Threat modeling for newbies (like me lol)

Hello again! Yeah, these days I was posting a lot of stuff :joy_cat: but anyways. I have a lot of questions tbh.
I want to make my threat model for my privacy and security, but I don’t know where to start. I don’t want to start with something very technical or advanced, so I want to have some guidance through this process to learn about this. Where can I start to make my own TM? Any contribution will be well received! :heart_decoration:

I recall seeing some good tutorials but I don’t recall where (I think possible PrivacyGuides or the Opsec subreddit). But I want to comment more generally. I think that the term “threat model” can sound overly technical and intimidating. More or less, in simple terms it just means answering the questions:

  1. What am I trying to protect / what is my goal?
  2. From who?
  3. In what contexts?

edit: i would also add, in the context of the above questions, its normal to have more than one answer to these questions for different aspects of your life/identity.

1 Like

You could have a look at this page on as it is quite comprehensive while also not being too extreme.

@xe3’s points are a great starting point as they are the fundamental parts to a threat model.

Remember to not fret about making a perfect threat model, and don’t feel pressured to make an amazing one; as long as it works for you, it’s a great threat model.

Hope this helps :grinning:


Thank you all guys for your contributions! :3

1 Like