From c00717504e98df711079efd8921baa2cb5337a2a Mon Sep 17 00:00:00 2001 From: Tommy Date: Mon, 18 Jul 2022 08:45:39 -0400 Subject: [PATCH] Typo fix Signed-off-by: Tommy --- content/knowledge/Threat Modeling.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/knowledge/Threat Modeling.md b/content/knowledge/Threat Modeling.md index 67eae0a..39d003d 100644 --- a/content/knowledge/Threat Modeling.md +++ b/content/knowledge/Threat Modeling.md @@ -85,7 +85,7 @@ As a beginner, you may often fall into some bad practices while making a threat - Heavy reliance on badness enumeration for privacy instead of systematically solving the problem - Blindly trusting open-source software -As discussed, focusing solely on advertising networks and relying solely on privacy policies does not make up a sensible threat model. When switching away from a service provider, try to determine what the root problem is and see if your new provider has any technical solution to the problem. For example, you may not like Google Drive as it means giving Google access to all of your data. The underlying problem here is the lack of end to end encryption, which you can solve by using an encryption tool like Cryptomator or by switching to a provider who provides it out of the box like ProtonDrive. Blindly switching from Google Drive to a provider who does not provide end to end encryption like the Murena Cloud does not make sense. +As discussed, focusing solely on advertising networks and relying solely on privacy policies does not make up a sensible threat model. When switching away from a service provider, try to determine what the root problem is and see if your new provider has any technical solution to the problem. For example, you may not like Google Drive as it means giving Google access to all of your data. The underlying problem here is the lack of end to end encryption, which you can solve by using an encryption tool like Cryptomator or by switching to a provider who provides it out of the box like Proton Drive. Blindly switching from Google Drive to a provider who does not provide end to end encryption like the Murena Cloud does not make sense. Badness enumeration cannot provide any privacy guarantee and should not be relied upon against real threat actors. While things like ad blockers may help block the low hanging fruits that is common tracking domains, they are trivially bypassed by just using a new domain that is not on common blacklists, or proxying third-party tracking code on the first part domain. Likewise, antivirus software may help you quickly detect common malware with known signatures, but they can never fully protect you from said threat.