I just discovered Tinfoil.press, very happy about it. A Tinfoil.press member I was writing with recommended to adress my question to the community.
I am researching users threat models for a documentary film dedicated to surveillance. The idea is to identify the threat model (asset to protect, attacker, attacker's capabilities, threat, risk of an attack) of different categories of people to help create a better understanding of surveillance and counter-surveillance tactics.
A US citizen might want to protect some assets (i.e. sensitive information) from trackers to avoid a credit rating/ banking credentials from a black-hat hacker.
A journalist in Germany working on an insider trading scandal will need to protect his source from his employer in order to get his story out without a trial.
A Kurdish activist living in Ankara needs to communicate with his fellows to publish a forbidden fanzine. His group is scrutinized by Turkish authorities. (...)
Others categories could be: human rights researcher, teenager being bullied, LGBT...
I also try to identify the threat model of people who would be less at risk and to whom "normal/random" people could easily relate to: a lawyer, an entrepreneur with an innovative technology, a doctor, a professor......
What are your thoughts on this approach? Do you find it relevant/reducing to apply a threat model to social categories, considering their environment/regime they live in?
I am looking for material/reads related to the issue.
Thank you in advance,