Security vs. Schizoposting: Where's the line?

In the world of OpSec and digital privacy, there is a very fine, often blurry line between "necessary precaution" and "clinical paranoia." We all start with the basics—VPNs, encrypted messengers, and maybe a hardened browser—but for many in this scene, the rabbit hole goes much deeper. It starts with threat modeling against script kiddies and ends with you air-gapping your main rig, refusing to carry a smartphone because of baseband vulnerabilities, and treating every "Terms of Service" update like a personal deposition. At a certain point, the friction of maintaining your privacy starts to outweigh the actual utility of the technology you’re trying to protect. I'm curious where that breaking point is for everyone here. When does a "robust security posture" stop being a professional asset and start becoming a lifestyle-disturbing pathology? Is there a specific behavior—like rotating MAC addresses every hour or refusing to use a credit card for a sandwich—that signals someone has finally crossed the threshold from "well-informed" to "unhinged"?