Most privacy and security advice is written as if it applies to everyone equally. Use this app. Change this setting. Never do that.

But the right choice depends entirely on your situation. A domestic abuse survivor protecting their location from a former partner has very different needs than someone who mostly wants to stop being followed by advertising networks. Both are legitimate concerns. The tools and habits that help one situation may not be necessary, or even useful, for the other.

Threat modeling is how you avoid doing more than you need to, or less than you should.

Working through these questions helps you understand your own situation more clearly. You don't need formal answers, just honest ones.

1. What do I want to protect?

This is your information, your devices, your accounts, your identity, whatever feels important to keep out of the wrong hands. It might be your physical location, your financial information, conversations with specific people, your browsing habits, or your identity in a particular context.

Being specific helps. "My personal data" is too vague. "My home address and daily routine" is more useful to work with.

2. Who do I want to protect it from?

This is your adversary, whoever you're concerned about accessing or misusing your information. It might be a data broker selling your information to advertisers. It might be your employer. It might be a government agency. It might be a specific person in your life.

Different adversaries have different capabilities and different motivations. A stalker and an advertising network are both real concerns, but they require different responses.

3. How likely is it that I'll need to protect it?

Capability and likelihood are not the same thing. Your internet provider can technically see much of your traffic. That doesn't mean they're actively watching you or will expose your data. Understanding probability, not just possibility, helps you make proportionate decisions.

4. How bad would it be if something went wrong?

Think about consequences. Losing access to your email account is inconvenient. Having private medical information shared publicly could affect your employment or relationships. Having your location exposed to a specific person could put you in physical danger. The severity of the potential harm affects how much effort is worth putting in.

5. How much effort are you willing to put in?

Security and privacy often involve friction. Stronger tools can mean more setup, more steps, or giving up some convenience. There's no single right answer here, it depends on how significant the risk is and how much inconvenience you're prepared to accept. The goal is a sustainable approach you'll actually use, not a perfect approach you'll abandon.

Imagine you're moving to a new city and you don't want your old landlord to track down your new address.

• What to protect your new home address
• Adversary your former landlord
• Likelihood medium, they have a reason to want to find you
• Consequences moderate to serious, depending on the relationship
• Effort you're willing to invest some, but not a complete lifestyle overhaul

With that frame, your choices become clearer. You probably don't need to use Tor or set up a new identity. You might want to check what your name returns in public records, be careful about what you post on social media, and use a PO box for mail. Those steps directly address the concern.

The same framing applies to digital situations.

• Avoiding over-engineering, spending effort on threats that aren't actually relevant to you
• Avoiding under-protecting, dismissing concerns that are more serious than they look
• Making decisions that actually match your situation
• Knowing when a simpler tool is enough, and when something more serious is warranted

• It doesn't tell you exactly which tools to use, it gives you the frame to evaluate them
• It doesn't account for threats you haven't thought of, your model is only as good as your understanding of your situation
• It requires revisiting as your circumstances change, a model that fit your life a year ago may not fit it now

No threat model is permanent. Your situation changes. So do the tools and services you rely on, and so do the capabilities of the people or systems you're concerned about. A model worth building is one you'll actually review occasionally, not something you set once and forget.

It's also easy to let threat modeling become anxiety-inducing rather than clarifying. The goal is to feel more grounded about what steps make sense, not more overwhelmed. If you're not sure where to start, start with the most obvious concern in your life right now.

• Pick one specific concern, something you've actually wondered about or felt uneasy about, and work through the five questions above
• Write it down, even roughly. Having something on paper makes it easier to think about
• Be honest about the effort question. A privacy practice you abandon after two weeks doesn't help you
• Start with the What is privacy page if you want to understand the broader context first

Threat modeling is a concept borrowed from security engineering, but the principles apply equally well to everyday privacy decisions. Formal versions of it involve things like attack trees and adversary profiles. For most people, the five questions above cover most of what's useful.

The EFF's Surveillance Self-Defense guide applies this framing to a range of real situations, from journalists to activists to people in abusive relationships. If your situation feels higher-stakes than everyday privacy concerns, that's worth reading.

One useful distinction, capability (what an adversary can do) versus likelihood (what they'll actually do). Security writing often focuses on capability. Your decisions should also account for likelihood, otherwise you end up protecting against everything and making your daily life much harder than it needs to be.

• What is privacy, the broader context for why this matters
• Building a security plan, a more structured version of the same thinking
• Encryption, one of the tools threat modeling often leads to