There’s always a risk of zero-day exploit on basically anything that could theoretically make anyone vulnerable. There could even theoretically be stuff installed on hardware that we wouldn’t know about and would make us all vulnerable.
Then there’s these kind of sh*ts:
My point is that I believe threat modeling’s concept hinders privacy by promoting the idea that privacy can be achieved alone. It can’t. And we’re losing this battle because of the examples above.
If instead, it was sold as a tool to prioritize what you should focus on first in your privacy journey, then I’d be all onboard.
This is just my two cents. 