Shakedown Social

0 posts0 participants0 posts today

꧁ᐊ𰻞ᵕ̣̣̣̣̣̣́́♛ᵕ̣̣̣̣̣̣́́𰻞ᐅ꧂<a href="https://mastodon.gamedev.place/tags/screenshotsaturday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#screenshotsaturday</a> here we can (barely) see ðe 🍭-mimic spider in its natural habitat, While it may try to ambush & kill you by default, it will appreciate you letting it eat a parasite from you or feeding it some candy larva(at least until it gets hungry again)<a href="https://mastodon.gamedev.place/tags/gamedev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#gamedev</a> <a href="https://mastodon.gamedev.place/tags/worldbuilding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#worldbuilding</a> <a href="https://mastodon.gamedev.place/tags/4d" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4d</a> <a href="https://mastodon.gamedev.place/tags/roguelike" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#roguelike</a>

꧁ᐊ𰻞ᵕ̣̣̣̣̣̣́́♛ᵕ̣̣̣̣̣̣́́𰻞ᐅ꧂<a href="https://mastodon.gamedev.place/tags/screenshotsaturday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#screenshotsaturday</a> adding a speed system, so moving in ziʒzags is faster(esp 3d & 4d zigzegzogzags), coffee makes you faster, different weapons/tools have different speeds, & obviously what ur moving θru also affects ur speed 2 𓅱<a href="https://mastodon.gamedev.place/tags/4d" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4d</a> <a href="https://mastodon.gamedev.place/tags/gamedev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#gamedev</a> <a href="https://mastodon.gamedev.place/tags/MessageLost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MessageLost</a> <a href="https://mastodon.gamedev.place/tags/survival" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#survival</a> <a href="https://mastodon.gamedev.place/tags/roguelike" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#roguelike</a> <a href="https://mastodon.gamedev.place/tags/SponsoredByEuclid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SponsoredByEuclid</a>

꧁ᐊ𰻞ᵕ̣̣̣̣̣̣́́♛ᵕ̣̣̣̣̣̣́́𰻞ᐅ꧂Diagonal ✝️section of ðe 4d cartesian product of 2 "I want to be a sea urchin and eat cabbage"(yes, really) tilings⬛🟦⬛ 🟧⬜🟧 kinda like ðis ⬛🟦⬛Unfortunately we are still too dimensionally, perceptually, & probably intellectually challenged to even try to look at ðe full θing 😔<a href="https://mastodon.gamedev.place/tags/TilingTuesday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TilingTuesday</a> <a href="https://mastodon.gamedev.place/tags/tiling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tiling</a> <a href="https://mastodon.gamedev.place/tags/mathart" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mathart</a> <a href="https://mastodon.gamedev.place/tags/geometry" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#geometry</a> <a href="https://mastodon.gamedev.place/tags/mastoart" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mastoart</a> <a href="https://mastodon.gamedev.place/tags/4d" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4d</a> <a href="https://mastodon.gamedev.place/tags/abstract" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#abstract</a>

꧁ᐊ𰻞ᵕ̣̣̣̣̣̣́́♛ᵕ̣̣̣̣̣̣́́𰻞ᐅ꧂<a href="https://mastodon.gamedev.place/tags/Funfact" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Funfact</a> you can tile 4d space with ðe cartesian product of any 2 2d tilings(12.6.4 x 12.6.4 here),Each resulting duoprism shape has a unique color(even if ðey can look like 2 difrnt polygons in ðese 2d🔄✝️sections)<a href="https://mastodon.gamedev.place/tags/TilingTuesday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TilingTuesday</a> <a href="https://mastodon.gamedev.place/tags/geometry" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#geometry</a> <a href="https://mastodon.gamedev.place/tags/creativecoding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#creativecoding</a> <a href="https://mastodon.gamedev.place/tags/mathart" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mathart</a> <a href="https://mastodon.gamedev.place/tags/tiling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tiling</a> <a href="https://mastodon.gamedev.place/tags/4d" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4d</a> <a href="https://mastodon.gamedev.place/tags/3d" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#3d</a>

tuxwise(17/N) Finally, two threat types that refer to security more than privacy:<a href="https://mastodon.de/tags/Obstructing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Obstructing</a>An adversary destroys, withdraws, steals or misappropriates information, access, or resources. The obstruction can be temporary or permanent, partial or total. Obstructing can also occur unintentionally, with the “adversary” being deterioration, malfunction, or disaster.<a href="https://mastodon.de/tags/Interfering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interfering</a>An adversary deliberately corrupts the integrity or authenticity of information, resources, processes, or interactions. The respective information, resources, processes, or interactions aren’t necessarily controlled or owned by the persons that are affected, and may also be fabricated. Interfering can also occur unintentionally, with the “adversary” being deterioration, malfunction, or disaster.Start of this thread: <a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank">https://mastodon.de/@tuxwise/113503228291818865</a><a href="https://mastodon.de/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatModeling</a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4D</a>

tuxwise(16/N) Three more threat types defined:Data <a href="https://mastodon.de/tags/disclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#disclosure</a>An adversary makes somebody’s confidential data available to unauthorized parties.Manufacturing cooperationAn adversary hides from somebody the potentially harmful consequences of their own decisions and actions, or denies them the option of avoiding such consequences, even when they are aware of them.<a href="https://mastodon.de/tags/NonCompliance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NonCompliance</a>Contrary to what somebody expects and trusts in, an adversary does not follow laws, documented policies or contractual obligations; or does not abide by what is perceived as conventions, or unwritten rules, in the respective context.(to be continued)Start of this thread: <a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank">https://mastodon.de/@tuxwise/113503228291818865</a><a href="https://mastodon.de/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatModeling</a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4D</a>

tuxwise(15/N) Two more threat types defined:Undesirable non-repudiation or repudiation<a href="https://mastodon.de/tags/Repudiation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Repudiation</a> (plausible denial) of what somebody has said / done / known / possessed becomes impossible because an adversary has managed to collect enough evidence to establish undesirable non-repudiation. In other words: the adversary can prove beyond reasonable doubt that "it" happened.Alternatively, <a href="https://mastodon.de/tags/NonRepudiation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NonRepudiation</a> (proof beyond reasonable doubt) cannot be established because an adversary has managed to suppress or destroy enough evidence to gain the option of repudiation (plausible denial). In other words: the adversary can plausibly deny "it" happened.DetectingAn adversary can check for the presence or absence of specific data items, which are tell-tale indicators for something else.(to be continued)Start of this thread: <a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank">https://mastodon.de/@tuxwise/113503228291818865</a><a href="https://mastodon.de/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatModeling</a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4D</a>

tuxwise(14/N) Having familiarized ourselves with categories of adversaries, their main goals and their respective, overall "modus operandi", let's look at the types of threats posed by them.Again, it pays to focus on types of threats: We don't want to become mainly alert-triggered, but proactive. There are several frameworks we can borrow ideas from, most notably the LINDDUN framework that is geared toward threats to privacy, and can be extended a bit to cover more ground.First, our list of threat types:<ul><li><a href="https://mastodon.de/tags/Linking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linking</a> (spotting connections and relationships)</li><li><a href="https://mastodon.de/tags/Identifying" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Identifying</a> (mapping to identities)</li><li>Undesirable <a href="https://mastodon.de/tags/NonRepudiation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NonRepudiation</a> or <a href="https://mastodon.de/tags/repudiation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#repudiation</a></li><li><a href="https://mastodon.de/tags/Detecting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Detecting</a> (absence or presence of indicators)</li><li>Data <a href="https://mastodon.de/tags/disclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#disclosure</a> (to the unauthorized)</li><li>Manufacturing cooperation (disguised or imposed bad consequences)</li><li><a href="https://mastodon.de/tags/Obstructing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Obstructing</a> (access, information, resources)</li><li><a href="https://mastodon.de/tags/NonCompliance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NonCompliance</a></li><li><a href="https://mastodon.de/tags/Interfering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interfering</a> (with information, resources, processes, interactions)</li></ul>Our definitions of these, for our context:LinkingAn adversary can figure out connections and relationships between formerly isolated items of interest.IdentifiyingAn adversary can link items of interest directly to a natural person.(to be continued)Start of this thread: <a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank">https://mastodon.de/@tuxwise/113503228291818865</a>LINDDUN: <a href="https://linddun.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://linddun.org/</a><a href="https://mastodon.de/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatModeling</a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4D</a>

tuxwise(13/N) The sixth, and last, category of adversaries:“They”“They” want to define boundaries and acceptable behavior for the masses, as well as monitor compliance on a large scale, and enforce it on an individual level.As a consequence, permanent mass <a href="https://mastodon.de/tags/surveillance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#surveillance</a> of all types of assets is a means of monitoring the compliance of the majority, and of detecting deviant behavior. Legalizing more and more monitoring options becomes a goal, including international partnerships on information exchange. Depriving you of your assets, temporarily or permanently, is a means of enforcing your compliance or obedience. The mere threat of this can be sufficient to create a <a href="https://mastodon.de/tags/ChillingEffect" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ChillingEffect</a>.State-sponsored actors (such as hacker groups) and nation-state threat actors (in the form of intelligence services, law enforcement, censorship offices, and other <a href="https://mastodon.de/tags/government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#government</a> agencies) fall into this category. It also includes <a href="https://mastodon.de/tags/companies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#companies</a> that have either a monopoly, or a significant share of an oligopolistic market, or portfolio of services specifically targeted at the public sector.While the entities in this category may seem wildly heterogeneous at first, remember that there are <a href="https://mastodon.de/tags/RevolvingDoors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RevolvingDoors</a> between them, for swapping their respective “ex” members. Beyond lobbying, there is also a complex, ongoing collaboration between many of them, which has been described as “grey intelligence”, “grey policing”, “public-private partnership”, etc.Start of this thread: <a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank">https://mastodon.de/@tuxwise/113503228291818865</a><a href="https://mastodon.de/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatModeling</a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4D</a>

tuxwise(12/N) A fifth category of adversaries:🦕 Business(i)es<a href="https://mastodon.de/tags/Business" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Business</a>(i)es want to extract <a href="https://mastodon.de/tags/profit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#profit</a> from you. Preferably, but not necessarily in legal, sustainable, and the cheapest possible ways.Your assets are seen as levers to generate more profit, because they betray what is meaningful to you, and worth investing into, in your eyes.Businessies disguise their factual indifference towards your specific assets by enthusiastically pretending to "care" as much for them as you do, to achieve the "Nessie effect": on the surface, always appear likeable, despite your size, and in spite of what you are actually pursuing under the surface.This category is the widest of all. Nearly all businessies participate in <a href="https://mastodon.de/tags/SurveillanceCapitalism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SurveillanceCapitalism</a>, either by directly aggregating every tidbit of your data in a <a href="https://mastodon.de/tags/profile" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#profile</a>, in return for a service that is allegedly "free" – and later selling targeted access to you; or by paying <a href="https://mastodon.de/tags/DataBrokers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBrokers</a> for access to potential customers that fit very specific criteria.(to be continued)Start of this thread: <a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank">https://mastodon.de/@tuxwise/113503228291818865</a><a href="https://mastodon.de/tags/ThreadModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreadModeling</a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4D</a>

tuxwise(11/N) A fourth category of adversaries:🫳 Intruders<a href="https://mastodon.de/tags/Intruders" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Intruders</a> want to ignore your <a href="https://mastodon.de/tags/boundaries" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#boundaries</a> at will, and their related actions to be unrestricted and without repercussions, for as long as possible. Additionally, satisfaction might be derived from any ineffective responses to their actions.Controlling your assets at will, and having unrestricted access to them is their goal. Some are fantasizing about a relationship with you that would somehow entitle them to it. Sometimes, their actions include damaging, or destruction of, your assets, to inflict suffering upon you, or for revenge, or to gain notoriety.This is a wide category that includes attention-getters; <a href="https://mastodon.de/tags/narcissists" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#narcissists</a> and <a href="https://mastodon.de/tags/stalkers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#stalkers</a>; abusive, vengeful and jealous people; starstruck individuals seeking <a href="https://mastodon.de/tags/parasocial" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#parasocial</a> interaction; thrill seekers; script kiddies; "OSINT" wannabees; swatters; vandals; and sometimes even potential employers.(to be continued)Start of this thread: <a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank">https://mastodon.de/@tuxwise/113503228291818865</a><a href="https://mastodon.de/tags/ThreadModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreadModeling</a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4D</a>

tuxwise(10/N) A third category of adversaries:☝️ Ideologues<a href="https://mastodon.de/tags/Ideologues" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ideologues</a> want to push you to do the right thing, or to punish you for doing the wrong thing. They may also want to eliminate you, physically or metaphorically, when they can't achieve their goal: Maybe you just won't learn, or are incorrigible, as such.The assets that you are "entitled" to are considered a reward, for conforming to the respective ideology. The portion of your assets that you aren't "entitled" to is usually the target of relentless denial, even destruction.Entitlement is always conditional, and temporary: In case you seem to be going astray, and appeals to your conscience do not seem to have enough effect, your assets may be withdrawn or destroyed.Hacktivists, campaigners, protagonists or minions of gender-based violence, lobbyists, racists, and terrorists fall into this category.Note: I am not judging how "just" the respective "causes" are, I'm talking about behaviors.(to be continued)Start of this thread: <a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank">https://mastodon.de/@tuxwise/113503228291818865</a><a href="https://mastodon.de/tags/ThreadModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreadModeling</a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4D</a>

tuxwise(9/N) A second category of adversaries:💰 CriminalsCriminals want valuable resources that you happen to possess, at the moment.From that point of view, seemingly valuable assets are to be pried from your hands, while your “junk” assets may be ignored, at best. At worst, they’ll be carelessly destroyed in the process, or the threat of their destruction will be weaponized against you.Typical activities of criminals are scams, ransomware attacks, or identity theft. There's a dedicated "eCrime ecosystem" with crime infrastructure providers; marketplaces for stolen, private information; illegal access brokers selling credentials; and even “big game hunters” executing targeted attacks on large corporations, as a paid service.BTW, calling these adversaries "cybercriminals" instead is just a dumb court curtsy.(to be continued)Start of this thread: <a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank">https://mastodon.de/@tuxwise/113503228291818865</a><a href="https://mastodon.de/tags/ThreadModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreadModeling</a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4D</a>

tuxwise(8/N) For now, leave your spreadsheet of assets alone and turn to the second question of the <a href="https://mastodon.de/tags/ThreatModelingManifesto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatModelingManifesto</a>:2. What can go wrong?The answer usually includes a list of adversaries, so you can later consider which ones you stand a chance fighting, if you think it's worth it.Again, this may be helpful for corporations, but not that much for individuals, since damage done to individuals can be much deeper, and last for much longer, even for life.So, lets rather consider abstract categories of adversaries from a perspective of what their primary goals are, and what they usually do to achieve them. We don't bother with specific bad actors here, nor are we considering how to "help them" via psychotherapy, legislation, imprisonment or campaigning, at this point in time.First, the list:<ul><li>🤷 You, and people like you</li><li>💰 <a href="https://mastodon.de/tags/Criminals" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Criminals</a></li><li>☝️ <a href="https://mastodon.de/tags/Ideologues" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ideologues</a></li><li>🫳 <a href="https://mastodon.de/tags/Intruders" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Intruders</a></li><li>🦕 <a href="https://mastodon.de/tags/Business" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Business</a>(i)es</li><li>🏢 “<a href="https://mastodon.de/tags/They" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#They</a>”</li></ul>A few thoughts, on each category:🤷 You, and people like youYou and others prefer to keep asset protection efforts to a minimum. You tend to take the integrity of your assets for granted, hoping that others will respect your boundaries, either out of respect for you or because of legal regulations and repercussions. Your attitude towards handling the assets of others is equally shortsighted and careless.As a result, your digital assets stay exposed, and you're putting others at risk, too.(to be continued)Start of this thread: <a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank">https://mastodon.de/@tuxwise/113503228291818865</a><a href="https://mastodon.de/tags/ThreadModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreadModeling</a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4D</a>

tuxwise(7/N) You should now have a spreadsheet filled with a list of all of your data and device "assets" (that you were able to remember, so far).BTW, that spreadsheet is stored on encrypted media only, isn't it?Now, for each asset, verify again that you have set all appropriate category checkmarks in the columns described under (4/N):<a href="https://mastodon.de/@tuxwise/113521613245140566" translate="no" rel="nofollow noopener noreferrer" target="_blank">https://mastodon.de/@tuxwise/113521613245140566</a>Then, considering not just quantifiable damage like a potential loss of money, but also the abstracts assets listed under (3/N) …<a href="https://mastodon.de/@tuxwise/113514249877671549" translate="no" rel="nofollow noopener noreferrer" target="_blank">https://mastodon.de/@tuxwise/113514249877671549</a>… reflect a little, per specific asset, how bad the consequences would be if it were disclosed, destroyed, or deanonymized. If you wish, track the consequences in an additional column, possibly using a qualitative range like: 🤷 … 😟 … 😳 … 😭 … 😱Unlike with traditional, or "corporate" threat modeling, I find it less helpful to try and merely quantify such an assessment of potential damages, and to separate it from recording the assets. I also find it not helpful to consider various types of bad actors already, at this stage.Since everything in our asset list relates to us, individually and personally, measurable damage like a potential loss of money is only a part of the impact.As humans, we can't just (more or less) gracefully disappear [*], like a business, or an organization. We also don't get much relief from claiming we've been as diligent as mandated by regulations or policies, since we won't be merely held "accountable" for damages, but will actually suffer from them, physically and psychologically, possibly for life.Start of this thread: <a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank">https://mastodon.de/@tuxwise/113503228291818865</a><a href="https://mastodon.de/tags/ThreadModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreadModeling</a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4D</a> [*] No, not even in countries with moderate tracking of the whereabouts and names of their citizens.

tuxwise(6/N) A final set of prompts, for three more categories. Add the related data "assets" that come to your mind to your spreadsheet:🛰️ <a href="https://mastodon.de/tags/Geospatial" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Geospatial</a> data🗺️ Current <a href="https://mastodon.de/tags/position" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#position</a> 🏠 Place of residence 🛰️ GNSS-precision tracks 🗓️ Appointment <a href="https://mastodon.de/tags/calendars" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#calendars</a> 🎫 <a href="https://mastodon.de/tags/Ticket" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ticket</a> purchases 🏨 Room <a href="https://mastodon.de/tags/reservations" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#reservations</a> …🛜 <a href="https://mastodon.de/tags/Infrastructure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infrastructure</a>🌐 <a href="https://mastodon.de/tags/Internet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Internet</a> access 🛜 <a href="https://mastodon.de/tags/Router" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Router</a> 🟰 Network neutrality 💻 Hardware 🧑‍💻 Software 🪙 Means of <a href="https://mastodon.de/tags/payment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#payment</a> …🫥 <a href="https://mastodon.de/tags/Accounts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Accounts</a> and <a href="https://mastodon.de/tags/handles" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#handles</a>📧 Email & Messaging (including content) ⭐ Social media ☁️ Cloud 🫥 Pseudonyms & personas …Remember many data "assets" will fall into multiple categories. For every asset, leave a checkmark in all applicable category columns.Start of this thread: <a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank">https://mastodon.de/@tuxwise/113503228291818865</a><a href="https://mastodon.de/tags/ThreadModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreadModeling</a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4D</a>

geekgirl :mastodon:I had such a bad experience with <a href="https://bne.social/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4D</a> previously, I swore I'd never do it again. However, there are some reports saying that the <a href="https://bne.social/tags/film" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#film</a> <a href="https://bne.social/tags/Wicked" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Wicked</a> in 4D is a somewhat smooth ride. If, anyone has been & experienced this film in 4D, do let me know. I'm not a lover of musicals, per se, but I can see that a lot of the imagery is quite beautiful. <a href="https://bne.social/tags/Opinions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Opinions</a> please 🙏 Maybe just a good old fashioned VMax will suffice!

tuxwise(5/N) A few more prompts, for two categories. Add the related data "assets" that come to your mind to your spreadsheet:📇 Social graphs – which of your data betrays them?📇 Contacts 🫂 Follows & follower 👍 Interactions (like, repost etc.) 💬 Chats & communication metadata 🎼 Workflows & handovers 👑 Workplace hierarchies …🗃️ Data and metadata – "Files"🗃️ Your documents & databases 🎞️ Multimedia, photos, videos 📝 Journals & notes 💳 Invoices, receipts, billing statements, transaction records 👣 Server logs, call lists …Start of this thread: <a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank">https://mastodon.de/@tuxwise/113503228291818865</a><a href="https://mastodon.de/tags/ThreadModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreadModeling</a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4D</a>

tuxwise(4/N) Having reflected a bit on your abstract assets, try to brainstorm as many of your related data and device assets as possible. Most of them will fall into one or more of the following categories:🪪 Personally Identifiable Information (<a href="https://mastodon.de/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a>) 📇 Social graphs 🗃️ Data and metadata 🛰️ <a href="https://mastodon.de/tags/Geospatial" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Geospatial</a> data 🛜 Infrastructure 🫥 <a href="https://mastodon.de/tags/Accounts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Accounts</a> and <a href="https://mastodon.de/tags/handles" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#handles</a>For instance, your smartphone photo collection "asset" probably contains geospatial data (<a href="https://mastodon.de/tags/GPS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GPS</a> coordinates in <a href="https://mastodon.de/tags/EXIF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EXIF</a>); data and metadata (phone brand and model, in EXIF); potentially also information about your social graph, in case your family, friends or acquaintances are on your photos.It's probably best to track your data and device assets in a spreadsheet, with the above categories as additional columns, so you can place a checkmark, where appropriate. I'd also suggest to add a column to track where the data is stored / the device is located.Here's a little list of 🪪 Personally Identifiable Information (PII), to get you started (other categories in next posts):🪪 Any kind of identity document 🎂 Dates of significant life events 👆 <a href="https://mastodon.de/tags/Biometric" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Biometric</a> data ⚕️ <a href="https://mastodon.de/tags/Health" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Health</a> data 🧬 <a href="https://mastodon.de/tags/DNA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNA</a> test results 👪 <a href="https://mastodon.de/tags/Genealogy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Genealogy</a> data …Start of this thread: <a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank">https://mastodon.de/@tuxwise/113503228291818865</a><a href="https://mastodon.de/tags/ThreadModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreadModeling</a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4D</a>

tuxwise(3/N) The first (adapted) question of the <a href="https://mastodon.de/tags/ThreadModelingManifesto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreadModelingManifesto</a> is:<ol><li>What are you working on?</li></ol>The answer in a business context is usually a set of "<a href="https://mastodon.de/tags/assets" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#assets</a>" that are worth protecting.Individuals seem to struggle more than businesses with brainstorming specific and relevant "assets", though. The mental link to potential threats seems to be hard to make. That's why I suggest to reflect on a few abstract assets, first – how much do these matter to you, relatively?🛌 <a href="https://mastodon.de/tags/Safety" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Safety</a> and <a href="https://mastodon.de/tags/wellbeing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#wellbeing</a>Your freedom. Having a home. Your physical and mental integrity. Your autonomy. Having a space of your own, with your boundaries being respected. Creative space and time, free from interference. Being able to own things; or in some cultures, to participate in shared stewardship, and benefit from commons. Integrity of objects and data that belong to you, or that you depend on.🗺️ Your <a href="https://mastodon.de/tags/locations" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#locations</a> and <a href="https://mastodon.de/tags/movements" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#movements</a>Where exactly your domicile is. Your travel plans. The freedom to move and to gather, without surveillance or tracking. The right to solitude.👤 Your <a href="https://mastodon.de/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a>, and your <a href="https://mastodon.de/tags/anonymity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#anonymity</a>Being able to stay incognito, or pseudonymous. Deciding who gets to know what about you. The option of repudiating claims about what you allegedly believe, have said, or have done – regardless of the facts.🔗 Your <a href="https://mastodon.de/tags/relationships" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#relationships</a> Knowledge about your family, friends and significant others. Your reputation and public standing. The freedom to associate with others. Knowledge about your memberships, the communities you belong to, and your employment, including the specific hierarchies within those contexts.💭 Your <a href="https://mastodon.de/tags/personality" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#personality</a>Your identity and its facets, including gender. Political affiliations, and religious beliefs. Your hobbies, love interests, feelings, intentions, behaviors, habits, and preferences.🔓 <a href="https://mastodon.de/tags/Access" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Access</a> and <a href="https://mastodon.de/tags/infrastructure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infrastructure</a>Access to information, goods, and services. Availability of a functional infrastructure that enables such access.<a href="https://www.threatmodelingmanifesto.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.threatmodelingmanifesto.org/</a>Start of this thread: <a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank">https://mastodon.de/@tuxwise/113503228291818865</a><a href="https://mastodon.de/tags/ThreadModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreadModeling</a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4D</a>

Recent searches

Search options

Administered by:

Server stats:

#4d