Originally posted on The Verge by Rob Pegoraro

There are two key concepts in information security: threat model and attack surface.

“Threat model” is another way of asking, “Who’s out to get you?” If your threat model includes the curiosity of nation-state intelligence services, you have many more things to worry about than J. Random User. It’s more likely that voicing a contrary opinion on social media might make you yet another unwitting main character of Twitter, or that a stray mention by someone else could bring you to the attention of the internet’s malcontents.

“Attack surface,” meanwhile, describes a target’s vulnerable access points that an attacker will seek to exploit. When it comes to the internet, it’s nearly impossible to collapse your attack surface to zero — you’ll never achieve that without going into witness protection. Our goal in this article is to help you condense your attack surface as much as possible.

Admittedly, trying to scrub your offline coordinates from the online world can feel like counting cicadas during the every-17-years emergence of those sex-starved insects: you can start, but you will never finish.

But that doesn’t mean that giving up is the right answer. With some effort, you can make data points like your street address, phone number, and birthday less visible online — and therefore less easily available for harassment or identity theft…

Read at The Verge

Download PDF here