Listing common threat examples (#1276)

jonaharagon · TommyTran732 · mfwmyfacewhen · web-flow · commit ca9e725d0a44 · 2022-05-21T16:55:14.000-05:00
Co-authored-by: Tommy &lt;contact@tommytran.io&gt;
Co-authored-by: mfwmyfacewhen &lt;94880365+mfwmyfacewhen@users.noreply.github.com&gt;
Co-authored-by: lexi &lt;lexi@omg.lol&gt;
diff --git a/.markdownlint.yml b/.markdownlint.yml
@@ -1,5 +1,7 @@
 default: true
 line-length: false
+ul-indent:
+  indent: 4
 no-inline-html: false
 code-block-style: false
 no-hard-tabs:
diff --git a/docs/basics/common-threats.en.md b/docs/basics/common-threats.en.md
diff --git a/docs/basics/threat-modeling.en.md b/docs/basics/threat-modeling.en.md
@@ -5,20 +5,14 @@ icon: 'material/target-account'
 
 Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, et cetera. Often people find that the problem with the tools they see recommended is they're just too hard to start using!
 
-If you wanted to use the **most** secure tools available, you'd have to sacrifice *a lot* of usability. And even then, <mark>nothing is ever fully secure.</mark> There's **high** security, but never **full** security. That's why threat models are important.
+If you wanted to use the **most** secure tools available, you'd have to sacrifice *a lot* of usability. And even then, ==nothing is ever fully secure.== There's **high** security, but never **full** security. That's why threat models are important.
 
 **So, what are these threat models anyways?**
 
-<mark>A threat model is a list of the most probable threats to your security/privacy endeavors.</mark> Since it's impossible to protect yourself against **every** attack(er), you should focus on the **most probable** threats. In computer security, a threat is a potential event that could undermine your efforts to stay private and secure.
+==A threat model is a list of the most probable threats to your security/privacy endeavors.== Since it's impossible to protect yourself against **every** attack(er), you should focus on the **most probable** threats. In computer security, a threat is a potential event that could undermine your efforts to stay private and secure.
 
 By focusing on the threats that matter to you, this narrows down your thinking about the protection you need, so you can choose the tools that are right for the job.
 
-## Examples of threat models
-
-* An investigative journalist's threat model might be <span class="text-muted">(protecting themselves against)</span> a foreign government.
-* A company's manager's threat model might be <span class="text-muted">(protecting themselves against)</span> a hacker hired by competition to do corporate espionage.
-* The average citizen's threat model might be <span class="text-muted">(hiding their data from)</span> large tech corporations.
-
 ## Creating your threat model
 
 To identify what could happen to the things you value and determine from whom you need to protect them, you want to answer these five questions:
@@ -29,53 +23,23 @@ To identify what could happen to the things you value and determine from whom yo
 4. How bad are the consequences if I fail?
 5. How much trouble am I willing to go through to try to prevent potential consequences?
 
-### Example: Protecting your belongings
-
-* To demonstrate how these questions work, let's build a plan to keep your house and possessions safe.
-
-#### What do you want to protect? (Or, *what do you have that is worth protecting?*)
-
-* Your assets might include jewelry, electronics, important documents, or photos.
-
-#### Who do you want to protect it from?
-
-* Your adversaries might include burglars, roommates, or guests.
-
-#### How likely is it that you will need to protect it?
-
-* Does your neighborhood have a history of burglaries? How trustworthy are your roommates/guests? What are the capabilities of your adversaries? What are the risks you should consider?
-
-#### How bad are the consequences if you fail?
-
-* Do you have anything in your house that you cannot replace? Do you have the time or money to replace these things? Do you have insurance that covers goods stolen from your home?
-
-#### How much trouble are you willing to go through to prevent these consequences?
-
-* Are you willing to buy a safe for sensitive documents? Can you afford to buy a high-quality lock? Do you have time to open a security box at your local bank and keep your valuables there?
-
-Only once you have asked yourself these questions will you be in a position to assess what measures to take. If your possessions are valuable, but the probability of a break-in is low, then you may not want to invest too much money in a lock. But, if the probability of a break-in is high, you'll want to get the best lock on the market, and consider adding a security system.
-
-Making a security plan will help you to understand the threats that are unique to you and to evaluate your assets, your adversaries, and your adversaries' capabilities, along with the likelihood of risks you face.
-
-Now, let's take a closer look at the questions in our list:
-
 ### What do I want to protect?
 
-An “asset” is something you value and want to protect. In the context of digital security, <mark>an asset is usually some kind of information.</mark> For example, your emails, contact lists, instant messages, location, and files are all possible assets. Your devices themselves may also be assets.
+An “asset” is something you value and want to protect. In the context of digital security, ==an asset is usually some kind of information.== For example, your emails, contact lists, instant messages, location, and files are all possible assets. Your devices themselves may also be assets.
 
 *Make a list of your assets: data that you keep, where it's kept, who has access to it, and what stops others from accessing it.*
 
 ### Who do I want to protect it from?
 
-To answer this question, it's important to identify who might want to target you or your information. <mark>A person or entity that poses a threat to your assets is an “adversary.”</mark> Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
+To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary.”== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
 
 *Make a list of your adversaries, or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.*
 
 Depending on who your adversaries are, under some circumstances this list might be something you want to destroy after you're done security planning.
 
 ### How likely is it that I will need to protect it?
 
-<mark>Risk is the likelihood that a particular threat against a particular asset will actually occur.</mark> It goes hand-in-hand with capability. While your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low.
+==Risk is the likelihood that a particular threat against a particular asset will actually occur.== It goes hand-in-hand with capability. While your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low.
 
 It is important to distinguish between what might happen and the probability it may happen. For instance, there is a threat that your building might collapse, but the risk of this happening is far greater in San Francisco (where earthquakes are common) than in Stockholm (where they are not).
 
@@ -87,31 +51,54 @@ Assessing risks is both a personal and a subjective process. Many people find ce
 
 There are many ways that an adversary could gain access to your data. For example, an adversary can read your private communications as they pass through the network, or they can delete or corrupt your data.
 
-<mark>The motives of adversaries differ widely, as do their tactics.</mark> A government trying to prevent the spread of a video showing police violence may be content to simply delete or reduce the availability of that video. In contrast, a political opponent may wish to gain access to secret content and publish that content without you knowing.
+==The motives of adversaries differ widely, as do their tactics.== A government trying to prevent the spread of a video showing police violence may be content to simply delete or reduce the availability of that video. In contrast, a political opponent may wish to gain access to secret content and publish that content without you knowing.
 
 Security planning involves understanding how bad the consequences could be if an adversary successfully gains access to one of your assets. To determine this, you should consider the capability of your adversary. For example, your mobile phone provider has access to all your phone records. A hacker on an open Wi-Fi network can access your unencrypted communications. Your government might have stronger capabilities.
 
 *Write down what your adversary might want to do with your private data.*
 
 ### How much trouble am I willing to go through to try to prevent potential consequences?
 
-<mark>There is no perfect option for security.</mark> Not everyone has the same priorities, concerns, or access to resources. Your risk assessment will allow you to plan the right strategy for you, balancing convenience, cost, and privacy.
+==There is no perfect option for security.== Not everyone has the same priorities, concerns, or access to resources. Your risk assessment will allow you to plan the right strategy for you, balancing convenience, cost, and privacy.
 
 For example, an attorney representing a client in a national security case may be willing to go to greater lengths to protect communications about that case, such as using encrypted email, than a mother who regularly emails her daughter funny cat videos.
 
 *Write down what options you have available to you to help mitigate your unique threats. Note if you have any financial constraints, technical constraints, or social constraints.*
 
-<div class="row">
-  <div class="col-12 col-lg-6">
-    <h2>Further reading</h2>
-    <ul>
-      <li><a href="https://en.wikipedia.org/wiki/Threat_model">Wikipedia: Threat model</a></li>
-    </ul>
-  </div>
-  <div class="col-12 col-lg-6">
-    <h2>Sources</h2>
-    <ul>
-      <li><a href="https://ssd.eff.org/en/module/your-security-plan">EFF Surveillance Self Defense: Your Security Plan</a></li>
-    </ul>
-  </div>
-</div>
+### Try it yourself: Protecting your belongings
+
+These questions can apply to a wide variety of situations, online and offline. As a generic demonstration of how these questions work, let's build a plan to keep your house and possessions safe.
+
+**What do you want to protect? (Or, *what do you have that is worth protecting?*)**
+
+:   Your assets might include jewelry, electronics, important documents, or photos.
+
+**Who do you want to protect it from?**
+
+:   Your adversaries might include burglars, roommates, or guests.
+
+**How likely is it that you will need to protect it?**
+
+:   Does your neighborhood have a history of burglaries? How trustworthy are your roommates/guests? What are the capabilities of your adversaries? What are the risks you should consider?
+
+**How bad are the consequences if you fail?**
+
+:   Do you have anything in your house that you cannot replace? Do you have the time or money to replace these things? Do you have insurance that covers goods stolen from your home?
+
+**How much trouble are you willing to go through to prevent these consequences?**
+
+:   Are you willing to buy a safe for sensitive documents? Can you afford to buy a high-quality lock? Do you have time to open a security box at your local bank and keep your valuables there?
+
+Only once you have asked yourself these questions will you be in a position to assess what measures to take. If your possessions are valuable, but the probability of a break-in is low, then you may not want to invest too much money in a lock. But, if the probability of a break-in is high, you'll want to get the best lock on the market, and consider adding a security system.
+
+Making a security plan will help you to understand the threats that are unique to you and to evaluate your assets, your adversaries, and your adversaries' capabilities, along with the likelihood of risks you face.
+
+## Further reading
+
+For people looking to increase their privacy and security online, we've compiled a list of common threats our visitors face or goals our visitors have, to give you some inspiration and demonstrate the basis of our recommendations. 
+
+- [Common Goals and Threats :material-arrow-right:](common-threats.md)
+
+## Sources
+
+- [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan)
diff --git a/docs/index.en.md b/docs/index.en.md
@@ -15,6 +15,8 @@ hide:
 Much like the right to interracial marriage, woman's suffrage, freedom of speech, and many others, we didn't always have the right to privacy. In several dictatorships, many still don't. Generations before ours fought for our right to privacy. ==Privacy is a human right inherent to all of us== that we are entitled to without discrimination.
 
 You shouldn't confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. **Everyone** has something to hide, privacy is something that makes you human.
+
+[:material-target-account: Common Internet Threats](basics/common-threats.md){ .md-button .md-button--primary }
 </div>
 
 <div style="margin-left:auto;margin-right:0;text-align:right;max-width:38rem;" markdown>
diff --git a/docs/stylesheets/extra.css b/docs/stylesheets/extra.css
@@ -170,4 +170,30 @@ h1, h2, h3, .md-header__topic {
     left: 0;
     width: 100%;
     height: 100%;
-}
+}
+
+/* Badge colors */
+.pg-purple {
+    color: #7e56c2;
+}
+.pg-red {
+    color: #ef5552;
+}
+.pg-orange {
+    color: #ff6e42;
+}
+.pg-teal {
+    color: #009485;
+}
+.pg-brown {
+    color: #8d6e62;
+}
+.pg-blue {
+    color: #2094f3;
+}
+.pg-green {
+    color: #4cae4f;
+}
+.pg-blue-gray {
+    color: #546d78;
+}
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -141,9 +141,10 @@ nav:
   - 'Knowledge Base':
     - 'The Basics':
       - 'basics/threat-modeling.md'
-      - 'basics/dns.md'
-      - 'basics/multi-factor-authentication.md'
+      - 'basics/common-threats.md'
       - 'basics/account-deletion.md'
+      - 'basics/multi-factor-authentication.md'
+      - 'basics/dns.md'
     - 'Android':
       - 'android/overview.md'
       - 'android/grapheneos-vs-calyxos.md'
diff --git a/theme/overrides/home.en.html b/theme/overrides/home.en.html
@@ -16,11 +16,11 @@
         <div class="mdx-hero__content">
           <h1>The guide to restoring your online privacy.</h1>
           <p>Massive organizations are monitoring your online activities. Privacy Guides is your central privacy and security resource to protect yourself online.</p>
-          <a href="tools/" title="Recommended privacy tools, services, and knowledge" class="md-button md-button--primary">
-            Recommended Tools
+          <a href="basics/threat-modeling/" title="The first step of your privacy journey" class="md-button md-button--primary">
+            Start Your Privacy Journey
           </a>
-          <a href="https://blog.privacyguides.org/" title="Blog posts from Privacy Guides contributors" class="md-button">
-            Read our blog
+          <a href="tools/" title="Recommended privacy tools, services, and knowledge" class="md-button">
+            Recommended Tools
           </a>
         </div>
       </div>
