With a systematic analysis of the probable attacker's profile, the most likely attack vectors, and the assets most desired by an attacker, defenders can focus on what is most important to protect. It's systematic, and like penetration testing, a dance.

De-anonymisation threat model

De-anonymisation alias re-identification. More and more governments and industries depend on it. The adversaries, possible attack vectors, the attacks, threats, assistive technologies, the possible uses, and if and where possible, what we can do.

Transparent intentions

Search engine threat model

The least investigated threat model. We must be… increasingly on the alert to prevent “them” from taking over mineshaft space and knocking us out in superior numbers when we emerge! We must not allow …

a mineshaft gap!

E2EE threat modelling

Most E2EE systems are secure against only the weakest passive adversaries, breakable not by cryptanalysis of underlying cryptographic algorithms but by flawed system designs and security assumptions. Unencrypted metadata and …

Access patterns