Threat Model

From PrivacyWiki

In the context of privacy, one's threat model is an assessment of the individuals, groups or entities that target their data. It involves understanding who or what these parties are, what their capabilities and limits are, and what kind of data they find valuable. When it comes to deliberate decisions, like choosing to be more private or security-conscious, understanding what one hopes to achieve and the obstacles one may face are the first and most important steps.

In privacy communities, threat models are used as a way to illustrate the difference in privacy needs between two parties or activities. Having a high threat model suggests that an individual or their activities are of particular interest to powerful organisations like state-sponsored actors or organised hacking/cybercrime groups. Having a low threat model suggests that (alone) an individual or their activities might mainly interest less resourceful attackers like trolls or snoopy acquaintances. Interpretations about what data needs to be protected, or the capabilities of a given adversary, can be subjective or poorly understood. Establishing a notional threat model helps people in the community talk about vulnerabilities and countermeasures that are more reasonable for the intended situation.