Intro to Threat Modeling

introduction to threat modeling

We believe Internet privacy is a universal human right. But if constantly worrying about your ISP, corporations, and the government spying on you is negatively affecting your quality of life, maybe it’s time to do an exercise called threat modeling.

It sounds like something the Pentagon does in a war room. More commonly, it’s a term used by software developers anticipating security issues in their code. But practically speaking, threat modeling is actually something everyone should do when considering how to safeguard their personal data.

It doesn’t have to be complicated or formal. Follow the steps below to transform your vague paranoia into a rational game plan and get some peace of mind:

What is threat modeling?

A good threat model is a thorough description of five things:

  1. What you have to protect
  2. Who you want to protect it from
  3. The probability of them getting it
  4. How far you’re willing to go to protect it
  5. What would happen if you failed

1. What you have to protect: The assets

Don’t think of this as asking “What do you have to hide?” (we’ll get to that later). Just try to think of all the types of data you have on your digital devices, where they’re kept, and how many copies exist. Emails, photos, messages, documents, etc. How much of it is in the cloud, and how much is only on local devices? How many of those local devices are connected to the Internet (smartphones, laptops), and how many aren’t (hard drives, USB)?

2. Who you want to protect it from: The adversaries

For each asset, think about the wrong hands you don’t want it to fall into. For instance, if you’re a journalist, you may have several politicians and/or corporations who would like a look at your contact list. Maybe you have certain people you wouldn’t want to access your social media profiles. Don’t limit your thinking to just the people with the technical know-how to actually obtain your assets, because we’ll get to that in the next step.

3. The probability of them getting it: The risk

For each adversary, think of how likely he/she is to gain access to your data, or even attempt an attack in the first place. This depends on their technical skill level, motivation, and intent. Your neighbor might enjoy some free WiFi now and again, but she might not be devious or motivated enough to try to steal your password. If you work in sales, your competitor has a financial motivation to see your private emails, but are they technically capable enough to hack into your laptop? Your ISP has access to your browsing history (unless you use Tor and/or a VPN), but are they likely to use it to blackmail you? Maybe you just don’t like the idea of them having it in the first place (we certainly don’t!), but it’s still helpful to be realistic about risk just for sanity’s sake.

4. How far you’re willing to go to protect it: The cost

If you’ve read this far, chances are you’re no slouch when it comes to Internet privacy. But it’s worth considering how much time (and money) you’re willing to spend to protect your assets. For most people, a subscription to a logless, encrypted VPN service is the easiest solution, but there are a number of additional measures you can take if you’ve evaluated your situation as high-risk thus far in your threat modeling, and this blog post from the EFF is a good place to start. Some tools are free, some cost money, but all will take a little bit of time to set up, so have a good think about cost vs. benefit before you treat it like a strict to-do list.

5. What would happen if you failed: The consequences

Finally, take a look at the worst-case scenario. Everyone has private data, but the consequences of that data being compromised are different for everyone. Is it financial ruin? Marital destruction? Crippling shame and social exile? All of the above? Or maybe nothing at all?

Personally, we believe privacy is for everyone, regardless of whether you think you have “something to hide”. Just because you’re not doing anything illegal doesn’t mean you should let the government snoop on your online traffic. People behave differently when they know they’re being watched, so think about the consequences to your long-term psychological health as well!

You can’t stop all the bullets

On the Internet as in life itself, you can never be completely out of harm’s way. But hopefully the simple exercise of threat modeling is enough to put your paranoia in perspective!

For more info:

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>