Threat Model

It is very important to ask the question “What exactly am I securing? And who am I securing it from?” while taking steps towards privacy/security. Different people have different threat models and levels of risk.

For example, a journalist may want to keep their sources anonymous, so they need metadata protection as well, while for people concerned about their password leaks, using a password manager to set different passwords might be a good idea.

This guide assumes the threat model of non-targeted massive surveillance. For example, your service provider reading your chats, and we advice to use apps that use end-to-end encryption. Another example is search engines like Google. This guide is not meant to save you from targeted surveillance, for example, it is not meant to protect you from the Pegasus spyware. Since the massive surveillance and targeted surveillance have intersections, this guide might still be useful for the targeted, after the threat model is clear.

To create your own threat model, you can look into EFF’s guide. It asks five questions. Answering those questions will place you at a better understanding of your threat model.

These questions are:

  1. What do I want to protect?

For example, your emails, contact lists, instant messages, location, and files, devices.

  1. Who do I want to protect it from?

Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a security breaker on a public network.

  1. How bad are the consequences if I fail?

The motives of adversaries differ widely, as do their tactics. A government trying to prevent the spread of a video showing police violence may be content to simply delete or reduce the availability of that video. In contrast, a political opponent may wish to gain access to secret content and publish that content without you knowing.

Write down what your adversary might want to do with your private data.

  1. How likely is it that I will need to protect it?

Write down which threats you are going to take seriously, and which may be too rare or too harmless (or too difficult to combat) to worry about.

  1. How much trouble am I willing to go through to try to prevent potential consequences?

For example, an attorney representing a client in a national security case may be willing to go to greater lengths to protect communications about that case, such as using encrypted email, than a family member who regularly emails funny cat videos.

Write down what options you have available to you to help mitigate your unique threats. Note if you have any financial constraints, technical constraints, or social constraints.

Hopefully, these points will be useful for you to create a rough threat model for yourself.

Another aim of this guide is to raise awareness and more importantly, cultivate an attitude that people need to fix things themselves. Avoiding the use of software by surveillance companies also helps in reducing their funding. In other words, we are also resisting a culture of widespread acceptance of surveillance which often takes place in the name of convenience. Normalization of surveillance poses a huge problem for the society, where people use ‘Nothing to Hide’ type of defence mechanisms to justify the surveillance. Whatever your threat model be, a lot of what is presented in this guide still might be useful.