top of page
Search

What Is Your Threat Model?

  • Writer: CTR
    CTR
  • Dec 2, 2025
  • 2 min read

Updated: Dec 29, 2025

A threat model is simply your personal privacy plan.


That plan will determine what apps you use, what communications methods, what kinds of payment, even how you connect to the internet. And it extends beyond your digital life as well.


Remember, there is no perfect privacy. And every choice comes with tradeoffs. If you use Linux, you will gain some privacy over using Windows. But you lose the option of using some proprietary software. If you use a VPN, some sites may block you.


You could move to another country, destroy your computer, and get a new email address after any kind of online interaction, but that's a tad extreme.


On the other end of the spectrum, you could use the default settings on Google Chrome and Windows, connect without a VPN to any WiFi network available, and have an email password of "password".


Both of these options are threat models.


Obviously the best threat model for most people is going to be somewhere between those two. You want to have reasonable privacy and security, but still be able to live a stable and convenient life.


You have to think about where your boundaries are, and what the consequences of not enforcing those boundaries are likely to be. I stress the word likely because you don't want to spend a lot of energy preparing for a situation that is never going to materialize.


Am I likely to get hacked and have my website shut down by the elite hacktivist group Anonymous? No, I don't really need to worry about that at this point.


Could my bank account info leak out of an insecure connection? I'll use a VPN and only purchase from reputable websites.


Could my email address be sold to marketers? It already is; that's why we have spam filters.


Mass surveillance can be a bit tricky to think about. Because mass surveillance can quickly become very specific. It may not cause you any problems directly if you are one small digital fish in a big pond, but you don't know what may trigger that surveillance to focus in on you.


So, best to make that as difficult as you reasonably can. I say reasonably not to encourage complacency, but to guard against overwhelm. If you try to take your threat model from zero to Fort Knox overnight, you'll get discouraged and give up.


You can take things one step at a time, at your own pace. But keep making progress; every little bit helps.






 
 
 

Recent Posts

See All
Why Digital Privacy Matters: Real-Life Consequences

Introduction to Digital Privacy: Why It Matters In today's digital age, it's easy to overlook the importance of digital privacy. With the rise of social media, online banking, and e-commerce, our pers

 
 
 
The Future of Online Privacy: Emerging Technologies

The Current State of Affairs It's easy to be overwhelmed by the threats to privacy rights nowadays; Chat Control in Europe, CBDCs, hackers, a new data breach every week. But there is good news! People

 
 
 

Comments

bottom of page