Threat Modeling — Asking the Right Security Questions
THREAT MODELING is a structured way of asking: what am I protecting, from whom, and what tradeoffs am I willing to make? It's the FIRST step in real security — because perfect security is impossible, and what matters is getting the priorities right.
The 5 questions (popularized by EFF). (1) WHAT do you want to protect? (private messages? bank account? location?). (2) WHO do you want to protect it from? (random hackers? targeted attackers? government?). (3) HOW LIKELY is the threat? (4) HOW BAD are the consequences if the threat happens? (5) HOW MUCH TROUBLE are you willing to accept to defend? A good answer to all 5 produces a focused security plan.
A celebrity activist's threat model is VERY different from a regular user's because:
Common results. Most people: strong unique passwords + 2FA + a password manager + cautious clicking covers 95% of threats. People with high-value secrets: add encrypted devices, secure messaging, careful operational security. Activists/journalists in repressive contexts: full operational security including device hygiene, anonymity tools, secure communications training.
Your Model
Write your own threat model. WHAT do you most want to protect (school grades? friend chats? family photos?)? WHO do you fear (curious classmates? hackers? scammers?)? Pick ONE defense to add this week.
Threat modeling sounds technical but it's really just structured thinking. Five questions, applied honestly, give you a security plan that fits YOUR life — not someone else's.
Want to keep learning?
Sign up for free to access the full curriculum — all subjects, all ages.
Start Learning Free