In conversation with Dan Arel, one of the first things we talked about was how privacy looks different for each individual person and how designing a threat model could help individuals navigate the complex world of privacy. In his most recent article for Startpage, Dan expands on what threat modeling means and how to get started.

Dan Arel is a privacy and digital rights activist, founder and curator of ThinkPrivacy.ch, as well as an award-winning journalist, and best-selling author. His work has appeared in the Huff Post, OpenSource, Hacker Noon, Time Magazine, and more. You can follow him on Twitter @danarel.

—

As the creator of ThinkPrivacy (https://www.thinkprivacy.ch), I often get asked why we list certain options, or don’t list others. It’s common for me to hear from a visitor that I shouldn’t recommend certain closed-source software and they will instead send me other recommendations. Often times their recommendations are great, but sometimes harder to use.

More often than not, this is because we have lost sight of why we are taking privacy and security seriously and instead have found ourselves in a competition towards who is the “most private.” This isn’t unique to the privacy community and isn’t a critique of those individuals who take more extreme steps to reduce the amount of information governments or corporations have on them.

We have moved away from assessing our own individual threat models. Instead, we are often jumping to the most extreme, without giving it much thought.

I want everyone to be as safe as they can be online, but within the scope of what they are willing to do and what makes the most sense for them. We know the old adage of “I have nothing to hide” is missing the point on why privacy is so important.

In a Ted Talk, journalist Glenn Greenwald discussed the people who come up to him and say they don’t worry about data privacy because they have nothing to hide (https://www.ted.com/talks/glenn_greenwald_why_privacy_matters).

“I always say the same thing to them. I get out a pen, I write down my email address. I say, ‘Here’s my email address. What I want you to do when you get home is email me the passwords to all of your email accounts, not just the nice, respectable work one in your name, but all of them, because I want to be able to just troll through what it is you’re doing online, read what I want to read and publish whatever I find interesting. After all, if you’re not a bad person, if you’re doing nothing wrong, you should have nothing to hide.’ Not a single person has taken me up on that offer.”

Having nothing to hide doesn’t mean everyone’s threat model is the same. You may not be hiding the contents of your bank statement, but you’re likely interested in hiding your bank account information. You may not be hiding the contents of your personal email accounts, but you want to hide the access to your life those accounts might be protecting.

Think of your parents or even grandparents. Perhaps they don’t have anything to hide, they aren’t leaking sensitive government information, but you do want their bank accounts secure. For them, a simple password manager and two-factor authenticator (2FA) will be more than enough. Do you think they are more likely to start using unique passwords if you introduce them to a service like 1Password, or with Keepass?

Keepass is awesome, but I don’t think many parents are willing to learn how to use it, sync their password on multiple devices, and then ensure the software is always up to date. They will, however, use something built for ease of use, for the newcomer.

If you instead try to force them to use something harder, you increase the chances of them giving up down the road and going back to using one password for every account they have.

That’s because we didn’t stop to assess their threat model before recommending services. This is something we all need to do. Not only because it helps users pick and choose their services, but it also can help make our enjoyment of the internet better and save you money.

I asked Bill Budington, Senior Staff Technologist at the Electronic Frontier Foundation (https://www.eff.org), about how they use threat modeling.

“I work on a software project that is deployed to millions of people’s machines, so I am sure to take extra precautions to ensure that my development machine is protected, and not compromised. If it is, it could affect everyone I provide software for,” he said. “Not everyone needs to take these precautions, though.”

He continued, “modern mobile operating systems like iOS and Android have pretty good protections for isolating different running applications from one another, so that it’s difficult for a malicious app you downloaded to access your email. This may be enough for someone who just casually uses their device to browse the web and do online banking.”

Yet, Budington acknowledged that each user’s needs are different saying, “Then there’s those in the middle, the power users. Let’s say Sally is using her machine to do photo editing for work. She may want to store those photos on an encrypted backup service so if her laptop gets stolen, she can still retrieve her work. She doesn’t need to worry about sandboxing programs as much, since she only uses Photoshop and a few other programs on her MacOS device, but she may still want to avoid downloading unnecessary tools that she can’t vet the trustworthiness of.”

His assessment of the individual’s needs all comes back to assessing one’s own threat model.

There are basic steps everyone should take before even designing a threat model.

First, change your email address. Gmail, Hotmail, Yahoo, and the like seem to continue to dominate the market of everyone’s email address. Or, for many, they use the email address their ISP gave them.

Choose an email provider that makes the most sense for your needs. Do you need a custom domain, or is their domain fine? Do you need a lot of storage or a little? You could get by with a free account from Tutanota or ProtonMail or look into their premium options. You can also check out others such as Fastmail, StartMail, or Soverin.

When it comes to search engines, we know most people again rely on big names such as Google, Bing, and Yahoo. Instead, use alternative private search engines such as Startpage.

Alternative search engines give you the results you’re looking for but without profiling you. With most services you’re looking at, it’s about choice. Startpage value themselves on offering users a choice to keep their searches private, saying, “We’re not here to tell you what to do, but rather provide the choice to not be profiled by your search engine, meaning no search history and no search tracking.” (https://medium.com/privacy-please/valuing-choice-when-it-comes-to-privacy-f2cc99062079)

Lastly, a password manager and 2FA are necessary. Picking the ones that work best for you will be part preference, part needs.

Now start to build your threat model. The main things you need to be asking are:

What information am I trying to protect?

Who am I trying to protect is from?

What are the consequences if I fail?

Starting here means you need to be honest with yourself. Are you protecting yourself from corporate surveillance and data mining? Are you protecting yourself from government surveillance, and if you are, are doing so beyond the fact that it’s not their business, or because your line of work, or activism makes you a target? If you fail to protect it, what are the consequences?

Then ask yourself how far are you willing to go? Are you willing to delete your social media accounts such as Facebook, or are you okay with Facebook, but maybe running it in a Firefox Container is a better compromise?

The reason we need to assess these things for ourselves is that just like the parents mentioned above, if we ourselves go too far, use tools that are overkill and complicated or use so many browser extensions that we ruin our internet experience, the more likely we are to start giving up on these tools and end up right back where we started.

Now, try out various services. Many of them offer trials or are even free. Ensure they work on your devices. Do they have a mobile app and a native app for your personal computer? What kind of security does it offer that matches your threat model? And most important, do you like it? If you don’t like the software, you’re going to quit using pretty quickly.

Once you have your apps and services in place, the last piece of all threat models is common sense. Apps and service are awesome aids in protecting our information, but they are nothing if they are compromised by clicking a malicious link or giving our personal account information to a bad actor.

At ThinkPrivacy, I created a privacy checklist (https://www.thinkprivacy.ch/checklist.html), a simple list of a few steps you can take to help ensure your information is protected for the most basic and common of threat models. Do you have more questions about threat modeling or which services may best fit your needs? Join me on April 14 from 12pm-1pm PT on Twitter for a live Twitter Chat with Startpage about all thing’s privacy and security. Join the conversion by using the hashtag #PrivacyPlease.

The views expressed in this article are those of the author and do not necessarily reflect those of Startpage.