Threat Model Guide
5
Threat Model Guide

Hello! This is a threat modelling guide for all kinds of folks, ranging from teenagers to to company jobbers to dissidents and activists.

##THREAT MODELS

A threat model is simply analysing the requirements and the degree to which you need to utilise tools (in case of digital, software and hardware) for privacy in all aspects of life. It consists of:

  • threat actors (entities that can affect you like corporations, governments, hacker organisations, neighbour script kiddie, friends)
  • threat vectors (sources of spying or malware)
  • threat causes (X --> Y --> Z correlations)

So, what is the meaning of all this? A lot, once I explain every threat model for most kind of people that exist.

#####FIVE THREAT MODEL LEVELS:

  • #1 BOY/GIRL AT SCHOOL OR COLLEGE
  • #2 WORKER AT MCDONALDS/SWEAT SHOPS
  • #3 9-TO-5 JOB WORKER, 25-45 YEARS OLD
  • #4 COMPANY HEAD/HIGH ORDER EXECUTIVE
  • #5 ⚠⚠⚠ STAUNCH PRIVACY ADVOCATE OR GOVERNMENT DISSIDENT ⚠⚠⚠

######1 BOY/GIRL AT SCHOOL OR COLLEGE

Threat actors:

  • your nosy friends and aunties
  • neighbour script kiddiedegree to which you need to utilise tools (in case of digital, software and hardware) for priv

Threat vectors:

  • Snapchat/Instagram/Facebook/WhatsApp privacy settings (public/friends/private)
  • Gallery/Camera roll apps not locked
  • installing random funny fart joke apps that misuse app permissions

Threat causes:

  • easy passcode
  • weak or no WiFi home router security
  • leaving phone unlocked open in gatherings at times
  • cunning close ones misusing face or fingerprint lock while sleep

Safeguard measures:

  • use iPhone or Android (any OEM)
  • use app locking
  • set social media post or feed access to friends or public carefully
  • set most personal info private
  • carefully give apps permissions like location, internet data usage, microphone, camera, SMS
  • use a strong WiFi password for your home router

######2 WORKER AT MCDONALDS/SWEAT SHOPS

Threat actors:

  • neighbour script kiddie
  • your partner workers
  • your boss
  • your girlfriend (potential cheater during this time of life)

Threat vectors:

  • social media/WhatsApp privacy settings (public/friends/private)
  • Gallery/Camera roll, Contacts apps not locked
  • installing random funny fart joke apps that misuse app permissions

Threat causes:

  • getting phished during e-banking via SMS OTP scams or fake banking site URL redirects
  • easy passcode
  • weak or no WiFi home router security
  • leaving phone unlocked open in gatherings at times
  • cunning close ones misusing face or fingerprint lock while sleep
  • getting drunk or taking drugs --> being unconscious --> letting others access your digital treasure

Safeguard measures:

  • use iPhone or Android (any OEM)
  • use app locking
  • set social media post or feed access to friends or public carefully
  • set most personal info private
  • carefully give apps permissions like location, internet data usage, contacts, microphone, camera, SMS
  • use strong password for WiFi home router

######3 9-TO-5 JOB WORKER, 25-45 YEARS OLD

Threat actors:

  • your partner workers
  • your child (if s/he is a mama boy agent)
  • your boss
  • your wife (nosy, interfering on matters about female coworkers)

Threat vectors:

  • LinkedIn/WhatsApp privacy settings (public/friends/private)
  • Gallery/Camera roll, Contacts apps not locked
  • installing random funny fart joke apps that misuse app permissions
  • nasty app permissions for flashlight or junk cleaner apps

Threat causes:

  • not password protected App/Play store and/or in-store purchasing linked to credit cards
  • getting phished during e-banking via SMS OTP scams or fake banking site URL redirects
  • easy passcode
  • leaving phone unlocked open in gatherings at times
  • cunning close ones misusing face or fingerprint lock while sleep
  • getting drunk or taking drugs --> being unconscious --> letting others access your digital treasure

Safeguard measures:

  • use iPhone or Android (any OEM)
  • for child, use screen pinning for apps or games on Android (only that app runs until phone is unlocked)
  • use app locking
  • set WhatsApp status access to friends or public carefully
  • set most personal info private
  • carefully give apps permissions like SMS, location, internet data usage, contacts, microphone, camera
  • preferably give SMS and Contacts permissions only to bank apps, WhatsApp, LinkedIn, system apps

######4 COMPANY HEAD/HIGH ORDER EXECUTIVE

Threat actors:

  • acquaintances of friends in your rival companies or such people (stealing trade secrets or public conspiracy blackmail via personal info)
  • your child (if s/he is a mama boy agent)
  • your boss
  • your wife (nosy, interfering on matters about female coworkers)

Threat vectors:

  • LinkedIn/WhatsApp privacy settings (public/friends/private)
  • Gallery/Camera roll, Contacts apps not locked
  • installing random funny fart joke apps that misuse app permissions
  • nasty app permissions for flashlight or junk cleaner apps

Threat causes:

  • not password protected App/Play store and/or in-store purchasing linked to credit cards
  • getting phished during e-banking via SMS OTP scams or fake banking site URL redirects
  • easy passcode
  • leaving phone unlocked open in gatherings at times
  • cunning close ones misusing face or fingerprint lock while sleep
  • getting drunk or taking drugs --> being unconscious --> letting others access your digital treasure

Safeguard measures:

  • use iPhone or Android (avoid iPhone, Google Pixel, Samsung, Nokia if company is NOT from US/UK/Canada/NZ/Australia/Japan)
  • for child, use screen pinning for apps or games on Android (only that app runs until phone is unlocked)
  • use app locking
  • set WhatsApp status access to friends or public carefully
  • set most personal info private
  • carefully give apps permissions like SMS, location, internet data usage, contacts, microphone, camera
  • preferably give SMS and Contacts permissions only to bank apps, WhatsApp, LinkedIn, system apps

######5 ⚠⚠⚠ STAUNCH PRIVACY ADVOCATE OR WHO CRITICISES OWN GOVERNMENT OR OWN COUNTRY’S ALLIES A LOT ⚠⚠⚠

See [The Protestors and Activists Handbook]:(https://dev.lemmy.ml/post/34220)

#CONCLUSION

I hope this covers all people. Feel free to ask me if you have a different situation for which you want to build your own threat model.

r/privatelife mirror privacy community, free of bigotry and anti-privacy cults
!privatelife
    Subscribe

    This community is meant to advocate privacy, security and freedom in an concise manner, free of prejudice bias, free of politics, free of cultist thoughts.

    Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say. - Edward Snowden

    Telegram: t.me/r_privatelife

    Reddit: reddit.com/r/privatelife

    READ THE RULES

    1. Opinions are welcome, facts more so. Attack arguments, not people. Hating, baiting, trolling, flaming will be dealt with strictly.

    2. Discuss closed source software with caution. Advocating for it strongly (cult brigading) can be treated as violation of this rule.

    3. Editing titles of article links is strictly prohibited, unless and until the summarisation remains accurate to the context of the article or paper. Such link post will be removed without questioning.

    4. Targeting of any country, person or nation is strictly prohibited without valid reasoning. Evidence if not presented against the specific company/corporation/individual will be treated as personal attack and/or hate speech. This will result in a warning, then ban system.

    5. NO PERMA BANS! Ban system will work as follows:

    1 day --> 3 day --> 1 week --> 2 weeks --> 3 weeks --> 1 month --> 3 months --> 6 months

    Severity of the ban system will be dealt with based on degree of violation and circumstances.

    1. NO FACT-LESS EVIDENCES, NO FALSE RHETORIC Evidence has to be credible. The onus of this lies on the claimant. The same applies on the user who questions proven evidence. Violation of this rule will be dealt with strictly.

    2. Copycat posts serve to litter the community, increasing quantity and decreasing quality of posts. As such, posts will be removed. Repeated attempts will receive warning.