mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2024-10-01 01:35:57 -04:00
Add threat modeling information
This commit is contained in:
parent
3986217030
commit
d91e27ce61
@ -23,6 +23,11 @@ baseurl: "" # the subpath of your site, e.g. /blog
|
||||
url: "https://www.privacyguides.org" # the base hostname & protocol for your site, e.g. http://example.com
|
||||
sass:
|
||||
sass_dir: _sass
|
||||
collections_dir: collections
|
||||
collections:
|
||||
evergreen:
|
||||
output: true
|
||||
permalink: /:name
|
||||
|
||||
# Build settings
|
||||
markdown: kramdown
|
||||
|
5
_includes/footer.html
Normal file
5
_includes/footer.html
Normal file
@ -0,0 +1,5 @@
|
||||
<hr class="m-5" />
|
||||
|
||||
<p><em><strong>Privacy Guides</strong> is a socially motivated website that provides information for protecting your data security and privacy. Never trust any company with your privacy, always encrypt.</em></p>
|
||||
|
||||
<p><i class="fab fa-creative-commons fa-fw"></i><i class="fab fa-creative-commons-by fa-fw"></i><i class="fab fa-creative-commons-nc fa-fw"></i> Unless otherwise noted, the content of this website is licensed under a <a href="http://creativecommons.org/licenses/by-nc/4.0/">Creative Commons Attribution-NonCommercial 4.0 International License</a>. <span class="text-muted">The underlying source code used to format and display this content is not licensed for third-party use unless otherwise noted.</span></p>
|
@ -8,5 +8,10 @@
|
||||
<main>
|
||||
{{ content }}
|
||||
</main>
|
||||
<script src="/assets/js/jquery-3.3.1.min.js?v=4"></script>
|
||||
<script src="/assets/js/popper.min.js?v=4"></script>
|
||||
<script src="/assets/js/bootstrap.min.js?v=4"></script>
|
||||
<script src="/assets/js/sortable.min.js?v=4"></script>
|
||||
<script src="/assets/js/main.js?v=5"></script>
|
||||
</body>
|
||||
</html>
|
||||
|
4
_layouts/evergreen.html
Normal file
4
_layouts/evergreen.html
Normal file
@ -0,0 +1,4 @@
|
||||
---
|
||||
layout: page
|
||||
---
|
||||
{{ content }}
|
8
_layouts/page.html
Normal file
8
_layouts/page.html
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
layout: default
|
||||
---
|
||||
<div class="container my-5">
|
||||
<h1>{{ page.title }}</h1>
|
||||
{{ content }}
|
||||
{% include footer.html %}
|
||||
</div>
|
@ -6,6 +6,7 @@ $theme-colors: (
|
||||
);
|
||||
|
||||
$body-color: #28323F;
|
||||
$link-color: #C98806;
|
||||
|
||||
.container-fullwidth {
|
||||
margin: 0 auto;
|
||||
@ -17,8 +18,8 @@ $body-color: #28323F;
|
||||
src: url("/assets/fonts/Bagnard.woff") format("woff"), url("/assets/fonts/Bagnard.ttf") format("truetype"), url("/assets/fonts/Bagnard.otf") format("opentype");
|
||||
}
|
||||
|
||||
h1, h2, h3 {
|
||||
font-family: "Bagnard";
|
||||
h1, h2, h3, h4 {
|
||||
font-family: "Bagnard", serif;
|
||||
font-weight: 700;
|
||||
}
|
||||
|
||||
|
1
assets/img/layout/plan-icon.svg
Normal file
1
assets/img/layout/plan-icon.svg
Normal file
@ -0,0 +1 @@
|
||||
<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><rect width="24" height="24" fill="none" rx="0" ry="0"></rect><path fill-rule="evenodd" clip-rule="evenodd" d="M15.5 14C18.5376 14 21 11.5376 21 8.5C21 5.46243 18.5376 3 15.5 3C12.4624 3 10 5.46243 10 8.5C10 11.5376 12.4624 14 15.5 14Z" fill="#ffd06f"></path><path fill-rule="evenodd" clip-rule="evenodd" d="M13.0103 4.4999C13.2864 4.49421 13.5056 4.2658 13.4999 3.98971C13.4942 3.71363 13.2658 3.49442 12.9897 3.50011L6.88472 3.62578C6.76152 3.62832 6.66578 3.63238 6.48031 3.68721C6.40031 3.71086 6.2943 3.76246 6.2358 3.79183C6.17942 3.82014 6.08012 3.87152 6.01325 3.92C5.98335 3.9339 5.95981 3.94843 5.94324 3.95967C5.92253 3.97371 5.90643 3.98691 5.89552 3.99641C5.87465 4.01456 5.85983 4.03056 5.85339 4.03763C5.84121 4.05103 5.83176 4.06301 5.8303 4.06486L5.82515 4.07143C5.77526 4.13563 5.73108 4.20394 5.69266 4.27578C5.5509 4.54084 5.5 4.79567 5.5 5.28194V18.7181C5.5 19.2043 5.5509 19.4592 5.69266 19.7242C5.82641 19.9743 6.02568 20.1736 6.27578 20.3073C6.54084 20.4491 6.79567 20.5 7.28194 20.5L14 20.5L15.4361 20.5C16.3681 20.5 16.7846 20.4027 17.2126 20.1738C17.6257 19.9529 17.9529 19.6257 18.1738 19.2126C18.4027 18.7846 18.5 18.3681 18.5 17.4361V16.5V14.2819C18.5 14.0058 18.2761 13.7819 18 13.7819C17.7239 13.7819 17.5 14.0058 17.5 14.2819V16H15C14.1716 16 13.5 16.6716 13.5 17.5V19.5H7.28194C7.07243 19.5 6.95676 19.4887 6.88551 19.475C6.8261 19.4635 6.79228 19.4495 6.74738 19.4255C6.67155 19.385 6.61503 19.3285 6.57447 19.2526C6.55046 19.2077 6.5365 19.1739 6.52503 19.1145C6.51127 19.0432 6.5 18.9276 6.5 18.7181V5.28194C6.5 5.07243 6.51127 4.95677 6.52503 4.88552C6.53635 4.82691 6.55008 4.7932 6.5735 4.7492L6.59553 4.73314L6.61189 4.72375C6.63137 4.71286 6.65695 4.69935 6.68454 4.6855C6.71212 4.67165 6.73824 4.6592 6.75861 4.65008L6.77519 4.64287C6.81586 4.63121 6.83068 4.62908 6.83563 4.62843C6.84411 4.62732 6.85282 4.62665 6.9053 4.62557L13.0103 4.4999ZM14.5 19.5H15.4361C16.2871 19.5 16.5172 19.4117 16.741 19.292C16.9798 19.1643 17.1643 18.9798 17.292 18.741C17.4117 18.5172 17.5 18.2871 17.5 17.4361V17H15C14.7239 17 14.5 17.2239 14.5 17.5V19.5ZM6.67207 4.15097L6.67081 4.14845C6.67277 4.1523 6.67346 4.15378 6.67207 4.15097ZM7.5 16C7.5 15.7239 7.72386 15.5 8 15.5H13C13.2761 15.5 13.5 15.7239 13.5 16C13.5 16.2761 13.2761 16.5 13 16.5H8C7.72386 16.5 7.5 16.2761 7.5 16ZM8 17.5C7.72386 17.5 7.5 17.7239 7.5 18C7.5 18.2761 7.72386 18.5 8 18.5H11C11.2761 18.5 11.5 18.2761 11.5 18C11.5 17.7239 11.2761 17.5 11 17.5H8ZM7.5 14C7.5 13.7239 7.72386 13.5 8 13.5H11C11.2761 13.5 11.5 13.7239 11.5 14C11.5 14.2761 11.2761 14.5 11 14.5H8C7.72386 14.5 7.5 14.2761 7.5 14ZM17 3.5C14.5147 3.5 12.5 5.51472 12.5 8C12.5 10.4853 14.5147 12.5 17 12.5C19.4853 12.5 21.5 10.4853 21.5 8C21.5 5.51472 19.4853 3.5 17 3.5ZM13.5 8C13.5 9.76324 14.8039 11.2219 16.5 11.4646V8C16.5 7.72386 16.7239 7.5 17 7.5C17.2761 7.5 17.5 7.72386 17.5 8V11.4646C19.1961 11.2219 20.5 9.76324 20.5 8C20.5 6.067 18.933 4.5 17 4.5C15.067 4.5 13.5 6.067 13.5 8ZM17 6.89999C16.5858 6.89999 16.25 6.56421 16.25 6.14999C16.25 5.73578 16.5858 5.39999 17 5.39999C17.4142 5.39999 17.75 5.73578 17.75 6.14999C17.75 6.56421 17.4142 6.89999 17 6.89999Z" fill="#28323f"></path></svg>
|
After Width: | Height: | Size: 3.2 KiB |
1
assets/img/layout/surveillance-eye-colorbg.svg
Normal file
1
assets/img/layout/surveillance-eye-colorbg.svg
Normal file
@ -0,0 +1 @@
|
||||
<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><rect width="24" height="24" fill="none" rx="0" ry="0"></rect><path fill-rule="evenodd" clip-rule="evenodd" d="M12.1924 12.6062C11.8595 12.8537 11.4471 13.0001 11.0004 13.0001C9.89586 13.0001 9.00043 12.1046 9.00043 11.0001C9.00043 10.9413 9.00297 10.8832 9.00944 10.8241C8.76369 10.9759 8.50845 11.1445 8.24085 11.3318L4.17076 14.1808C3.71831 14.4975 3.60828 15.1211 3.92499 15.5735C3.99194 15.6692 4.07512 15.7523 4.17076 15.8193L8.24085 18.6684C9.49902 19.5491 10.4841 20.0159 11.4928 20.2614C12.5015 20.5068 13.4994 20.5068 14.508 20.2614C15.5167 20.0159 16.5018 19.5491 17.76 18.6684L21.8301 15.8193C22.2826 15.5026 22.3926 14.879 22.0759 14.4266C22.0089 14.331 21.9257 14.2478 21.8301 14.1808L17.76 11.3318C16.5018 10.451 15.5167 9.98422 14.508 9.73877C13.8356 9.57514 13.1679 9.5206 12.4987 9.57514L12.4127 9.58392C12.6696 9.84013 12.8572 10.1658 12.945 10.5304L17.9606 15.546C18.3511 15.9365 18.3511 16.5697 17.9606 16.9602C17.5701 17.3507 16.9369 17.3507 16.5464 16.9602L12.1924 12.6062Z" fill="#ffffff"></path><path fill-rule="evenodd" clip-rule="evenodd" d="M7.70744 6.00192C7.51217 5.80665 7.19559 5.80665 7.00033 6.00192C6.80507 6.19718 6.80507 6.51376 7.00033 6.70902L16.8998 16.6085C17.0951 16.8038 17.4117 16.8038 17.6069 16.6085C17.8022 16.4133 17.8022 16.0967 17.6069 15.9014L7.70744 6.00192ZM5.39589 9.01469C6.12088 8.50715 6.74012 8.07364 7.29251 7.70829L8.01527 8.43106C7.42771 8.81442 6.73368 9.2989 5.8643 9.90746L4.15961 11.1007C3.83687 11.3267 3.62278 11.4771 3.47275 11.6037C3.32425 11.729 3.29082 11.7892 3.28056 11.8146C3.232 11.9347 3.232 12.0691 3.28056 12.1892C3.29082 12.2146 3.32425 12.2748 3.47275 12.4001C3.62278 12.5267 3.83687 12.6771 4.15961 12.9031L5.8643 14.0963C8.21228 15.7399 9.28125 16.4784 10.4282 16.7643C11.4605 17.0216 12.5402 17.0216 13.5725 16.7643C14.166 16.6164 14.7386 16.3472 15.4784 15.8942L16.2049 16.6207C15.3111 17.1821 14.5824 17.5432 13.8144 17.7346C12.6232 18.0315 11.3775 18.0315 10.1863 17.7346C8.83736 17.3984 7.60959 16.5389 5.39588 14.9891L5.29083 14.9156L3.58615 13.7223L3.56726 13.7091C3.26836 13.4999 3.01663 13.3236 2.8279 13.1644C2.63368 13.0006 2.45413 12.8132 2.3534 12.5639C2.20772 12.2034 2.20772 11.8004 2.3534 11.4399C2.45413 11.1906 2.63368 11.0033 2.8279 10.8394C3.01662 10.6802 3.26834 10.504 3.56724 10.2948L3.56728 10.2947L3.56732 10.2947L3.56733 10.2947L3.58615 10.2815L5.29084 9.08823L5.39589 9.01469ZM11.4626 9.04992L11.47 9.05736C12.1973 9.2324 12.7699 9.80491 12.9449 10.5323L14.9523 12.5396C14.9839 12.3652 15.0003 12.1855 15.0003 12.0019C15.0003 10.3451 13.6572 9.00191 12.0003 9.00191C11.8166 9.00191 11.6368 9.01842 11.4626 9.04992ZM11.0003 13.0019C11.447 13.0019 11.8594 12.8555 12.1923 12.6081L13.9045 14.3203C13.3865 14.7462 12.7233 15.0019 12.0003 15.0019C10.3435 15.0019 9.00035 13.6588 9.00035 12.0019C9.00035 11.8134 9.01773 11.629 9.05099 11.4501C9.25449 12.3391 10.05 13.0019 11.0003 13.0019ZM18.1364 14.0963C17.7906 14.3384 17.4725 14.5609 17.1778 14.7651L17.8967 15.484C18.121 15.3278 18.3562 15.1632 18.6037 14.9899L18.6048 14.9891L18.7099 14.9156L20.4145 13.7223L20.4334 13.7091L20.4334 13.7091C20.7323 13.4999 20.9841 13.3237 21.1728 13.1644C21.367 13.0006 21.5466 12.8132 21.6473 12.5639C21.793 12.2034 21.793 11.8004 21.6473 11.4399C21.5466 11.1906 21.367 11.0033 21.1728 10.8394C20.9841 10.6802 20.7323 10.5039 20.4334 10.2947L20.4333 10.2947L20.4145 10.2815L18.7099 9.08824L18.6048 9.0147C16.3911 7.46496 15.1633 6.60543 13.8144 6.26918C12.6232 5.97227 11.3775 5.97227 10.1863 6.26918C9.81616 6.36145 9.45511 6.49313 9.0803 6.66766L9.84051 7.42787C10.0386 7.35036 10.2323 7.28832 10.4282 7.23948C11.4605 6.98216 12.5402 6.98216 13.5725 7.23948C14.7194 7.52538 15.7884 8.26388 18.1364 9.90747L19.8411 11.1008C20.1638 11.3267 20.3779 11.4771 20.5279 11.6037C20.6764 11.729 20.7099 11.7892 20.7201 11.8146C20.7687 11.9347 20.7687 12.0691 20.7201 12.1892C20.7099 12.2146 20.6764 12.2748 20.5279 12.4001C20.3779 12.5267 20.1638 12.6771 19.8411 12.9031L18.1364 14.0963Z" fill="#28323f"></path></svg>
|
After Width: | Height: | Size: 4.0 KiB |
6
assets/js/bootstrap.min.js
vendored
Normal file
6
assets/js/bootstrap.min.js
vendored
Normal file
File diff suppressed because one or more lines are too long
2
assets/js/jquery-3.3.1.min.js
vendored
Normal file
2
assets/js/jquery-3.3.1.min.js
vendored
Normal file
File diff suppressed because one or more lines are too long
6
assets/js/main.js
Normal file
6
assets/js/main.js
Normal file
@ -0,0 +1,6 @@
|
||||
$(function() {
|
||||
$("[data-toggle='tooltip']").tooltip();
|
||||
});
|
||||
document.querySelectorAll(".onclick-select").forEach(element => {
|
||||
element.addEventListener("click", element.select);
|
||||
});
|
4
assets/js/popper.min.js
vendored
Normal file
4
assets/js/popper.min.js
vendored
Normal file
File diff suppressed because one or more lines are too long
2
assets/js/sortable.min.js
vendored
Normal file
2
assets/js/sortable.min.js
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
/*! sortable.js 0.5.0 */
|
||||
(function(){var a,b,c,d,e,f;a="table[data-sortable]",c=/^-?[£$¤]?[\d,.]+%?$/,f=/^\s+|\s+$/g,e="ontouchstart"in document.documentElement,b=e?"touchstart":"click",d={init:function(){var b,c,e,f,g;for(c=document.querySelectorAll(a),g=[],e=0,f=c.length;f>e;e++)b=c[e],g.push(d.initTable(b));return g},initTable:function(a){var b,c,e,f,g;if(1===a.tHead.rows.length&&"true"!==a.getAttribute("data-sortable-initialized")){for(a.setAttribute("data-sortable-initialized","true"),e=a.querySelectorAll("th"),b=f=0,g=e.length;g>f;b=++f)c=e[b],"false"!==c.getAttribute("data-sortable")&&d.setupClickableTH(a,c,b);return a}},setupClickableTH:function(a,c,e){var f;return f=d.getColumnType(a,e),c.addEventListener(b,function(){var b,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u;for(j="true"===this.getAttribute("data-sorted"),k=this.getAttribute("data-sorted-direction"),b=j?"ascending"===k?"descending":"ascending":f.defaultSortDirection,m=this.parentNode.querySelectorAll("th"),n=0,q=m.length;q>n;n++)c=m[n],c.setAttribute("data-sorted","false"),c.removeAttribute("data-sorted-direction");for(this.setAttribute("data-sorted","true"),this.setAttribute("data-sorted-direction",b),l=a.tBodies[0],h=[],t=l.rows,o=0,r=t.length;r>o;o++)g=t[o],h.push([d.getNodeValue(g.cells[e]),g]);for(j?h.reverse():h.sort(f.compare),u=[],p=0,s=h.length;s>p;p++)i=h[p],u.push(l.appendChild(i[1]));return u})},getColumnType:function(a,b){var e,f,g,h,i;for(i=a.tBodies[0].rows,g=0,h=i.length;h>g;g++)if(e=i[g],f=d.getNodeValue(e.cells[b]),""!==f&&f.match(c))return d.types.numeric;return d.types.alpha},getNodeValue:function(a){return a?null!==a.getAttribute("data-value")?a.getAttribute("data-value"):"undefined"!=typeof a.innerText?a.innerText.replace(f,""):a.textContent.replace(f,""):""},types:{numeric:{defaultSortDirection:"descending",compare:function(a,b){var c,d;return c=parseFloat(a[0].replace(/[^0-9.-]/g,"")),d=parseFloat(b[0].replace(/[^0-9.-]/g,"")),isNaN(c)&&(c=0),isNaN(d)&&(d=0),d-c}},alpha:{defaultSortDirection:"ascending",compare:function(a,b){var c,d;return c=a[0].toLowerCase(),d=b[0].toLowerCase(),c===d?0:d>c?-1:1}}}},setTimeout(d.init,0),window.Sortable=d}).call(this);
|
105
collections/_evergreen/threat-modeling.html
Normal file
105
collections/_evergreen/threat-modeling.html
Normal file
@ -0,0 +1,105 @@
|
||||
---
|
||||
layout: evergreen
|
||||
title: What are threat models?
|
||||
---
|
||||
|
||||
<p>Balancing security, privacy, and usability is one of the first and most difficult tasks you’ll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or convenient it generally is, et cetera. Often people find that the problem with the tools they see recommended is they’re just too hard to start using!</p>
|
||||
|
||||
<p>If you wanted to use the <strong>most</strong> secure tools available, you’d have to sacrifice <em>a lot</em> of usability. And even then, <mark>nothing is ever fully secure.</mark> There’s <strong>high</strong> security, but never <strong>full</strong> security. That’s why threat models are important.</p>
|
||||
|
||||
<p><strong>So, what are these threat models anyways?</strong></p>
|
||||
|
||||
<p><mark>A threat model is a list of the most probable threats to your security/privacy endeavors.</mark> Since it’s impossible to protect yourself against <strong>every</strong> attack(er), you should focus on the <strong>most probable</strong> threats. In computer security, a threat is a potential event that could undermine your efforts to stay private and secure.</p>
|
||||
|
||||
<p>By focusing on the threats that matter to you, this narrows down your thinking about the protection you need, so you can choose the tools that are right for the job.</p>
|
||||
|
||||
<h2>Examples of threat models</h2>
|
||||
|
||||
<ul>
|
||||
<li>An investigative journalist’s threat model might be <span class="text-muted">(protecting themselves against)</span> a foreign government.</li>
|
||||
<li>A company’s manager’s threat model might be <span class="text-muted">(protecting themselves against)</span> a hacker hired by competition to do corporate espionage.</li>
|
||||
<li>The average citizen’s threat model might be <span class="text-muted">(hiding their data from)</span> large tech corporations.</li>
|
||||
</ul>
|
||||
|
||||
<h2>Creating your threat model</h2>
|
||||
|
||||
<p>To identify what could happen to the things you value and determine from whom you need to protect them, you want to answer these five questions:</p>
|
||||
|
||||
<ol>
|
||||
<li>What do I want to protect?</li>
|
||||
<li>Who do I want to protect it from?</li>
|
||||
<li>How likely is it that I will need to protect it?</li>
|
||||
<li>How bad are the consequences if I fail?</li>
|
||||
<li>How much trouble am I willing to go through to try to prevent potential consequences?</li>
|
||||
</ol>
|
||||
|
||||
<div class="card">
|
||||
<div class="card-body">
|
||||
<h4>Example: Protecting your belongings</h4>
|
||||
<ul><li>To demonstrate how these questions work, let’s build a plan to keep your house and possessions safe.</li></ul>
|
||||
|
||||
<h5>What do you want to protect? (Or, <em>what do you have that is worth protecting?</em>)</h5>
|
||||
<ul><li>Your assets might include jewelry, electronics, important documents, or photos.</li></ul>
|
||||
|
||||
<h5>Who do you want to protect it from?</h5>
|
||||
<ul><li>Your adversaries might include burglars, roommates, or guests.</li></ul>
|
||||
|
||||
<h5>How likely is it that you will need to protect it?</h5>
|
||||
<ul><li>Does your neighborhood have a history of burglaries? How trustworthy are your roommates/guests? What are the capabilities of your adversaries? What are the risks you should consider?</li></ul>
|
||||
|
||||
<h5>How bad are the consequences if you fail?</h5>
|
||||
<ul><li>Do you have anything in my house that you cannot replace? Do you have the time or money to replace these things? Do you have insurance that covers goods stolen from my home?</li></ul>
|
||||
|
||||
<h5>How much trouble are you willing to go through to prevent these consequences?</h5>
|
||||
<ul><li>Are you willing to buy a safe for sensitive documents? Can you afford to buy a high-quality lock? Do you have time to open a security box at your local bank and keep your valuables there?</li></ul>
|
||||
|
||||
<p>Only once you have asked yourself these questions will you be in a position to assess what measures to take. If your possessions are valuable, but the probability of a break-in is low, then you may not want to invest too much money in a lock. But, if the probability of a break-in is high, you’ll want to get the best lock on the market, and consider adding a security system.</p>
|
||||
<p>Making a security plan will help you to understand the threats that are unique to you and to evaluate your assets, your adversaries, and your adversaries’ capabilities, along with the likelihood of risks you face.</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<p class="mt-3">Now, let's take a closer look at the questions in our list:</p>
|
||||
|
||||
<h3>What do I want to protect?</h3>
|
||||
<p>An “asset” is something you value and want to protect. In the context of digital security, <mark>an asset is usually some kind of information</mark>. For example, your emails, contact lists, instant messages, location, and files are all possible assets. Your devices themselves may also be assets.</p>
|
||||
<p><em>Make a list of your assets: data that you keep, where it’s kept, who has access to it, and what stops others from accessing it.</em></p>
|
||||
|
||||
<h3>Who do I want to protect it from?</h3>
|
||||
<p>To answer this question, it’s important to identify who might want to target you or your information. <mark>A person or entity that poses a threat to your assets is an “adversary.”</mark> Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.</p>
|
||||
<p><em>Make a list of your adversaries, or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.</em></p>
|
||||
<p>Depending on who your adversaries are, under some circumstances this list might be something you want to destroy after you’re done security planning.</p>
|
||||
|
||||
<h3>How likely is it that I will need to protect it?</h3>
|
||||
<p><mark>Risk is the likelihood that a particular threat against a particular asset will actually occur.</mark> It goes hand-in-hand with capability. While your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low.</p>
|
||||
<p>It is important to distinguish between what might happen and the probability it may happen. For instance, there is a threat that your building might collapse, but the risk of this happening is far greater in San Francisco (where earthquakes are common) than in Stockholm (where they are not).</p>
|
||||
<p>Assessing risks is both a personal and a subjective process. Many people find certain threats unacceptable no matter the likelihood they will occur because the mere presence of the threat at any likelihood is not worth the cost. In other cases, people disregard high risks because they don’t view the threat as a problem.</p>
|
||||
<p><em>Write down which threats you are going to take seriously, and which may be too rare or too harmless (or too difficult to combat) to worry about.</em></p>
|
||||
|
||||
<h3>How bad are the consequences if I fail?</h3>
|
||||
<p>There are many ways that an adversary could gain access to your data. For example, an adversary can read your private communications as they pass through the network, or they can delete or corrupt your data.</p>
|
||||
<p><mark>The motives of adversaries differ widely, as do their tactics.</mark> A government trying to prevent the spread of a video showing police violence may be content to simply delete or reduce the availability of that video. In contrast, a political opponent may wish to gain access to secret content and publish that content without you knowing.</p>
|
||||
<p>Security planning involves understanding how bad the consequences could be if an adversary successfully gains access to one of your assets. To determine this, you should consider the capability of your adversary. For example, your mobile phone provider has access to all your phone records. A hacker on an open Wi-Fi network can access your unencrypted communications. Your government might have stronger capabilities.</p>
|
||||
<p><em>Write down what your adversary might want to do with your private data.</em></p>
|
||||
|
||||
<h3>How much trouble am I willing to go through to try to prevent potential consequences?</h3>
|
||||
<p><mark>There is no perfect option for security.</mark> Not everyone has the same priorities, concerns, or access to resources. Your risk assessment will allow you to plan the right strategy for you, balancing convenience, cost, and privacy.</p>
|
||||
<p>For example, an attorney representing a client in a national security case may be willing to go to greater lengths to protect communications about that case, such as using encrypted email, than a mother who regularly emails her daughter funny cat videos.</p>
|
||||
<p><em>Write down what options you have available to you to help mitigate your unique threats. Note if you have any financial constraints, technical constraints, or social constraints.</em></p>
|
||||
|
||||
<hr class="m-5" />
|
||||
|
||||
<div class="row">
|
||||
<div class="col-12 col-lg-6">
|
||||
<h2>Further reading</h2>
|
||||
<ul>
|
||||
<li><a href="https://en.wikipedia.org/wiki/Threat_model">Wikipedia: Threat model</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="col-12 col-lg-6">
|
||||
<h2>Sources</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/privacytools/theprivacyguide.org/blob/master/tutorials/threat-models.md">theprivacyguide.org (archived GitHub repository)</a></li>
|
||||
<li><a href="https://ssd.eff.org/en/module/your-security-plan">EFF Surveillance Self Defense: Your Security Plan</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
23
index.html
23
index.html
@ -2,7 +2,7 @@
|
||||
layout: default
|
||||
---
|
||||
|
||||
<div class="p-5 mb-5 bg-primary">
|
||||
<div class="p-5 mb-3 bg-primary">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-12 mt-5">
|
||||
@ -10,18 +10,35 @@ layout: default
|
||||
<h5 class="mt-5">Massive organizations are monitoring your online activities. Privacy Guides is your central privacy and security resource to protect yourself online.</h5>
|
||||
</div>
|
||||
<div class="col-4 p-5 d-none d-lg-block">
|
||||
<img src="/assets/img/layout/privacy-guides-logo-notext-colorbg.svg" width="100%">
|
||||
<img src="/assets/img/layout/surveillance-eye-colorbg.svg" width="100%">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="container my-5 p-5">
|
||||
|
||||
<div class="row">
|
||||
<div class="col-2 d-none d-lg-block">
|
||||
<img src="/assets/img/layout/plan-icon.svg" width="100%">
|
||||
</div>
|
||||
<div class="col-lg-10 col-12">
|
||||
<h2 class="mt-4">What should I do?</h2>
|
||||
<h5 class="mt-2">First, you need to make a plan.</h5>
|
||||
<p class="mt-2">Trying to protect <strong>all</strong> your data from <strong>everyone</strong> all the time is impractical, expensive, and exhausting. But, don't worry! Security is a process, and by thinking ahead you can put together a plan that's right for <strong>you</strong>. Security isn't just about the tools you use or the software you download. Rather, it begins with understanding the unique threats you face, and how you can counter them.</p>
|
||||
<p>This process of identifying threats and defining countermeasures is called <strong>threat modeling</strong>, and it forms the basis of every good security and privacy plan.</p>
|
||||
<a href="/threat-modeling/" class="btn btn-primary mt-2">Learn More About Threat Modeling <i class="far fa-fw fa-arrow-circle-right"></i></a>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<div class="container">
|
||||
|
||||
<div class="row m-3">
|
||||
<div class="col text-center">
|
||||
<h2>Privacy Tools & Services</h2>
|
||||
<p>The devices, software, and services that will protect your privacy highly depend on your use-cases, workflows, and threat models. But, if you don't know where to get started, we've chosen some recommended tools to get you going :)</p>
|
||||
<p>The devices, software, and services that will protect your privacy highly depend on your use case, workflow, and threat model. But, if you don't know where to get started, we've chosen some recommended tools to get you going :)</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user