Digital minimalism, developing a simple threat model

[dngray]

Whats this about?

One of the things I see quite often is people describing privacy threat models that seem overly complex.

I see a lot of posts on Reddit, with people proposing all kinds of solutions with 10+ different email identities etc, hosting your own email, not using X provider because they will comply with local court orders etc or other solutions equally complex with fallible solutions.

The posts will often begin on the question: "What's the most best way to do XYZ", and people will reply with overly complex threat models. Best doesn't always necessarily mean a person is after an infallible solution with dozens of conditions, (very much so for people who are not advanced in their technical literacy).

Or people fretting about how much data there is out there, on all the services they've used.

Often the simplest solution is to simply cut back, it's probably the healthiest one too, as we've only got so many hours a day to spend on social media etc anyway.

I think we should update the threat modeling page to include a section on making simple solutions for example:

1. Actions need to serve a particular purpose, think about how to do what you want with the least amount of actions
2. Remove human failure points (don't have a bunch of conditions you must remember to do what with which accounts). Humans fail, they get tired, they forget things... don't have many conditions or manual processes you must remember.
3. Use the right level of protection for what you intend. I often see recommendations of so-called law-enforcement, subpoena proof solutions. These require a lot of special case opsec (knowing about how things truly work under the hood) and are generally not what people want. There is no point in building a super anonymous threat model if you can be easily de-anonymized by a side channel you didn't know about. See threat model 3. below.

How might this look?

I think one of the clearest threat models is one where people know who you are and one where they do not.

This could be simply identities where:

1. Known identity (used for things like internet shopping, any kind of financial interaction which eventually leads back to credit card numbers, account numbers/bsb, physical shipping addresses, phone numbers). Do not use a VPN for this.

2. Unknown identity, this could be a stable pseudonym and email (or just cloaks), this account is not anonymous and may lead to revealing information if monitored over long term. People often leak details through the way they speak (linguistics) etc. Use a VPN for this. You might choose to do financial transactions through XMR, alt coin shifting etc.

3. Anonymous identity (optional), not everyone requires anonymity. This one should be short-term short lived identifiers which are rotated regularly. Use Tor for this. It's worth noting that greater anonymity is possible through asynchronous (not real time communication). Real time communication is vulnerable to typing analysis patterns more than a slab of text distributed on a forum, (reddit, email) etc that you've had time to think about, maybe even throw through a translator and back etc.

[freddy-m]

Would this be better as a page on the site or a blog post? Not sure cc @privacyguides/team

[ph00lt0]

i know you didn't ask me, but this is would be really good things to write in the thread model page to give people a better understanding of it.

[TommyTran732]

Would this be better as a page on the site or a blog post? Not sure cc @privacyguides/team

Probably would be great to replace the current threat modeling page with it

[dngray]

Not sure we would replace the current one, but I'm thinking we would edit it.

Something that I think should be mentioned is Data retention and Key disclosure law.

I think we should erase https://privacyguides.org/providers/#ukusa as it's hugely outdated and not very relevant anymore. There isn't anything else on there worth saving.

[Sirwhofromwhere]

Data retention and key disclosure law perhaps should be referenced when you touch upon a government threat model in that page, but are probably better to be fleshed out inside #468.

[ghost]

I would agree a blog about this would be much better lol .

[flexagoon]

I disagree. This is one of the most important parts of one's privacy journey, and it should be a separate article on the website.

[dngray]

This was completed in https://github.com/privacyguides/privacyguides.org/pull/1310/files#diff-6f9643160aa965dc96cd135775eaeab4638f3f15a4821af850887348807b4acd