need help: EFF security surveillance plan

Hello all,
I am working on a virtual class for my library about internet safety tips. I want to include a bit on the EFF security surveillance plan viewable here:

I plan to give short, simple answers to the 5 questions. I am stuck on #2 - about how to give a clear list of who we need to protect our online assets from.
Do you have suggestions?

  1. What do I want to protect? [i will give a list of assets: emails, contacts, banking records, location, etc]

2. Who do I want to protect it from? So far I have: predatory wi-fi, browser trackers, people who might use my computer/phone/tablet, phishing attempts, companies I give my info to (apps, subscriptions, websites, exercise devices, etc).

  1. How bad are the consequences if I fail? [It depends on their opinion: I will point out that the loss of emails/contacts might be not important to some and considered worse for others but the loss of banking records is likely very bad for everyone]

  2. How likely is it that I will need to protect it? [again, it depends on you, do you have a lot of assets, do you do a lot of online banking or shopping, have you been stalked online?]

  3. How much trouble am I willing to go through to try to prevent potential consequences? [this is something they have to answer for themselves - example, I am willing to have very secure passwords for banking records but will use easier to remember passwords for my social media apps]

Thanks for any help/suggestions!

I think you’re on the right track here, but I think you might want to explicitly name these folks as thieves. These adversaries are stealing information in order to steal more valuable assets (banking login information and money).

1 Like

Thanks Samlee!

I just found this interesting threat model document -
I think I want to make something similar but more for the average patron.

this is very good and written by someone I know, Tom Lowenthal