Threat Models: How to Establish One to Protect Your Privacy

March 3, 2021 · written by Author Image Maxime Desalle

Establishing a threat model isn’t something easy to do. What is a threat model even? In this 0-to-1 guide, you will learn what a threat model is, how it can help you with your digital privacy, and how you can establish one correctly.

What is a threat model?

First, the essential question. What is that thing? A threat model allows you to precisely know what you are trying to protect yourself from when putting measures in place regarding your privacy.

Hesitating between using Tor or a VPN? A threat model will help you decide which option is the best one for you. In this example, you would say, “well, it’s obviously Tor! What is this guy thinking?”, which is a fair point. In terms of privacy and security, Tor is ideal. However, that doesn’t necessarily mean everyone should use it. The user experience is pretty bad compared to VPNs, a lot of websites request captchas when using Tor, and the connection is slower on average than when using a VPN.

So while Tor is definitely the best option (hands down) in terms of privacy, it’s not a great fit for the “average” user. In fact, it will probably even disappoint people as they will think that having privacy equals having a bad user experience.

However, imagine you are the creator of an illegal marketplace on the dark web. In that case, you should use Tor. Obviously. Because in that situation, the privacy you will have is much, much, much more important than the bad user experience you will have with Tor.

This is why threat models are essential. They help you decide and identify what you are protecting yourself from, and what measures you should put in place to efficiently do so.

How to establish a threat model

Establishing a threat model is fairly simple. Take a notebook, or your notes app, and start listing the entities and/or people you want to protect yourself from.

Let’s say I want to protect myself from the following entities:

The process is fairly simple. You identify the target (Facebook and Google in this example) and then you find ways to effectively protect yourself from these given targets. That’s how easy it is.

Case study: Protecting yourself from Facebook

In order to protect me from Facebook, I can take the following measures:

  1. Deactivate my account on Facebook, Instagram,… if I have one
  2. Redirect all my friends to Signal for messaging
  3. Block any Facebook-related domain through a DNS resolver

The less extreme version of that would be to:

  1. Uninstall all the mobile Facebook apps and only use these through a desktop browser
  2. Use a DNS resolver to block tracking domains Facebook uses
  3. Use a “Use Signal” profile picture to progressively redirect friends to Signal
  4. Avoid posting anything on Facebook, Instagram,…

Case study: Protecting yourself from Google

In order to protect me from Google, I can take the following measures:

  1. Deactivate my Google account, and start using ProtonMail/Tutanota/MailBox/… as an alternative for emails
  2. Watch YouTube videos through an RSS feed or using Invidio.us
  3. Use a privacy-friendly search engine, like DuckDuckGo, StartPage, or SearX
  4. Probably other measures too, depending on which Google product you are regularly using

The less extreme version of that would be to:

  1. Progressively redirect people to a new privacy-friendly email address, while also progressively changing account logins with this new email address (even better with email aliases!)
  2. Watch YouTube videos without logging into YouTube while regularly clearing the browser history and cookies.
  3. Use a privacy-friendly search engine, like DuckDuckGo, StartPage, or SearX
  4. Probably other measures too, depending on which Google product you are regularly using

Why establishing a threat model matters

You may find the set-up of a threat model silly. Doing this on purpose and going through all the processes may seem ridiculous. But it’s not.

Establishing a threat model allows you to have a clear picture of what you can and can’t do, depending on who you are protecting yourself from. It’s about clarity. It’s about knowing precisely what you should and shouldn’t do.

Having a threat model is especially useful when confronted with a stressful situation. It’s usually in unusual events that we tend to care less about our privacy.

Imagine for example that you are waiting for the train, and just at the second the train arrives, you are requested by an employee of the train station to give your email address so they can verify your identity (horrible example by the way, it’s just to clarify). Well, if you have a threat model, this is easy. Can you give your email address to an entity which you don’t necessarily trust? Yes or no. It’s a simple question. (In the unlikely event that this scenario takes place, make sure to use an email alias!)

However, if this event takes place and you don’t have a threat model, you will face a problem as there is no way for you to precisely and clearly know whether you are putting yourself at risk.

Conclusion

Establishing a threat model is something which everyone should do. It doesn’t matter whether you care or don’t care about your privacy. It works for every “level” of attention someone gives to privacy.

Finally, it takes just a few minutes to set up. You can do it very quickly, and results will be massive if done properly.


Interested in privacy? Make sure to join our subreddit where you can discuss with like-minded individuals!