Primer for Privacy Threat Modelling
Solove's privacy taxonomy [17] : Classification of privacy harms
based on privacy harms caused due to
information collection
(surveillance and interrogation), information processing (aggregation, identification,
insecurity, secondary use, and exclusion), invasions (intrusion and decisional
interference),
and information dissemination (breach of confidentiality, disclosure, exposure,
increased
accessibility, blackmail, appropriation, and distortion)
Privacy vulnerabilities: Flaws that can be exploited to cause threat that causes
privacy
harms
Privacy consequences: Harms that come to individuals on exploiting the
vulnerabilities
Privacy threats: Privacy actions and inactions that exploit privacy
vulnerabilities
Privacy attacks: Actions or inactions that cause perceived privacy harm (based on
Solove's
taxonomy [17]), that do not solely involve cybersecurity violations
LINDDUN [18]: High-level privacy threat model that focuses on system flaws rather
than
the
exploitation of those flaws. The privacy threat categories include Linkability,
Identifiability,
Non-repudiation, Detectability, Disclosure of Information, Unawareness, and
Non-compliance.