Balancing security, privacy, and convenience is arguably the most difficult tasks you’ll face when it comes to choosing or switching to a more privacy-respecting product or service, everything has some trade-offs.
The more secure something is, the more restricting and inconvenient it tends to be; one way to solve this dilemma is to use threat models.
What is Threat Modelling?
Threat modelling is all about creating a personal security plan to counter the threats you can potentially face by determining what data you need to protect and from whom you need to protect it.
By focusing on the threats that matter to you, it helps to narrow down your thinking about the protection you need and prioritize your privacy and security goals, enabling you to choose the tools that are right for you.
So, basically, the “threat model” is just a fancy way of saying, what are you protecting and from whom.
Here are a few examples of threat models:
- A human right’s activist in a repressed regime’s threat model might be (protecting themselves against) the state police and intelligence agencies.
- An CEO’s threat model might be (protecting themselves against) a hacker hired by competition to do corporate espionage.
- An average citizen’s threat model might be (protecting their data from) large tech corporations or data brokers.
Alright, with all of that out of the way, let’s see how you can create your own threat model.
Creating a Threat Model
You can try creating a threat model that works for you by answering a few questions like:
- What do you want to protect? — Emails, Passwords, Personal Files, etc.
- Who do you want to protect it from? — Hackers, Employers, Competitors, etc.
- How bad are the consequences if you fail? — the worse the consequences, the more important it is to prevent failure.
- How likely is it that I will need to protect it? — the more the likeliness, the more critical it is to protect.
- How much trouble am I willing to go through to try to prevent potential consequences? — Spending time and resources.
I recommend taking a look at EFF’s Surveillance Self-defense guide.
That’s all folks!