Threat Modeling

In order for any of this site to make sense – and in order to know what tools are right for you – you have to understand “threat modeling.” The term “threat model” is just a fancy way to say “what are you hiding and who are you hiding it from?” For example:

  • A journalist may want to protect their sources from harm or retaliation. Therefore their threat model will include ways to avoid location tracking, encrypt or otherwise protect the uncensored information they receive from their source, and other similar information that might reveal who their source is or allow others to track them to their source.
  • A member of law enforcement may protect their home location in a variety of ways to avoid putting their families in danger from criminals seeking revenge or just general criminals with a grudge against the system.
  • An activist in a repressive country make take steps to hide their research, gatherings, or other activities so the government can’t track their real identity so easily and use it against them.
  • Most people are worried about identity theft and loss of financial resources through their bank account. Some of their defensive strategies could include using a password manager, two-factor authentication, and freezing their credit.

While threat modeling can be applied to a wide variety of situations (as shown above), on this site I want to focus specifically on threat modeling for your personal data. The Electronic Frontier Foundation defines data as “any kind of information, typically stored in a digital form. Data can include documents, pictures, keys, programs, messages, and other digital information or files.” So with this in mind, our threat model question becomes “what data am I protecting and from who?

While there’s basic “best practices” that do apply to almost (if not) everyone, there’s really no one-size-fits-all threat model for everyone. Some people need more security or privacy, and some need less. Most people want to find a healthy balance between protection and ease of use.

The threat model that I focus mostly on in this site is defense against common, non-targeted attacks. The example I like to use is infamous serial killer Richard Chase. Chase stalked the Los Angeles area between 1977 and 1978. One of the reasons he was so difficult to catch was because he didn’t have a pattern. He said on record after he was caught that he would just cruise around neighborhoods until he spotted a house he felt compelled to try. But here’s what made Chase odd: if the doors and windows were locked, he would go on his way and try a different house. He didn’t force his way in.

My goal with this site is to teach you how to "digitally lock your doors and windows" to protect against yourself against the Richard Chase's of the digital world. In other words, make yourself harder to hack than the other guy so that hackers looking for an easy payday give up and move on to someone else. That’s not to say that the tools and techniques I discuss can’t be used for more advanced threats, but know that I’m not trying to teach you to be invisible, I’m trying to teach you to live a normal life while being safe.

What’s your threat model? You can't know how to properly defend yourself against attacks if you don't know what attacks you are likely to face. While I teach the basics here, some readers may need to continue their education after my site, and all readers will have to examine the numerous tools and techniques I share here to figure out which is best for them. You can't know any of that without defining your threat model. So how do you determine your threat model?

1. What do I want to protect?

This is typically known as assets, and in my opinion those come in both physical and non-physical forms. A physical asset would be something like a laptop, phone, or file cabinet - a place that holds the data you wish you to protect. A non-physical asset would be something like a bank account, email account, or cloud storage backup account. You need to identify all your assets.

2. Who do I want to protect it from?

“Bad guys” is a pretty bad answer to this. Different types of bad guys have different resources and motivations. For example, a typical "hacker" doesn't target you specifically (see Understading Data Breaches). A potential employer, on the other hand, is targeting you specifically. Try to be specific when identifying the "who" of your threat model, and know that it can vary from asset to asset.

3. How bad are the consequences if I fail?

To use the exmaples from #2: the "hacker" is trying to steal all your money and maybe even open fake accounts in your name that you will then be responsible for. Your prospective employer is simply trying to decide if they want to hire you. Both are consequences, and both are serious, but they require different levels and methods of defense. There's nothing wrong with going above and beyond the bare minimum of defense, but make sure that you know what's actually necessary and likely and don't ruin your relationships or mental health because you went too far. It's all about balance.

4. How likely is it that I will need to protect it?

This ties into both #2 and #3. An unrelated example: a person who shops online frequently and with many different retailers will almost certainly have their card details stolen at some point. The need to protect their card details, funds, and financial rating are extremely high as the likelihood of attack is extremely high.

5. How much trouble am I willing to go through to try to prevent potential consequences?

Not all threats warrant the same level of action and investment. This is the “cost/benefit analysis.” Some security and privacy strategies involve much more work and may not be right for you depending on your level of skill and the sensitivity of the information being protected. Always remember: nothing is unhackable. Trying to protect all your data against everything all the time is impossible and exhausting. Instead, the goal should be to find a balance where you protect against or mitigate the most likely and most harmful threats as much as possible without harming yourself or those around you. Renowned cyber expert Gene Spafford once famously said "The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts." Don't go crazy trying to be bulletproof. It's not possible. Find the balance between security and privacy and quality of life.

In the coming pages of this site, I will offer you a variety of tools, how they can be used, and the pros and cons of each. With your threat model in hand, I hope this site can help you decide which tools are right for you to help secure and protect your data.

Large parts of this page were borrowed from or inspired by EFF’S Surveillance Self Defense Guide.


Previous Next