Hello sexy PFP
GE, y'all.
I'm about to tick off a ton of privacy nerds on here with this hot take: Threat models (more like threat plans) are fake, and designed to get people out of privacy preservation and action in the first place.
Gabriel Custudiate of Privacy Watchman doesn't believe in threat models, as they're quite the complicated steps in order to ensure you are forced to tire yourself out. Unless the Jesuit Order had called your legal matrix nym and wanted you dead (because you won't suck papal pee-pee when told to), just start taking steps to control your data, and go as local as financially possible.
People like nostr:nprofile1qy2hwumn8ghj76rfwd6zumn0wd68ytnvv9hxgqgewaehxw309ahx7um5wf3ksetrdvhx6ef0wfjkccteqqsrkl7gyds37xh2af37uwlknvjm32ska3hgr5d0cwgzdqy0ux2r2ncqcsc2a talk about threat modelling a lot, and while I understand the premise behind it, this actually leads privacy beginners astray. Again, unless you're a victim of Jesuit and/or Catholic-ordered crimes to be committed against you, I wouldn't worry about a threat model too much.
As an alternative, just start with getting your data off of brokers, and repeating the process as necessary. Afterwords, start moving towards a local-first setup. That's how you kick these Vatican spies off of your back.