So quick definition a threat model is just a way to figure out your assets, adversaries, damage scope, and response. If i wanted to do a simple one regarding my posting on chapo.chat:
- What do I want to protect? Primarily my personal identity and information
- Who do I want to protect it from? Primarily chuds. Secondarily govt orgs
- How bad are the consequences if I fail? From most likely to least: harassment, jailtime, murder.
- How likely is it that I will need to protect it? With the release of the recent report, very likely.
- How much trouble am I willing to go through to try to prevent potential consequences? I'm willing to exif scrub my images before posting. Not post straight up illegal shit (or can even be argued as such). Avoiding linking this identity to my personal identity through social media.
This could be different for you all. You may have a family or something to consider, so more effort may need to be taken to protect them. There may be things im not thinking of, but at least it gets us thinking and aware of our strategies.
OK, talk to me like I'm a clueless old lady, because when it comes to computers, I am. I don't have anything illegal to hide (I'm a nice girl), I never post images (I don't know what makes them identifiable and I don't know how to fix it), and I don't have any connection between my account here or on Reddit to anything on social media. The only thing that ever gives me pause is the knowledge that sometimes internet weirdos get really, really mad for seemingly no reason and then do their best to harm the new target of their hate. I figure that it's unlikely that I would anger someone that much, but if I do???? I've tried reading stuff about internet security before a couple times, but there are a lot of terms I don't understand, and I end up deciding that it's unlikely that someone will randomly fixate on me, so it's probably fine?
No worries! This is a space to ask questions and get good answers. Opsec is about building good habits to keep you safe online and irl. Just like you should look both ways before crossing the street, or locking your home before you leave. You're making small steps to make sure nothing super damaging happens. Threat modeling is a tool to help you think about the habits you are willing to make in order to stay secure.
Privacy online is one of the best habits to work on when working on Internet Opsec. The more you work on your anonymity, the less likely you can be compromised irl. Additionally, privacy in this regard is a large spectrum where you can either put in the minimum effort or go extreme and delete your irl identity as well. But it is only one avenue you can take, and only you can decide how much trouble you want to put yourself through.
So one last time with the home analogy, you may feel comfortable not locking your home when you leave or you may have security cameras inside and outside of your home as well as 3 deadbolts on each of your doors. Threat modeling will help you determine where you would fall for securing your home.
I hope that helps!