outside North America.

Readers wanting Mitnick-style war stories. Gray writes like a practitioner, not a memoirist; the book is procedural and careful, not dramatic. Also light on adversarial deepfake / voice-clone tradecraft, which is where the field has moved since 2022.

Key takeaways

Privacy is a continuous practice, not a one-time purge: data brokers re-acquire your records every quarter, and the workflow is what holds the line.
The hardest links to break are the ones you created yourself — utility accounts, professional licensing, vehicle titles — and most of the book is the playbook for breaking them.
Most leaks come from people who used to know you; the book's chapters on family, devices, and shared services are the most underrated.

Recon is the engagement: a pretext that doesn't survive contact with the target's reality is a recon failure, not a delivery failure.
Documentation, scoping, and consent are not bureaucratic overhead; they are what separate professional social engineering from social engineering.
OSINT and SE are the same workflow viewed from two sides — what you can find is what you can credibly claim to know.

How they compare

We rate Extreme Privacy higher (5/5 against 4/5 for Practical Social Engineering). For most readers, that means Extreme Privacy is the primary pick and Practical Social Engineering is a useful follow-up.

Both books target intermediate-level readers, so the choice is about topic, not difficulty.

Extreme Privacy and Practical Social Engineering both cover OSINT, so reading them in sequence reinforces the same material from different angles.

Keep reading

Extreme Privacy

→ Alternatives to Extreme Privacy → What to read after Extreme Privacy