Security And Privacy Threat Model

Protecting your Security and Privacy - why does it matter? If you're a "normal law-abiding citizen", what do you have to hide?

People who might spy on you, what you might want to hide, sources of risk, tactics:

Your spouse/Significant Other, your kids, etc.

what to hide?
- strange ideas you don't want to share
- private notes about them
source of risk: sharing your hardware
tactics
- turn on basic privacy settings (swipe patterns, password) to log into your machines
- use something like MacOs X Work Space-s to semi-hide your personal stuff that you keep open, for when letting someone use your machine "just for a minute"

Your teacher

what to hide
- casual/flippant remarks can get you in trouble ("bullying", "columbine risk", etc.)
- insults about teachers can get you in trouble
- maybe you don't want to do anything rude/illegal in front of your WebCam http://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School_District
sources of risk
- school WiFi network
- school-issued equipment
- FaceBook posts shared with more than a few people (someone will leak it)

Your boss and his lawyers

Person at another table in the Coffee Shop

Business competitors (esp via foreign governments)

Foreign governments (if/when you travel there)

what to hide
- your public political beliefs, membership in "hostile" groups like ahem the ACLU, EFF, Green Peace, etc.
- your "friend of a friend" who turns out to be a Person Of Interest
sources of risk
- things you post on Social Media sites, even if "private" to your FaceBook "friends"
- your EMail
  - even if you run your own EMail server, Google probably has copies.
- your email/phone Address Book, stored in a WebMail account or synched to your Mobile OS Back Up
- even if you trust your service provider not to read your stuff for their own sake, that doesn't mean they won't hand it over to BigGov, even without a warrant
- Note CALEA risk in the future.

Bill Seitz