man in suit pointing revolver in black and white

Personal Privacy Threat Modeling (With LOTS Of Examples)

by

Threat modeling is the most important foundational concept to consider when figuring out how to protect your personal privacy. The concept applies much more broadly than personal privacy, though, as threat modeling is critical to businesses, militaries, and governments as well.

Threat modeling is the act of identifying answers to the following questions:

  • What assets and information would I like to protect?
  • What threats would I like to protect that information from?
  • What are the capabilities of those threats?
  • What are the consequences if I fail to protect that information?
  • What safeguards can I implement to mitigate those threats?

This context is essential in order to put together a plan to protect your personal data and understand which security measures are worth the inconvenience due to the magnitude of the associated risks.

There are many guides on threat modeling for businesses available online, but it’s harder to find information on how to come up with a threat model for your privacy and security as an individual.

In this guide, I focus on personal threat modeling and share many examples of the types of data you might want to protect, what threats you might want to protect that data from, and common consequences for not protecting your personal data.

I identify three tiers of threats to your privacy and security, categorized based upon the level of difficulty and inconvenience involved to implement protections against these threats.

Lastly, I describe three core concepts used to construct privacy defenses that serve as the foundation for understanding how you can take your power back and live a modern, private life.

Identify Personal Information to Protect

It’s easy to say “I have nothing to hide, so why should I care about my privacy?” Even I have been guilty of spurting out this excuse in the past, but if you think about it a little bit more, it’s clear that everyone has something to hide.

Every law-abiding citizen who does not want to be taken advantage of by criminals has something to hide. In fact, instead of framing the question as to whether or not you have something to hide, it’s more accurate to ask whether or not you have something to lose. Below is a long list of examples of the type of information you might want to keep private.

  • Geo-Location History
  • Home Address
  • Work Address
  • Social Security Number
  • Credit Card Number
  • Driver’s License
  • Passport
  • Credit Score
  • Fingerprints
  • Photos Of Your Face
  • Sound Of Your Voice
  • Times When You Are Not Home
  • Bank/Financial Accounts
  • Phone/Utilities Accounts
  • Security Question Answers
  • Past Addresses
  • Credit/Lending History
  • Medical Conditions
  • Medical History
  • Driving Record
  • Vehicle/License Plate Numbers
  • Assets/Valuables
  • Life Events (e.g. Marriage & Divorce)
  • Email Accounts
  • Social Media Accounts
  • Usernames and Passwords
  • Camera/Microphone Input
  • Communications and Messages
  • Files and Documents
  • Personal Photos and Videos
  • Physical Devices
  • Device IDs and Advertising IDs
  • Purchase History
  • Browser History
  • Search History
  • Metadata
  • Email Addresses
  • Phone Numbers
  • Contacts
  • Family Member’s Names
  • Employer’s Name
  • Income
  • Gender
  • Race
  • Voting Preference
  • Interests and Activities
  • Personal Opinions

Some of these things you may not care if other people know, and that’s okay. Everyone is going to have a different level of discomfort with sharing personal information. The key point is that you need to choose what information you do not want publicly available for just anyone to see. Let’s take a look at some potential threats and consequences to help you make this decision.

Three Tiers of Threats to Personal Privacy

I’ve divided the potential threats to your privacy into three tiers based upon how convenient it is to protect against these threats. The first tier generally applies to everyone, even your grandmother, and consists of threat that are typically pretty easy to protect against. The second tier generally applies to people who are willing to put in the extra effort to protect their privacy, even if it causes some inconveniences. The third tier is for people who will go to extraordinary lengths to protect their privacy and face extreme consequences for failure.

It’s important to realize that you probably won’t cleanly fit into any one of these tiers. They are simply meant as a starting point to guide the general direction of your personal threat model. For example, you may not care about big tech and corporate surveillance, but you may be a domestic violence victim and need protection from your abuser who is determined to find you. Everyone is going to have unique threats and risk tolerance that will determine the overall course of their privacy practices. There is no such thing as a perfect privacy prescription that is right for everyone. You must decide what makes sense for your own threat model.

Tier 1: Protection from Hackers, Criminals and Identity Thieves

The first tier of threats to privacy include those that are relatively easy to protect against, as protection measures will not cause you much inconvenience. These are threats that apply to everyone, since you do not have to be individually targeted by a criminal or hacker to become a victim.

Here are some examples of threats in the first tier:

  • Identity Theft
  • Criminals
  • Phishing Scams
  • Malware
  • Burglars
  • Hackers
  • Data Breaches
  • Lost and Stolen Devices
  • Over-Sharing on Social Media
  • Out-Of-Date Software
  • Weak Passwords

Tier 2: Protection from Big Tech, Corporations, and Data Brokers

The second tier of threats to privacy include those that will take more effort to protect against. These are threats that generally apply to people that are concerned with the societal impacts of data sharing and/or are willing to sacrifice some convenience for better privacy.

Here are some examples of threats in the second tier:

  • Big Tech
  • Data Brokers/Aggregators
  • Advertisement Trackers
  • Third-Party Data Sharing
  • Surveillance Capitalism
  • Internet Service Providers
  • Business Competition
  • Online Harassment
  • Doxing
  • Stalkers
  • Rogue Employees
  • Facial Recognition
  • Deep Fakes
  • People You Know (Roommates, Ex-Girlfriend)

Tier 3: Protection from Governments and Targeted Attacks

The third tier of threats to privacy include those that will take extreme measures to protect against, possibly including relocation. These are threats that apply to people who fear advanced, targeted attacks and for whom privacy is a life or death matter for themselves and their families. This could include police officers, journalists, whistle blowers, activists, and domestic violence victims.

For the sake of completion, criminals would also fall into this third tier. However, I do not offer any advice on this site to those breaking the law. The advice that I offer is for law-abiding citizens only, and will not stop you from being caught by law enforcement if you have committed a crime.

Here are some examples of threats in the third tier:

  • Government Surveillance
  • Law Enforcement
  • Border Crossings
  • Traffic/CCTV Cameras
  • Private Investigators
  • Advanced Stalking
  • Wiretaps
  • Targeted Attacks
  • Social Engineering
  • Lawsuits

Identify Consequences Of Not Protecting Your Information

Now that we’ve identified what we want to protect and who we want to protect it from, let’s consider some of the potential consequences of failure. This is a crucial piece of the puzzle in determining what to include in your threat model.

We are now getting into the heart of what a threat model really does: helping you to identify what safeguards are worth the inconvenience due to the potential consequences of failing to protect your information from the threats that you face.

Although my mission is to provide the most convenient solutions for privacy and security while, ideally, not giving up modern comforts and utilities, at a base level, most privacy practices are a trade off with convenience. You must weigh the inconveniences of these safeguards with the inconveniences of the potential consequences.

Here are some examples of the potential negative consequences of not protecting your personal data:

  • Losing Access To Accounts
  • Losing Access To Phone Number
  • Data Loss
  • Monetary Loss
  • Identity Theft
  • Stolen Credit Cards
  • Damaged Credit Score
  • Increased Insurance Cost
  • Loss Of Trade Secrets
  • Personal Secrets Revealed
  • Targeted Surveillance
  • Censorship
  • Stalking
  • Doxing
  • Harassment
  • Anonymous Threats
  • Personal Information For Sale
  • Spam Emails and Phone Calls
  • Unnecessary Interactions With Law Enforcement
  • Subconscious Manipulation
  • Fake Photo/Video/Audio Recreations
  • “Social Credit Score” and Future Government Restrictions

Three Core Concepts To Protect Your Personal Privacy

The question of what protections you can implement in order to safeguard your personal privacy from the threats we identified previously is more or less what this entire website is about. However, I’ve identified three essential concepts that you need to understand in order to fundamentally grasp how these methods are protective. These concepts are compartmentalization, eliminating the need for trust, and being proactive.

I’m planning articles to cover each of these topics in much more depth, but for now, let’s expand a little bit on what these concepts are and what their significance is to personal privacy.

1. Compartmentalization

Compartmentalization is the idea of separating aspects of your life in order to control the flow of information between the people and parties that you interact with. Using a separate computer for work and personal activities is a great example of compartmentalization. You’ve probably been told before that you should use unique passwords for every account that you create. This is compartmentalization.

Taking this a step further, we can also use unique email addresses for every account, separate phone numbers for friends and 2-factor authentication, and virtual credit cards for online payments. Going all the way with this concept we can create separate alias identities to use for different purposes with their own unique names and addresses.

The power of this practice cannot be understated. With compartmentalization you can exponentially increase your security from many of the threats we talked about previously. The fact that every government and military silos information on a need-to-know basis should show you how effective compartmentalization can be.

Wouldn’t you like to know exactly which service sold your information to third-party data brokers that is now populating the people-search websites? Or which service sold your email address to the highest bidder and resulted in you now getting endless spam and phishing emails? All this and more can be achieved with the simple practice of compartmentalization.

2. Eliminating Trust

The next core concept is eliminating the need for trust. To demonstrate the importance of this concept, let’s consider the familiar case of gossip. We all know that the greater the number of people you share gossip with, the greater the chance is that the information will spread to others. Even if you only share a piece of information with people you know you can trust, gossip has a way of getting out regardless. The ideal scenario in order to prevent the information from spreading is that you never share gossip with anyone, completely eliminating the need to trust those people. Now, let’s talk about how this can apply to privacy.

Obviously, if you want to function in the modern world there are going to be some instances where you have to trust others with your personal information. For example, there’s no getting around having to share your identity and personal information with your bank as well as your government.

Therefore, the name of the game is to minimize the number of parties that you trust with your private information, and to verify that those parties are securing your information properly whenever possible. Examples of steps that you can take to eliminate the need to trust others with your privacy are to practice digital minimalism, switch to open source software, and maintain local control of your data.

Digital minimalism is the practice of minimizing your digital footprint by, for example, deleting any unnecessary accounts and software from your devices. The fewer accounts you have and the less software you use, the smaller the chance is that you will be a victim of the next data breach or software vulnerability.

I try to use open source software whenever possible, and especially for high value targets like my communications and cell phone data. Popular open source software is more trustworthy because anyone can inspect and verify that the code is secure and actually does what it claims to do and no more. Instead of trusting a single company with a small team of software developers, you are trusting a wider range of independent auditors and security experts to ensure that the software is secure.

In a world that is continually moving towards “cloud” storage (a.k.a. someone else’s computer) for everything, maintaining local control of your data is a powerful step to control access to your files, documents, calendar events, emails, and the list goes on. By making sure your data is stored only on local devices that you control, you ensure that this data cannot be accessed by anyone else, including employees of the cloud service, hackers who have penetrated the cloud’s servers, or anyone from the public who may access data from a breach.

3. Being Proactive

Finally, I want to discuss the importance of being proactive when it comes to protecting your privacy. The harsh reality is that we just never know when the next big data breach is going to leak our information, when we may be suddenly thrust into the spotlight onto national news, when someone may come after us in a lawsuit, or when a stalker or criminal will choose us as their next target. The key point is that, should any of these things happen to you, by the time you find out about the threat it will likely already be too late to protect yourself.

If you still need more convincing, or think that you do nothing wrong or controversial so there is no need to protect yourself, please consider the case of David Quintavalle. David is an average, law-abiding citizen, former firefighter, and father. Nevertheless, his life was turned upside down when someone on social media misidentified him in the now-famous fire extinguisher video at the U.S. Capitol on January 6th, 2021.

Doxing (or doxing) is the act of publicly revealing previously private personal information about an individual or organization, usually through the internet.

David was quickly doxed online, began receiving threatening phone calls and messages, and had to have police officers stationed outside of his home. The FBI quickly cleared him of any wrong doing as he could prove that he was in Chicago that day, however the damage was done and his reputation was already ruined. This could happen to any one of us, and the only thing you can do to prevent it is to take action to protect yourself now.

This doesn’t mean you should be overly paranoid, but it does mean that you need to be truthful with yourself about the reality of these threats and the risks that they entail. There are many easy steps that you can take that will ensure that you are not the lowest hanging fruit, and that an attacker is going to need to put in extra effort and resources if they want to get to you.

Many people feel that since so much of their information is already out there, there is no point to taking any actions to strengthen their privacy. I disagree. Most of this data quickly loses its value with time. Although in an ideal world we would have never willingly given out our information in the first place, every action we take to reduce our attack surface now is a step in the right direction. You cannot change the past, but if you take steps now to protect your privacy, the personal information available about you will soon become outdated and mostly useless.

Conclusion

Hopefully, by now you’ll have some idea of your own threat model and how far you plan to go to protect your personal information.

To summarize, we’ve covered examples of the types of data you might want to safeguard, the threats that wish to take advantage of your data, and the consequences that might occur if your personal data is abused. We’ve broken down this information into three general tiers of threat models to help you determine where you might fit on the scale of privacy vs. convenience.

Finally, we discussed the three core concepts of compartmentalization, eliminating trust, and being proactive to help you understand the fundamentals of how you can go about protecting your personal data. By understanding how these practices are protective, you will grasp the underlying reasoning behind much of the advice on this site.