Might sound a bit of a silly question. I see people talking about threat models, and privacy guides which say things like “if this is part of your threat model, do X Y Z”. I’m just not sure if it’s a general “this is what I want to protect myself against” or if there’s more to it.
The basic way to do this is you respond to these three questions: What am I trying to protect? From whom? What are they able to do to get there?