What is it? #
A threat model is a list of the most probable threats to your security and privacy endeavors. Since it’s impossible to protect yourself against every attack(er), you should focus on the most probable threats. In computer security, a threat is an event that could undermine your efforts to stay private and secure.
— Privacy Guides
Why do it? #
A threat model provides a clear picture of what threats you’re facing, the actors behind them, and how to address them.
For example, you may want to evade browser surveillance, but are aiming for privacy rather than total anonymity.
How to make one? #
Simple #
Privacy Guides breaks threat modeling into a simple, digestible framework. The easiest way to create a threat model is by going through their list of common threats and selecting the ones that concern you most.
In my case, these were surveillance capitalism, public exposure, passive attacks, service providers, and supply chain attacks.
Advanced #
The above method was the easiest onboarding into threat modeling for me, but you can also create your own threat model from scratch.
A good starting point for this would be the threat modeling manifesto followed by Open Worldwide Application Security Project’s (OWASP) documentation and their guide. There’s a lot of information and it’s tailored primarily for corporations, but still plenty applicable on an individual level.