Privacy is the ends, and there are many means to help individuals and the collective get closer to privacy for us and everyone. I’m not going to give up my personal privacy tactics just because it’s not helping everyone else, and I’m also not going to give up my political efforts just because I am able to reach a level of personal privacy. It is many things at once.
2 Likes
Very interesting discussion, and I’m in agreement with @jonah and many of you. But I think maybe we should think about threat modeling in two ways. First, the way most people think of it, and that’s personal threat modeling: what are the threats to you? The second way is something I don’t think we do often enough: what are the threats to those around you which may impact your personal choices? Because as I like to say, privacy and security are we things, not just me things. Your privacy and your security overlap mine. And this has multiple scopes, from your significant other or immediate family all the way up to society as a whole. Sometimes you do something not for yourself, but for others.
7 Likes
I think one potential criticism is how it treats these things as neat simple categories that are easy to separate from one another when you could argue they all require each other to some degree. For example, if you want protect against hackers, the company selling your data probably isn’t gonna care if who they’re selling to is secure. That said, I think it’s important to weigh which one you care about more because some of these services still prioritize one over the other.
1 Like
Here is hes criticism of threat models.
1 Like
That does sound like what I was assuming his take on the matter was, yeah.
To me, I think we do have the same goals, as he puts it: to tell people they can go all the way, and that there is nothing wrong with wanting to control your privacy in every aspect of your life. Absolutely that’s true, and I think it’s very unfortunate when some people flat-out dismiss people who say they are concerned about all possible threats.
However, when you have a good grasp of threat modeling, what you can do with that is prioritize the order in which you do things, which is a critical tool I think he is overlooking. The reality is that even if you want to strongly protect your privacy in all circumstances, while you can do that, you simply can’t do that everywhere in your life simultaneously and instantly.
I see too many people over-focus on certain scenarios, while leaving themselves wide open to much more realistic and common threats in the meantime. Knowing the order to “complete your privacy mission” is important, and I think it is challenging for a lot of people unless they have a better grasp of what threat actors are out there and what capabilities they have today.
I would disagree with him that people who only go some of the way are just hoping for privacy “participation trophies” though.
5 Likes
Maybe I am misunderstanding what threat modeling is then.
The way it is presented and the way I perceived it is not as a tool at all. Rather, it is often presented as “what do I want to protect against.” And I think this is the wrong question.
My problem is with the “I”.
Like I said in my above post, if you are being actively targeted like a journalist or similar, then yes, threat modeling makes sense.
If you are NOT actively being targeted (as most people, even in this community), then say you want to protect yourself against companies gathering your data, you won’t be able to do that alone as an individual choice.
I’m not sure if I’m expressing myself in clear manner, but basically since threat modeling is often presented as an individual choice, while privacy is not in my opinion, then I believe it is the threat modeling that is the false dichotomy. It presents an ideology in which you as an individual are in control of your own privacy, but privacy to me is simply not an individual choice unfortunately.
Now, if I misunderstood, and threat modeling is rather a tool to draw your path in your privacy journey in which you prioritize what you should focus on first, then, apologies. If that is the case, I believe it is not presented like that at all most of the time I read about it.
I myself will not achieve my privacy goals before 2-3 years.
I haven’t read our own threat modeling guide in a long time. Looking at it again with fresh eyes, I think what is not perfectly clear is that what you need to do is create a threat model for every threat.
It’s not just a list of things you care about, it’s something you will do in your head for every threat to give yourself a clearer mental model of that threat specifically. If we have these 5 questions…
- What do I want to protect?
- Who do I want to protect it from?
- How likely is it that I will need to protect it?
- How bad are the consequences if I fail?
- How much trouble am I willing to go through to try to prevent potential consequences?
…then for each threat answered by #2 you will answer #3-#5.
What question #3-#5 here do is give you the context to know how to prioritize each threat most effectively.
My problem remains. The “I” is the problem to me. And that’s my criticism of threat modeling. It provides the false narrative that you can control your privacy alone.
I guess I don’t follow then. I definitely think you can control your privacy alone if you wish to. I don’t think it should be necessary, there should be privacy protections by default, but is it possible? Yes, to any reasonable degree.
There’s always a risk of zero-day exploit on basically anything that could theoretically make anyone vulnerable. There could even theoretically be stuff installed on hardware that we wouldn’t know about and would make us all vulnerable.
Then there’s these kind of sh*ts:
My point is that I believe threat modeling’s concept hinders privacy by promoting the idea that privacy can be achieved alone. It can’t. And we’re losing this battle because of the examples above.
If instead, it was sold as a tool to prioritize what you should focus on first in your privacy journey, then I’d be all onboard.
This is just my two cents. 
1 Like
How does it promote that? Because threat modeling identifies steps to increase your personal privacy doesn’t not imply that the political aspects of privacy are null and void.
Arguably it’s the step before prioritizing: it’s deciding what is even the realm worth trying. First get a list of actions you can take (threat modeling), then prioritize the ones you want to fix.
—
I am also not following your train of thought. The first argument applies to anything an individual does in privacy: why bother taking acting steps in personal privacy if as you say it can’t be achieved alone? The argument implies we must take political action and anything else is moot.
4 Likes
No, my argument is mainly that switching to and using the privacy tools is, in itself, the main political action to take. “Vote with your money” kind of thing.
I’m not sure how to reword it better then what I already said. It hinders the privacy of everyone by promoting the idea that privacy is an individual concept. It promotes the “I”.
If I hear:
“You have nothing to fear, if you have nothing to hide.”
My answer is simple. This is not about me. It is about disinformation. It is about control of the masses from the powerful. It is about liberties and freedom that we are losing everyday. It is about not taking for granted the rights that have been fought for in the past.
Let me rephrase.
By asking questions on an individualistic approach (the “I” questions), I believe it gives a false sense of security.
How do you decide which tools and how extensive of those tools you should use?
That’s exactly my point. If threat modeling is a prioritizing tool, then I’m all onboard.
But the way it is being communicated, it conveys the message about how can you protect yourself from X.
That’s how I perceive it anyway.
Where? On PG?
It’s not as much of a tool but more of a process. It’s only a “how” in so much that it just gives you a way to think about if you have any actions to take as a result of some base assumptions (i.e. the skill of an attacker, all corpos are taking your data, etc).
2 Likes
Yes on the main article. And Jonah’s post above.
I have full on respect for Jonah, PG, and its community, but on rare occasions, I disagree. 
1 Like
I do not see how asking questions to figure out what privacy measures to take implies much about the political side of things. The motive of privacy actions, whether political or just purely for increasing online privacy, do not detract from the privacy gained on those actions, nor imply that other motives or reasons are invalid, nor have no effect on one another,
I’ll agree to disagree, as I don’t see the smoking gun that invalidates pushing for privacy as a collective.
4 Likes