askchapo

I accidentally ordered some Gunpla and made a treat model.

The basic idea is to identify what you’re trying to protect, what threats exist or may exist, and outline possible protections against those threats, as well as the tradeoffs of those protections. So for example, someone who doesn’t do any praxis and browses Hexbear all day (not trying to call anyone out) doesn’t need to be running Edward Snowden levels of opsec and privacy software, but they should almost certainly get a cheap VPN and be regularly cycling accounts.

What this basically means is that it's a set of assumptions about how powerful and skilled your potential adversaries are in ways to compromise you and your data, and then you list all those avenues of attack and try to safeguard your privacy and devices against each of those.

For example let's take the CIA as an adversary, on one extreme you could assume they have incredible sci-fi quantum whatever technology where they can breach any system arbitrarily and completely, or on the other extreme you could assume they're entirely incompetent and can barely turn on the computer, leaving you to do whatever you want online. Obviously neither of those extremes are true, the truth is somewhere in the middle but getting closer to the truth unfortunately requires a lot of technical knowledge and experience.

I'm not extremely knowledgeable myself but I think you can go a long way with just the basics like getting a good VPN (make sure your payment is anonymous tho, I personally use Mullvad) and not posting any personally identifiable details online.