Implement Threat Model Labels

The labels on were originally meant to go on all the recommendations of the site to show what threat models they serve. I’d like this to be implemented so that readers of the site can get a better idea at a glance of whether their threat model would benefit from each suggestion. Additionally there are several places where I feel Privacy Guides assumes a threat model for the reader and I would like to edit or remove these parts. Particularly anywhere that claims something like “x is more private than y” because this doesn’t make any sense in terms of threat models; there’s no objective way to measure privacy, you can only say whether something serves your threat model or doesn’t.

1 Like

No, things can be objectively not private. If a tool doesn’t give you the option to use it privately, then we do not consider it to be a privacy-respecting tool.

You can certainly exercise your right to use tools which aren’t privacy-respecting, if you don’t care about that loss of your right in that specific context, but such tools still have no place in our recommendations.

Identifying the threats that tools defend against best is probably a good idea, and was the original intent yes. I haven’t figured out what it should look like if a tool applies to more than 1-2 of those on that list though.

I feel like listing 8 different icons next to some tools could quickly get unwieldy, and cause more information overload (which is already a small problem for the site).

If anyone has a good design idea for how to handle this, please share :slight_smile:

1 Like

I’d be glad to mess around with it in a PR I just need you to approve this discussion first.

I think what tools you would consider “privacy-respecting” are different than what I consider “privacy-respecting” so who’s to say which one of us is right? That’s why I want to emphasize threat modeling, because any two people are going to have different opinions of what counts as private.

For example, someone who is targeted by state-backed spyware isn’t really going to get much out of Fedora linux. Sure, there’s no telemetry, but that’s not really the concern in this case.

This ^ pretty much encapsulates my thinking. Its a great idea, that sounds very difficult to get right (very difficult balancing act between being detailed enough to be useful and accurate, and simple enough not to cause info overload or confusion or an overwhelming UI). People already seem to struggle a lot with basic threat modeling and we see that that already leads many people just to fall back to vague references to their threat model as “Low”, “Average”, or “High”.

The ‘labels’ concept really appeals to me in theory, I’m unsure whether I think it’s workable in practice. I’d be interested in checking out that PR when it exists @anon66791365

1 Like

I’m telling you what Privacy Guides considers to be privacy-respecting. We have long operated under the definition that privacy = the right to only share your data with approved parties. Software that is aligned with that definition can be recommended, and software that isn’t doesn’t. This has always been the basis of our Recommendations page.

Changing that definition is always open to discussion of course, I’m just telling you the current state of affairs. But it is also my personal opinion that I don’t think it needs to be changed either.

When we say “x is more private than y” or “we recommend x over y” in areas of the site outside of the recommendations area, those are statements based on our recommendations.

For example, in our knowledge base section we say that we recommend Linux over macOS/Windows. This is because Linux distros are the only desktop operating systems we recommend at

If there are statements like this which aren’t backed up by our recommendations, then those should be removed, but I do not think there are any. Basically, the recommendations are going to serve as the base/final truth for all opinions expressed on the website.

Hopefully this is clear? I think you understand, but I’m being overly verbose for the sake of other readers catching up on this topic too.

I think that the labels at going on recommendations has already been approved in a prior discussion, so it should be fine to mess with if you have an idea of what that could look like. The other things you’ve added here I think still need to be discussed, so I can’t say that this discussion is final/approved.

If you want me to split this topic into two separate threads though, I can do that.

1 Like