You know you’re being tracked online. You don’t know whether you’ll be harassed, hacked, misled with disinformation, doxxed, or made the victim of other devious acts. You wonder who has your data and what they can do with it. And you constantly find that your favorite content or websites have been taken down or blocked.
That’s how many of us are feeling now. It’s the spring of 2018, and we’re seeing the growing, global spread of government surveillance without human rights safeguards, coupled with the largely unregulated corporate harvesting and abuse of our personal data. Our communications and information are under constant observation, our communities are at risk of being further isolated or marginalized, and we fear being treated as products, subjects, or both.
But you’re not backing down. You know it’s time to stand up for your rights. You just need to know how to protect yourself, so that you can keep doing the awesome work you are doing. Where do you begin? The technologists at Access Now’s Digital Security Helpline, a 24/7 resource for civil society worldwide, always start by assessing a client’s specific situation and needs to create what’s called a “threat model” to guide digital security recommendations. And that’s exactly what we suggest that you do.
We created “A First Look at Digital Security” — an open-source booklet — to help you take the first steps toward improving your digital security online, and we continue to update it online at GitLab to make sure it remains accessible for anyone who needs it. The guide uses five user archetypes to introduce the concept of threat modeling, and there is a glossary to explain the most difficult terms and ideas. If you are a digital security trainer, you can use and further develop the user archetypes that we present as scenarios for your teaching activities, and we have now added space — a blank persona building page — that your students can use to create their own threat model, based concretely on their particular situation and needs.
You can download and share the latest master version of the booklet, and there are editable files in a separate repository. We encourage you to reach out if you have any comments or suggestions for improvements, and you can also raise any issue that you have here. We also welcome translations of the booklet.