Tag
This paper presents a sociotechnical threat model for AI-driven smart home devices based on interviews with UK-based domestic workers, highlighting privacy risks from surveillance, opaque AI analytics, and cross-household data flows.
The article argues that web-based end-to-end encryption is inherently insecure because the server distributing the client code can push malicious updates, making the threat model incoherent. It criticizes services like WhatsApp and Signal for similar flaws.
Soatok provides an informal introduction to threat modeling, explaining the basic questions a threat model should answer and common pitfalls to avoid, aimed at beginners in cybersecurity.