This document describes the background (privacy, data protection, protocols and crytography) behind securing a distributed infrastructure. No single solution fits all applications, devices or budgets, so it must be possible to select the right level an enforce it across the infrastructure. For each such application it is necessary to understand the threats, and the associated risks to the infrastructure. In many situations, the weaker link is the end user, so usability is important, as is the motivation to implement security, which it is not just seen as a hurdle, but an essential part of the service. User protection starts with privacy and enables users to control and monitor how their data is used; with better transparency, users should feel empowered rather than forced to share their data.