What is Threat Modeling?
The systematic process of identifying potential threats, vulnerabilities, and attack vectors to determine appropriate security and privacy measures.
Threat modeling answers the fundamental question: what am I protecting, from whom, and what am I willing to do about it?
Key Questions
- What do I want to protect? (data, identity, location, communications)
- Who do I want to protect it from? (advertisers, hackers, government, ex-partner)
- How likely is the threat? (targeted vs. opportunistic)
- What are the consequences of failure? (embarrassment vs. imprisonment)
- What am I willing to sacrifice? (convenience, money, time)
Threat Levels
- Basic: Protection from data brokers and advertisers (most people)
- Moderate: Protection from targeted harassment or stalking
- High: Protection from corporate espionage or legal opponents
- Extreme: Protection from state-level surveillance
Common Mistake
Over-modeling your threat. If you're a regular person worried about data brokers, you don't need Tails OS and air-gapped computers. A VPN, password manager, and browser privacy settings cover 90% of what you need. Match your defenses to your actual threats.
Related Terms
Compartmentalization
The practice of separating different activities, identities, or data into isolated compartments so that a compromise in one doesn't affect the others.
Operational Security
The practice of protecting sensitive information by thinking like an adversary to identify vulnerabilities in your own behavior and communications. OPSEC goes beyond technical tools to address human factors that could expose you.
Threat Model
A systematic analysis of what you're trying to protect, from whom, the consequences of failure, and what resources you can apply. Threat modeling helps prioritize security efforts by focusing on realistic threats rather than theoretical ones.
Have more questions?
Use our guided flow to get the right next privacy step for Threat Modeling.
Open Guided Flow