Might sound a bit of a silly question. I see people talking about threat models, and privacy guides which say things like “if this is part of your threat model, do X Y Z”. I’m just not sure if it’s a general “this is what I want to protect myself against” or if there’s more to it.
You must log in or register to comment.
What are you scared of?
If you are worried your parents will see your browsing history, that is you threat model.
If your concern is government surveillance, you need to do more than just clear your browsing history.
Yeah that’s basically it. Like if you’re concerned about people physically stealing your laptop, use a cable lock and disk encryption, not a VPN. If you’re concerned about the government ISP spying ang knocking on your door because of what you post online, use a VPN and don’t say anything identifying, not switch from Chrome to Firefox or whatever.
I mean, if your using chrome, and worse, logged in to your google account, that’s big paper trail for the government to trace back to you. VPN protection stops at your ISP.
Yes, if you store sensitive info in your Google account and the government can compel Google to provide that info, which they don’t always do.
So there’s a formal/professional approach and there’s an informal approach.
Formally, there are fields like Risk Management aka Risk Analysis; in these fields there are various frameworks and approaches for things like threat models and risk assessments. This is more than most of us need.
Informally “this is what I want to protect myself against” is indeed a good way of thinking about it. You can write something up for yourself, or you can just think it through. If the threat model helps you use your time / resources wisely, then it’s a good threat model.
