photog.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for your photos and banter. Photog first is our motto Please refer to the site rules before posting.

Administered by:

Server stats:

263
active users

#4d

0 posts0 participants0 posts today
꧁ᐊ𰻞ᵕ̣̣̣̣̣̣́́♛ᵕ̣̣̣̣̣̣́́𰻞ᐅ꧂<p><a href="https://mastodon.gamedev.place/tags/4d" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4d</span></a> cartesian product of 2 of ðese fancy pentagonal tilings + 🔄2d✝️sections = 🤔🤔🤔</p><p><a href="https://mastodon.gamedev.place/tags/TilingTuesday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TilingTuesday</span></a> <a href="https://mastodon.gamedev.place/tags/geometry" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>geometry</span></a> <a href="https://mastodon.gamedev.place/tags/tiling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tiling</span></a> <a href="https://mastodon.gamedev.place/tags/mathart" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mathart</span></a> <a href="https://mastodon.gamedev.place/tags/mastoart" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mastoart</span></a> <a href="https://mastodon.gamedev.place/tags/abstract" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>abstract</span></a> <a href="https://mastodon.gamedev.place/tags/monochrome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>monochrome</span></a> <a href="https://mastodon.gamedev.place/tags/animation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>animation</span></a> <a href="https://mastodon.gamedev.place/tags/creativecoding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>creativecoding</span></a></p>
Jose Luis Bueno🔻<p>Hoy es <a href="https://mastodon.social/tags/28F" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>28F</span></a>, el día en las andaluzas y los andaluces conmemoramos el referéndum con el que accedimos a la autonomía. Pero para muchas personas, entre las que me incluyo, el verdadero Día Nacional de Andalucía es el 4 de Diciembre. </p><p>En aquella fecha de 1977 dos millones de personas salieron a las calles de las ocho capitales de Andalucía para reclamar nuestros derechos como pueblo. Sin <a href="https://mastodon.social/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4D</span></a> ni hay 28F ni se entiende el actual modelo autonómico español.</p><p>En cualquier caso ¡Viva Andalucía Libre! 😊</p>
꧁ᐊ𰻞ᵕ̣̣̣̣̣̣́́♛ᵕ̣̣̣̣̣̣́́𰻞ᐅ꧂<p><a href="https://mastodon.gamedev.place/tags/wip" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>wip</span></a> main menu / saving / loading / random seeds(&amp; about too many random parameters💀)</p><p><a href="https://mastodon.gamedev.place/tags/screenshotsaturday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>screenshotsaturday</span></a> <a href="https://mastodon.gamedev.place/tags/MessageLost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MessageLost</span></a> <a href="https://mastodon.gamedev.place/tags/indiedev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>indiedev</span></a> <a href="https://mastodon.gamedev.place/tags/4d" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4d</span></a> <a href="https://mastodon.gamedev.place/tags/UI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UI</span></a> <a href="https://mastodon.gamedev.place/tags/survival" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>survival</span></a> <a href="https://mastodon.gamedev.place/tags/roguelike" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>roguelike</span></a></p>
tuxwise<p>(23/N) Our fifth, and last, asset classification option:</p><p><strong>Public</strong></p><p>Assets accessible to, or controlled by, anybody who is aware of them. The existence of such assets is usually easily detectable, or even widely known. Note: "public" refers to potential access or control by the general public, regardless whether there is a legal basis for it.</p><p>Public makes a bad default class. Pick Intimate instead.</p><p><strong>Start classifying assets</strong></p><p>If you haven't done so yet, add a "Classification" column to your asset spreadsheet, and assign each asset to a specific class.</p><p>Pick "Intimate" as the default class. Assume that you will act according to the respective classifications, starting today, instead of pondering whether it's "too late", for certain assets.</p><p>Some classification suggestions that may look appropriate to you (or not):</p><ul><li><p>For Your Eyes Only (FYEO): Diaries and journals? Private notes?</p></li><li><p>Intimate: Family photographs? Bank accounts? ToDo lists?</p></li><li><p>None Of Your Business (NOYB): Your smartphones, tablets, desktops? Medical records? Financial assets? Documents related to legal proceedings?</p></li><li><p>Shared: Some Personally Identifiable Information <a href="https://mastodon.de/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PII</span></a> (birthdays; place of residence; diploma)? Insurance-related data (lists of valuables; car make and model; flat size)? Travel bookings? Streaming package subscriptions?</p></li><li><p>Public: Social media or forum posts? Published articles, zines, or books?</p></li></ul><p>When you're finished, consider splitting the spreadsheet in two, and handling the part containing FYEO assets like a FYEO asset, in itself.</p><p>Start of this thread:<br><a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113503228</span><span class="invisible">291818865</span></a></p><p><a href="https://mastodon.de/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModeling</span></a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4D</span></a></p>
tuxwise<p>(22/N) Our fourth asset classification option:</p><p><strong>Shared</strong></p><p>Assets that are accessible to, or controlled by others for a specific purpose, usually under a specific agreement that may also be implicit. Preferably, these assets are kept publicly undetectable and unknown.</p><p>Typically, access is granted to persons or entities that are only selectively or partially trusted: coworkers, support groups, suppliers, providers, insurances, payment providers, or communities you belong to.</p><p>It is common to minimize sharing of critical assets by having multiple, restricted aliases or proxies stand in for the asset to be protected, e.g., email aliases, or aliased credit cards.</p><p>Start of this thread:<br><a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113503228</span><span class="invisible">291818865</span></a></p><p><a href="https://mastodon.de/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModeling</span></a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4D</span></a></p>
tuxwise<p>(21/N) Our third asset classification option:</p><p><strong>None Of Your Business (NOYB)</strong></p><p>Assets that by default aren’t shared, but can be accessed, controlled, or managed by others, with your permission. You grant such permissions mostly for practical reasons, to agents bound by formal agreements (like service or maintenance staff), and usually not reluctantly, like with assets classified as "Intimate".</p><p>Preferably, NOYB assets are still kept publicly undetectable and unknown. The <a href="https://mastodon.de/tags/ZeroTrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ZeroTrust</span></a> principle can be fully applied here, often using available access control mechanisms, and automation.</p><p>Start of this thread:<br><a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113503228</span><span class="invisible">291818865</span></a></p><p><a href="https://mastodon.de/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModeling</span></a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4D</span></a></p>
Travis F W<p>If <a href="https://fosstodon.org/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4D</span></a> <a href="https://fosstodon.org/tags/geometry" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>geometry</span></a> can rotate around a plane, could it rotate to the other side of the plane? It's hard to imagine one plane orthogonal to another.</p>
tuxwise<p>(20/N) Our second asset classification option:</p><p><strong>Intimate</strong></p><p>Assets that unfortunately can’t stay FYEO, because under certain circumstances, they need to be accessible to, or controlled by, fully trusted persons or entities. Preferably, these assets are kept publicly undetectable and unknown.</p><p>Handling of such assets by others requires a considerable amount of <a href="https://mastodon.de/tags/carefulness" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>carefulness</span></a>, <a href="https://mastodon.de/tags/diligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>diligence</span></a>, and <a href="https://mastodon.de/tags/loyalty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>loyalty</span></a> that exceeds anything that could be pinned down with enough precision in formal documents. Typically, only significant others, some family members, trustees or close friends are entrusted with handling this class of assets.</p><p>For most individuals, this class is most likely the best default. Once you have sorted out which assets are actually not Intimate, but FYEO, consider moving them to a separate spreadsheet that is, in itself, classified as FYEO.</p><p>Start of this thread:<br><a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113503228</span><span class="invisible">291818865</span></a></p><p><a href="https://mastodon.de/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModeling</span></a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4D</span></a></p>
tuxwise<p>(19/N) Let's now turn to the third question of the <a href="https://mastodon.de/tags/ThreatModelingManifesto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModelingManifesto</span></a>: </p><p><strong>3. What are you going to do about it?</strong></p><p>It pays to first establish a few contraints for what you can do, in theory, by <a href="https://mastodon.de/tags/classifying" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>classifying</span></a> your <a href="https://mastodon.de/tags/assets" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>assets</span></a>. Again, for an individual human being, opposed to organizations or companies, it's nearly impossible to impose principles like <a href="https://mastodon.de/tags/ZeroTrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ZeroTrust</span></a> or <a href="https://mastodon.de/tags/NeedToKnow" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NeedToKnow</span></a> on personal relationships, the closer they get.</p><p>So, avoid recycling terms from popular, but less intuitive schemes: Fanciful intelligence labels like “top secret”, “confidential”, or “unclassified” do not tell you what goes into the respective box, and how to handle access to it.</p><p>Add another column to your assets spreadsheet, label it "Classification", and pick a more human-centered approach for its values, like:</p><ul><li>For Your Eyes Only (FYEO)</li><li>Intimate</li><li>None Of Your Business (NOYB)</li><li>Shared</li><li>Public</li></ul><p>Let's briefly go through these suggestions:</p><p><strong>For Your Eyes Only (FYEO)</strong></p><p>Assets that are only accessible to, and controlled by nobody but you, because they need to be resilient, even in the face of the closest of your close people misbehaving. Preferably, these assets are kept publicly undetectable and unknown. When <em>you</em> are gone, these assets will be gone, too. FYEO does not make a good default class, though.</p><p>Start of this thread:<br><a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113503228</span><span class="invisible">291818865</span></a></p><p><a href="https://mastodon.de/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModeling</span></a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4D</span></a></p>
tuxwise<p>(18/N) Revisit your spreadsheet of assets now, specifically the "Consequences" column we had added in (7/N).</p><ul><li>Expanding the simplified approach to threats from "disclosed, destroyed, deanonymized" to the full set of threat types; and</li><li>Taking into account all categories of adversaries:</li></ul><p><strong>How does your assessment of potential consequences change?</strong> Walk through your list of assets, and change the values in the "Consequences" column where needed.</p><p><strong>Categories of adversaries:</strong></p><ul><li>You, and people like you</li><li>Criminals</li><li>Ideologues</li><li>Intruders</li><li>Business(i)es</li><li>“They”</li></ul><p><strong>Threat types:</strong></p><ul><li>Linking</li><li>Identifiying</li><li>Undesirable non-repudiation or repudiation</li><li>Detecting</li><li>Data disclosure</li><li>Manufacturing cooperation</li><li>Non-compliance</li><li>Obstructing</li><li>Interfering</li></ul><p><strong>Consequences</strong></p><p>… when threats by adversaries become reality (feel free to change and rename):</p><ul><li>🤷 So what?</li><li>😟 Oh…</li><li>😳 Ouch.</li><li>😭 Hurts badly.</li><li>😱 Life-changing disaster.</li></ul><p>Consequences (7/N):<br><a href="https://mastodon.de/@tuxwise/113548439494399874" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113548439</span><span class="invisible">494399874</span></a></p><p>Categories of adversaries (8/N):<br><a href="https://mastodon.de/@tuxwise/113560309025649046" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113560309</span><span class="invisible">025649046</span></a></p><p>Types of threats (14/N):<br><a href="https://mastodon.de/@tuxwise/113622961370958693" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113622961</span><span class="invisible">370958693</span></a></p><p>Start of this thread:<br><a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113503228</span><span class="invisible">291818865</span></a></p><p><a href="https://mastodon.de/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModeling</span></a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4D</span></a></p>
tuxwise<p>(17/N) Finally, two threat types that refer to security more than privacy:</p><p><strong><a href="https://mastodon.de/tags/Obstructing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Obstructing</span></a></strong></p><p>An adversary destroys, withdraws, steals or misappropriates information, access, or resources. The obstruction can be temporary or permanent, partial or total. Obstructing can also occur unintentionally, with the “adversary” being deterioration, malfunction, or disaster.</p><p><strong><a href="https://mastodon.de/tags/Interfering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Interfering</span></a></strong></p><p>An adversary deliberately corrupts the integrity or authenticity of information, resources, processes, or interactions. The respective information, resources, processes, or interactions aren’t necessarily controlled or owned by the persons that are affected, and may also be fabricated. Interfering can also occur unintentionally, with the “adversary” being deterioration, malfunction, or disaster.</p><p>Start of this thread:<br><a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113503228</span><span class="invisible">291818865</span></a></p><p><a href="https://mastodon.de/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModeling</span></a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4D</span></a></p>
tuxwise<p>(16/N) Three more threat types defined:</p><p><strong>Data <a href="https://mastodon.de/tags/disclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>disclosure</span></a></strong></p><p>An adversary makes somebody’s confidential data available to unauthorized parties.</p><p><strong>Manufacturing cooperation</strong></p><p>An adversary hides from somebody the potentially harmful consequences of their own decisions and actions, or denies them the option of avoiding such consequences, even when they are aware of them.</p><p><strong><a href="https://mastodon.de/tags/NonCompliance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NonCompliance</span></a></strong></p><p>Contrary to what somebody expects and trusts in, an adversary does not follow laws, documented policies or contractual obligations; or does not abide by what is perceived as conventions, or unwritten rules, in the respective context.</p><p>(to be continued)</p><p>Start of this thread:<br><a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113503228</span><span class="invisible">291818865</span></a></p><p><a href="https://mastodon.de/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModeling</span></a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4D</span></a></p>
tuxwise<p>(15/N) Two more threat types defined:</p><p><strong>Undesirable non-repudiation or repudiation</strong></p><p><a href="https://mastodon.de/tags/Repudiation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Repudiation</span></a> (plausible denial) of what somebody has said / done / known / possessed becomes impossible because an adversary has managed to collect enough evidence to establish undesirable non-repudiation. In other words: the adversary can prove beyond reasonable doubt that "it" happened.</p><p>Alternatively, <a href="https://mastodon.de/tags/NonRepudiation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NonRepudiation</span></a> (proof beyond reasonable doubt) cannot be established because an adversary has managed to suppress or destroy enough evidence to gain the option of repudiation (plausible denial). In other words: the adversary can plausibly deny "it" happened.</p><p><strong>Detecting</strong></p><p>An adversary can check for the presence or absence of specific data items, which are tell-tale indicators for something else.</p><p>(to be continued)</p><p>Start of this thread:<br><a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113503228</span><span class="invisible">291818865</span></a></p><p><a href="https://mastodon.de/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModeling</span></a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4D</span></a></p>
tuxwise<p>(14/N) Having familiarized ourselves with categories of adversaries, their main goals and their respective, overall "modus operandi", let's look at the types of threats posed by them.</p><p>Again, it pays to focus on <em>types</em> of threats: We don't want to become mainly alert-triggered, but proactive. There are several frameworks we can borrow ideas from, most notably the LINDDUN framework that is geared toward threats to privacy, and can be extended a bit to cover more ground.</p><p>First, our list of threat types:</p><ul><li><a href="https://mastodon.de/tags/Linking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linking</span></a> (spotting connections and relationships)</li><li><a href="https://mastodon.de/tags/Identifying" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Identifying</span></a> (mapping to identities)</li><li>Undesirable <a href="https://mastodon.de/tags/NonRepudiation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NonRepudiation</span></a> or <a href="https://mastodon.de/tags/repudiation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>repudiation</span></a></li><li><a href="https://mastodon.de/tags/Detecting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Detecting</span></a> (absence or presence of indicators)</li><li>Data <a href="https://mastodon.de/tags/disclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>disclosure</span></a> (to the unauthorized)</li><li>Manufacturing cooperation (disguised or imposed bad consequences)</li><li><a href="https://mastodon.de/tags/Obstructing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Obstructing</span></a> (access, information, resources)</li><li><a href="https://mastodon.de/tags/NonCompliance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NonCompliance</span></a></li><li><a href="https://mastodon.de/tags/Interfering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Interfering</span></a> (with information, resources, processes, interactions)</li></ul><p>Our definitions of these, for our context:</p><p><strong>Linking</strong></p><p>An adversary can figure out connections and relationships between formerly isolated items of interest.</p><p><strong>Identifiying</strong></p><p>An adversary can link items of interest directly to a natural person.</p><p>(to be continued)</p><p>Start of this thread:<br><a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113503228</span><span class="invisible">291818865</span></a></p><p>LINDDUN:<br><a href="https://linddun.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">linddun.org/</span><span class="invisible"></span></a></p><p><a href="https://mastodon.de/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModeling</span></a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4D</span></a></p>
tuxwise<p>(13/N) The sixth, and last, category of adversaries:</p><p><strong>“They”</strong></p><p>“They” want to define boundaries and acceptable behavior for the masses, as well as monitor compliance on a large scale, and enforce it on an individual level.</p><p>As a consequence, permanent mass <a href="https://mastodon.de/tags/surveillance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>surveillance</span></a> of all types of assets is a means of monitoring the compliance of the majority, and of detecting deviant behavior. Legalizing more and more monitoring options becomes a goal, including international partnerships on information exchange. Depriving you of your assets, temporarily or permanently, is a means of enforcing your compliance or obedience. The mere threat of this can be sufficient to create a <a href="https://mastodon.de/tags/ChillingEffect" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ChillingEffect</span></a>.</p><p>State-sponsored actors (such as hacker groups) and nation-state threat actors (in the form of intelligence services, law enforcement, censorship offices, and other <a href="https://mastodon.de/tags/government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>government</span></a> agencies) fall into this category. It also includes <a href="https://mastodon.de/tags/companies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>companies</span></a> that have either a monopoly, or a significant share of an oligopolistic market, or portfolio of services specifically targeted at the public sector.</p><p>While the entities in this category may seem wildly heterogeneous at first, remember that there are <a href="https://mastodon.de/tags/RevolvingDoors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RevolvingDoors</span></a> between them, for swapping their respective “ex” members. Beyond lobbying, there is also a complex, ongoing collaboration between many of them, which has been described as “grey intelligence”, “grey policing”, “public-private partnership”, etc.</p><p>Start of this thread:<br><a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113503228</span><span class="invisible">291818865</span></a></p><p><a href="https://mastodon.de/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModeling</span></a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4D</span></a></p>
tuxwise<p>(12/N) A fifth category of adversaries:</p><p><strong>🦕 Business(i)es</strong></p><p><a href="https://mastodon.de/tags/Business" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Business</span></a>​(i)es want to extract <a href="https://mastodon.de/tags/profit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>profit</span></a> from you. Preferably, but not necessarily in legal, sustainable, and the cheapest possible ways.</p><p>Your assets are seen as levers to generate more profit, because they betray what is meaningful to you, and worth investing into, in your eyes.</p><p>Businessies disguise their factual indifference towards your specific assets by enthusiastically pretending to "care" as much for them as you do, to achieve the "Nessie effect": on the surface, always appear likeable, despite your size, and in spite of what you are actually pursuing under the surface.</p><p>This category is the widest of all. Nearly all businessies participate in <a href="https://mastodon.de/tags/SurveillanceCapitalism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SurveillanceCapitalism</span></a>, either by directly aggregating every tidbit of your data in a <a href="https://mastodon.de/tags/profile" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>profile</span></a>, in return for a service that is allegedly "free" – and later selling targeted access to you; or by paying <a href="https://mastodon.de/tags/DataBrokers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DataBrokers</span></a> for access to potential customers that fit very specific criteria.</p><p>(to be continued)</p><p>Start of this thread:<br><a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113503228</span><span class="invisible">291818865</span></a></p><p><a href="https://mastodon.de/tags/ThreadModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreadModeling</span></a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4D</span></a></p>
tuxwise<p>(11/N) A fourth category of adversaries:</p><p><strong>🫳 Intruders</strong></p><p><a href="https://mastodon.de/tags/Intruders" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Intruders</span></a> want to ignore your <a href="https://mastodon.de/tags/boundaries" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>boundaries</span></a> at will, and their related actions to be unrestricted and without repercussions, for as long as possible. Additionally, satisfaction might be derived from any ineffective responses to their actions.</p><p>Controlling your assets at will, and having unrestricted access to them is their goal. Some are fantasizing about a relationship with you that would somehow entitle them to it. Sometimes, their actions include damaging, or destruction of, your assets, to inflict suffering upon you, or for revenge, or to gain notoriety.</p><p>This is a wide category that includes attention-getters; <a href="https://mastodon.de/tags/narcissists" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>narcissists</span></a> and <a href="https://mastodon.de/tags/stalkers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>stalkers</span></a>; abusive, vengeful and jealous people; starstruck individuals seeking <a href="https://mastodon.de/tags/parasocial" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>parasocial</span></a> interaction; thrill seekers; script kiddies; "OSINT" wannabees; swatters; vandals; and sometimes even potential employers.</p><p>(to be continued)</p><p>Start of this thread:<br><a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113503228</span><span class="invisible">291818865</span></a></p><p><a href="https://mastodon.de/tags/ThreadModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreadModeling</span></a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4D</span></a></p>
tuxwise<p>(10/N) A third category of adversaries:</p><p><strong>☝️ Ideologues</strong></p><p><a href="https://mastodon.de/tags/Ideologues" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ideologues</span></a> want to push you to do the right thing, or to punish you for doing the wrong thing. They may also want to eliminate you, physically or metaphorically, when they can't achieve their goal: Maybe you just won't learn, or are incorrigible, as such.</p><p>The assets that you are "entitled" to are considered a reward, for conforming to the respective ideology. The portion of your assets that you aren't "entitled" to is usually the target of relentless denial, even destruction.</p><p>Entitlement is always conditional, and temporary: In case you seem to be going astray, and appeals to your conscience do not seem to have enough effect, your assets may be withdrawn or destroyed.</p><p>Hacktivists, campaigners, protagonists or minions of gender-based violence, lobbyists, racists, and terrorists fall into this category.</p><p>Note: I am not judging how "just" the respective "causes" are, I'm talking about behaviors.</p><p>(to be continued)</p><p>Start of this thread:<br><a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113503228</span><span class="invisible">291818865</span></a></p><p><a href="https://mastodon.de/tags/ThreadModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreadModeling</span></a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4D</span></a></p>
tuxwise<p>(9/N) A second category of adversaries:</p><p><strong>💰 Criminals</strong></p><p>Criminals want valuable resources that you happen to possess, at the moment.</p><p>From that point of view, seemingly valuable assets are to be pried from your hands, while your “junk” assets may be ignored, at best. At worst, they’ll be carelessly destroyed in the process, or the threat of their destruction will be weaponized against you.</p><p>Typical activities of criminals are scams, ransomware attacks, or identity theft. There's a dedicated "eCrime ecosystem" with crime infrastructure providers; marketplaces for stolen, private information; illegal access brokers selling credentials; and even “big game hunters” executing targeted attacks on large corporations, as a paid service.</p><p>BTW, calling these adversaries "cybercriminals" instead is just a dumb court curtsy.</p><p>(to be continued)</p><p>Start of this thread:<br><a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113503228</span><span class="invisible">291818865</span></a></p><p><a href="https://mastodon.de/tags/ThreadModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreadModeling</span></a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4D</span></a></p>
tuxwise<p>(8/N) For now, leave your spreadsheet of assets alone and turn to the second question of the <a href="https://mastodon.de/tags/ThreatModelingManifesto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModelingManifesto</span></a>:</p><p><strong>2. What can go wrong?</strong></p><p>The answer usually includes a list of adversaries, so you can later consider which ones you stand a chance fighting, if you think it's worth it.</p><p>Again, this may be helpful for corporations, but not that much for individuals, since damage done to individuals can be much deeper, and last for much longer, even for life.</p><p>So, lets rather consider abstract categories of adversaries from a perspective of what their primary goals are, and what they usually do to achieve them. We don't bother with specific bad actors here, nor are we considering how to "help them" via psychotherapy, legislation, imprisonment or campaigning, at this point in time.</p><p>First, the list:</p><ul><li>🤷 You, and people like you</li><li>💰 <a href="https://mastodon.de/tags/Criminals" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Criminals</span></a></li><li>☝️ <a href="https://mastodon.de/tags/Ideologues" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ideologues</span></a></li><li>🫳 <a href="https://mastodon.de/tags/Intruders" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Intruders</span></a></li><li>🦕 <a href="https://mastodon.de/tags/Business" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Business</span></a>(i)es</li><li>🏢 “<a href="https://mastodon.de/tags/They" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>They</span></a>”</li></ul><p>A few thoughts, on each category:</p><p><strong>🤷 You, and people like you</strong></p><p>You and others prefer to keep asset protection efforts to a minimum. You tend to take the integrity of your assets for granted, hoping that others will respect your boundaries, either out of respect for you or because of legal regulations and repercussions. Your attitude towards handling the assets of others is equally shortsighted and careless.</p><p>As a result, your digital assets stay exposed, and you're putting others at risk, too.</p><p>(to be continued)</p><p>Start of this thread:<br><a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113503228</span><span class="invisible">291818865</span></a></p><p><a href="https://mastodon.de/tags/ThreadModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreadModeling</span></a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4D</span></a></p>