Skip to content
TopicTracker
From HackerNewsView original
TranslationTranslation

Soatok's Informal Guide to Threat Models

A guide explaining threat models as a method to identify security risks by defining assets, adversaries, and their capabilities, helping readers make informed security choices rather than following generic advice.

Background

- Threat modeling is a structured way to think about security: you identify what you're protecting, who you're protecting it from, what attacks they could use, and what you're willing to accept as risk. - Many online security debates are confused because people argue past each other using different threat models — e.g., a journalist evading a state spy agency has very different needs than an average user avoiding credit card fraud. - Soatok is a furry-identity blogger and software developer known for technical deep-dives on cryptography, security engineering, and internet privacy, with a following among programmers and security enthusiasts. - This guide is an accessible primer aimed at helping readers reason about threats clearly, avoid common fallacies (like "if it's not secure against the NSA it's worthless"), and choose appropriate tools for their actual risks.