Security Guides

Who Is Actually Watching You? (Threat Modeling)

You can't protect yourself from everyone at once. Learn how to identify your real risks and ignore the movie-plot scenarios.
Becca Larson, Alex Larson
1 min read
Who Is Actually Watching You? (Threat Modeling)
Photo by Gregoire Jeanneau / Unsplash
Who Is Actually Watching You? (Threat Modeling)
Photo by Gregoire Jeanneau / Unsplash

A common mistake beginners make is trying to become "invisible." They buy a VPN, install Linux, switch emails, and tape over their webcam all at once, then get burned out and quit.

Security is not a checklist. It is a mindset. To be effective, you need to know who your "adversary" is. This is called Threat Modeling.

Common Adversaries

1. The Corporations (Surveillance Capitalism)

  • Who: Google, Facebook, Amazon, Data Brokers.
  • Goal: To build a profile of your life (what you buy, where you go, who you love) to sell ads or influence your behavior (a concept known as Surveillance Capitalism).
  • Defense: Ad-blockers (uBlock Origin), privacy browsers (Firefox), private search engines (DuckDuckGo/Startpage), not using their apps.

2. The Opportunistic Hacker

  • Who: Criminals using automated scripts to scan the internet.
  • Goal: Fast cash. They want your credit card, your Netflix login, or to lock your files with Ransomware.
  • Defense: Strong passwords (Password Manager), 2-Factor Authentication (2FA), Software Updates.

3. The Government / ISPs

  • Who: Internet Service Providers (Comcast, AT&T) and intelligence agencies.
  • Goal: ISPs want to sell your browsing history. Agencies want mass surveillance for "national security."
  • Defense: HTTPS (standard now), VPNs (hides traffic from ISP), Signal (encrypted messaging).

4. The Targeted Attacker (Stalkers, Abusive Partners)

  • Who: Someone who knows you personally and wants to harm you specifically.
  • Goal: Control, harassment, or physical location tracking.
  • Defense: Physical device security, changing passwords, auditing location sharing on phones, social media hygiene.

Building Your Model

Don't buy a $5,000 steel door for a tent. Match your defense to your threat.

  • Average User:
    • Threats: Hackers stealing passwords, Google tracking everything.
    • Fixes: Password Manager, uBlock Origin, Auto-updates.
  • Journalist / Activist:
    • Threats: State surveillance, targeted malware.
    • Fixes: Tor, GrapheneOS, Tails, Signal, strict operational security (OpSec).

Start with the basics. If you use password123, the NSA is the least of your worries. Fix the locks on your doors before you worry about spy satellites.

Basics
About the author

Becca Larson

Becca worked for Big Tech, but now she works for you. With a Master's in Cybersecurity and Information Assurance, she is a top expert on personal privacy and security topics.

Read next

How the Internet Works: A Primer

Security Guides for Real People

You don't need to be a hacker to be secure online. SecurityGuides.org is built for regular people who want to protect their data without needing a computer science degree.

Security Guides

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Security Guides.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.