Bank Accounts, Browsing History, Health Data, Search History, Location, etc. • You want to protect it from: bad websites, data brokers, hackers, and social networks • You are NOT a special target for any attackers • Total Identity Theft is your worst- case consequence • Risk Proﬁle ~= Average Consumer
(Personal & work) • See & use all your email? (Personal & work) • Use email to reset passwords? • Show all your photos & videos? • Show your home address and map searches? • Show all your contacts? • Do 2-Factor Authentication?
Search History, Online & Ofﬂine activity, location, etc. • You ARE a special target for some adversaries • Online harassment is a real risk for you, maybe ofﬂine “real-life” harassment or even detainment
• ISPs snooping on customers’ online activity • Governments censoring sites • Corporations scanning web logs for their competitors’ IP addresses • Criminal sites scanning web logs for law enforcement IP address
Files? • From whom do you want to protect it? • Boss? Government? Hackers? • How likely is it that you need to protect it? • E.g., unlikely: mobile phone carrier publishing your data online • How bad are the consequences of failure? • Risk ~= how likely * how bad Threat-modeling: Your Risk Proﬁle