Skip to content

Security training: Individuals versus Random Assholes

Meitar M edited this page Nov 2, 2017 · 8 revisions

WikiSecurity culturePersona-based training matrixSecurity training: Individuals versus Random Assholes

How to use this persona-based threat modeling matrix:

  1. You are a "defender" (a given row). Find yourself there.
  2. Your concern(s) map to a given "attacker" (a given column). Find your attacker.
  3. Find the cell at which these two personas intersect. Everything listed in the cells above and to the left of your cell applies to you, too.
  4. Start at the top-left cell and read the advice from left-to-right, top-to-bottom, until you reach your cell. Then stop worrying. :)
Random Assholes Assholes with Resources The State
Defenders Individuals Individuals vs Random Assholes Individuals vs Assholes with Resources Individuals vs The State
Organizers and Journalists Organizers & Journalists vs Random Assholes Organizers & Journalists vs Assholes with Resources Organizers & Journalists vs The State
Targeted Activists Targeted Activists vs Random Assholes Targeted Activists vs Assholes with Resources Targeted Activists vs The State

Individuals versus Random Assholes


There are no prerequisites. The material presented on this page is relevant to every persona and every risk level. These practices therefore represent a minimum level of best-practice and are foundational to every other risk assessment presented in this framework.


  • Scrub personal data and opt-out from "Data broker/vendor" sites such as Spokeo/PeopleSearch/, etc.
  • Don't check in to places on Facebook/Foursquare/Yelp/etc publicly
  • turn off location services (GPS) on your phone when you don't need it (also saves battery!)
  • Turn off location tagging for your smartphone camera
  • Audit/improve your social network privacy settings
    • Verify friend requests with actual friends: When you get a Friend request from someone you don't know, but have mutual friends in common, send your mutual friend a private message asking for info about who the supposed person who may have sent the friend request actually is; avoids friending malicious/fake accounts.
  • turn off "auto-pay" (and use Password Manager fill-in instead)
  • Remove "saved fingers" (fingerprint scans) from your smartphone's memory, i.e., use a PIN or passphrase, or if you do choose to use a fingerprint, use only one or two finger's prints. (The more fingers you add, the easier it is for someone who is not you to use their fingerprint to open your device.)
  • Use a password manager (and all that that entails!)
Clone this wiki locally
You can’t perform that action at this time.