If you hang around privacy or security forums long enough, you’ll eventually come across the term “threat model.” Here’s what they’re talking about, and how to create one.
Threat Models
In the case of privacy, it’s helpful to ask yourself, “Who or what am I protecting my data against?” A threat model is when you create a list of things you own, possible threats against them, and creating defenses against those threats. You can do this for physical goods and digital data.
Threat models can also change over time, and it’s important to occasionally revisit it. Maybe you want to protect your data against hackers, or maybe you need to protect it from the government. A perfect threat model is impossible, but we can create a basic one. Here’s what we can address:
- What is my data?
- What can go wrong?
- What can I do?
What is My Data?
Start by listing your content, and where it’s located. Examples include notes in Apple Notes, files in iCloud Drive, photos and videos in Photos, etc. If you don’t use iCloud, the data stays on your device. If you do use iCloud, your data is on Apple’s servers.
What Can Go Wrong?
What are things that threaten that data? Probably the biggest one is the “cloud” itself. When we store our data on a company’s servers, we lose control over it. We see this when Apple has occasional outages of its services, when Google Cloud had an outage last week, or when WordPress had an outage just three days ago. Your data is being held hostage, even if it’s an accident. How can we change that?
What Can I Do?
The first obvious solution is not to upload it to the cloud. But the cloud can be convenient. This is ultimately a decision you’ll have to make on your own. Two solutions are encrypting your data before you upload, and/or making an offline backup of your data. By encrypting your data, it will be protected against threats like hackers, the government, or employees of that company with malicious intentions.
You can adapt this threat model to suit your own needs, or address things that I didn’t even think of. The important thing is being prepared.
Further Reading:
[iOS: 8 Ways to Enhance Your Privacy & Security in Safari]