Defining Your Threat-Model
For starters, a threat-model could be defined as how an individual needs to be protected based on things like:
- the valuables they own
- the information they know
- or the work they do.
Someone like the President of the United States is going to have a much greater threat model than someone who works at a grocery store. However, this doesn’t always apply to the Internet world because we often don’t look at the idea of threat modeling from a holistic approach. We tend to see it as good guys VS bad guys when it comes to the whole security, privacy, and anonymity concept.
Think of someone like Edward Snowden – the big whistleblower that revealed a ton of NSA secrets regarding the privacy of US Citizens. His threat model is very different from yours or mine because his life is literally on the line. People want him dead for what he did. So before diving into the whole idea of security, privacy, and anonymity in the online world, we need to ask ourselves: what and who do I need protection from and what information or data are they going to try and get from me? See yourself as a storeowner and assume that someone is always going to be trying to take what you have and use it for his or her benefit.
This is where the idea to break this paper into 4 sections came from. We go from common internet folk, to tech savvy users like myself, to government officials, advocates, and the like, to Edward Snowden himself. Once you have determined whom you need protection from and what you need to protect, you should be able to take the steps to further your knowledge and stay safe online.