Privacy Decrypted #1: What is a threat model?

In its broadest sense, threat modeling is the systematic analysis of potential risks and attack vectors, with the aim of developing effective defenses against identified threats. On a personal level, we engage in threat modeling all the time – simply assessing the risk factors involved whenever we cross a road is a good example of threat modeling.

When it comes to the internet, there is no such thing as 100% privacy or security. It is simply not possible to defend yourself against every conceivable threat, and even attempting such a task would make using the internet all but impossible.

It is therefore useful to think carefully about what you hope to achieve when you take measures to protect your privacy and stay secure on the internet.

Are you primarily concerned about hackers stealing your bank details, or about government surveillance? If government surveillance, are you likely to be actively targeted or are you simply concerned about the increasing use of blanket surveillance tactics by governments around the world? Key questions to ask yourself include:

  • What or who are you most worried about?
  • How concerned about each threat are you relative to other threats?
  • How much of a tradeoff with convenience are you willing to accept to meet these threats?

To use our earlier example of crossing a road: are you more concerned about the danger of being hit by a car, or with tripping over an obstacle on the road and hurting yourself as you cross? If the former, are you willing to walk 400 meters to the nearest pedestrian crossing to minimize this risk?

This process of thinking about and prioritizing your privacy and security needs is known as identifying your threat model. Once you have a clear idea of what your threat model is, you can focus your efforts on addressing your core concerns.

What quickly becomes clear is that everyone’s threat model is different. A political dissident in a repressive country who uses a VPN to protect their identity and access the free and open internet has a very different threat model to someone who uses a VPN primarily to hide their BitTorrent activity. 

Of course, it’s not only individuals who need to think carefully about their privacy and security threat models. All companies and organizations must carefully consider how they should best meet the myriad threats that are a part of modern online life. 

The first step to ensuring your security online is defining your personal threat model. This then allows you to map your personal threat model to the capabilities and features of the various available tools, and to understand if they will be able to protect you. To do this, you should consult the published threat models of the tools in question so that you understand what they can or can’t protect against. There is, after all, no such thing as 100% security. 

At Proton, we make this easy by publishing comprehensive threat models for both ProtonMail and ProtonVPN, which outline what each service can and can’t protect against, and the best ways to mitigate some of the potential gaps. You can find Proton’s threat models at the links below:

About the Author

Douglas Crawford

Douglas has worked for many years as a technology writer in the cyberprivacy and cybersecurity sector. He is now very pleased to work for a company with a mission that he passionately believes in.