Consider Everyone's Unique Situation

Everyone has different needs, and everyone faces different dangers when their personal data gets exposed.

To give actionable privacy advices and recommendations, it's essential to keep in mind everyone's situation. There isn't a one-size-fits-all approach when it comes to data privacy.

Here's how you can get better at evaluating each person's unique threat model:

What is a threat model?

We regularly use the term "threat model" in cybersecurity and data privacy. This might sound obscure at first if you haven't seen it before, but it's quite simple: A threat model is an evaluation of what is dangerous for a certain person (or entity) in a given situation, and what protective measures should be prioritized.

For example, if you leave near the equator, polar bears might not be an important threat to your safety. However, if you live in Nunavut, it may be important to get information on how to prevent a polar bear attack.

Similarly, when you choose privacy protections for yourself or for others, you should first ask a few questions to understand better what information you are trying to protect, from whom, and in which context.

What questions to ask?

To establish a threat model, ask the following questions:

1. What information leak could endanger this person or organization the most?
2. Who this information should be protected from?
3. How likely is it that this person or entity could access this information?
4. What could happen if this person or entity had access to this information?
5. What are the protections available to protect this information specifically from this person or entity?
6. What would be the downside of using these protections?
7. How long do these protections need to remain in place?

Ask, rinse, and repeat for each type of information. The answers to these questions will be unique for each person or organization. This is their unique threat model.

Example scenario: Threat of stalking

Needs: Alice is a young celebrity sharing a lot of information about herself on social media. As part of her work, she has to be able to share photos of herself, her legal name, some of her travel information, and details about her personal life.

Threat: However, to protect herself from an aggressive stalker, she must protect information about her home address at all cost.

Level of danger: She already received threats online, and the danger to her safety is imminent if her home address were to be known to this aggressive stalker.

Information to protect and solutions: Everywhere that Alice is required to share her home address must be protected. She should use a PO box every time her personal address isn't absolutely necessary. She should make sure to only share her address with trusted people that are informed about this danger. And she should inspect all of her photos and metadata carefully, to make sure her location is never precisely revealed.

Example scenario: Surveillance Capitalism

Needs: Bob feels uncomfortable with companies using his information without his consent. He doesn't trust what they might do with this information later, or whom they might sell it to. He is especially worried about how companies and governments might use facial recognition with him.

Threat: To limit facial recognition, Bob doesn't want any companies to have access to a photo of his face.

Level of danger: If Bob or someone close to Bob posted a photo of his face online, the numerous bots constantly scanning the open web and social media platforms would have a copy of it in no time.

Information to protect and solutions: To prevent this, Bob should not post any photos of his face online. He should make sure to only choose profile pictures that don't show his face for social media, and inspect any other photos posted to make sure his face doesn't show up on reflective surfaces. He should also inform his friends and family that he doesn't want photos of himself to be posted online, and he should protect his phone camera roll and cloud storage from getting scanned by remotely controlled AI. Bob should also opt out of any online platforms demanding a facial scan or photo ID in order to verify his age or identity.

Respect people's choices when it comes to their own privacy, even if they are different from yours

When advising others on data privacy, it's easy to get carried away and forget that other people might have different threat models from our own.

Once we have provided the information to somebody who might need it, it's important to take a step back and respect their choices. If someone understands the risks, and decides that sharing this information about themselves is an acceptable level of risk to them, we cannot (and shouldn't try) to force them in using the same level of protection we have adopted ourselves, if they don't want to.

Of course, this might be a different story if their decision also affects the data of others. But if it only concerns their own data, the choice is theirs.

To be a good privacy advocate is to provide information and support when needed. But ultimately, privacy is about deciding what one is comfortable sharing about themselves or not. We can only choose this for ourselves, not for others.

More resources

• More detailed information on threat modeling (Privacy Guides)

• Examples of common threats (Privacy Guides)