Goal

Create your personal threat model identifying what you’re protecting and from whom, then set up your secure development environment for the rest of the course.

Prerequisites: Week 1a (Cypherpunk Philosophy)

This is Part 2 of 3 - Covers threat modeling and environment setup.

1. What Is Threat Modeling?

Threat modeling is the process of identifying what you need to protect, who you’re protecting it from, and how you’ll defend it.

The Four Questions:

  1. What do I want to protect? (Assets)
  2. Who do I want to protect it from? (Adversaries)
  3. How bad are the consequences if I fail? (Risk)
  4. What am I willing to do to prevent it? (Mitigations)

Example threat model (journalist):

AssetAdversaryConsequenceMitigation
Source identityGovernment surveillanceSource arrested, killedUse Tor, Signal, SecureDrop
Unpublished documentsCorporate espionageScooped story, source exposedEncrypted storage, airgapped backups
Communications metadataDragnet surveillancePattern analysis reveals sourcesUse metadata-resistant tools (Tor, Signal)

2. Adversary Categories

Understand who you’re defending against:

Tier 1: Opportunistic Attackers

  • Script kiddies, automated bots
  • Mass data harvesting
  • Defense: Basic security hygiene (strong passwords, 2FA, updates)

Tier 2: Motivated Individuals

  • Stalkers, ex-partners, competitors
  • Targeted attacks on you specifically
  • Defense: Strong operational security, compartmentalization

Tier 3: Corporations & Ad Tech

  • Google, Facebook, data brokers
  • Behavioral profiling, targeted ads
  • Defense: Privacy tools (VPNs, Tor, browser isolation, ad blockers)

Tier 4: Law Enforcement (Lawful)

  • Local police, FBI (with warrant)
  • Legal requests for data
  • Defense: Encryption, minimize data collection, offshore services

Tier 5: Intelligence Agencies (Nation-State)

  • NSA, GCHQ, FSB, Mossad
  • Advanced persistent threats (APTs)
  • Defense: Extreme OpSec (Tails, airgaps, assume compromise)

Most people need defenses against Tier 1-3. Tier 4-5 requires extreme measures and lifestyle changes.

3. Build Your Personal Threat Model

Create your threat model document:

mkdir -p ~/cypherpunk-journal
cd ~/cypherpunk-journal
nano threat_model.md

Template to fill out:

# My Personal Threat Model

## Assets (What I'm Protecting)

**Digital:**
- [ ] Email communications
- [ ] Financial data (banking, crypto)
- [ ] Personal documents (ID scans, medical records)
- [ ] Photos and videos
- [ ] Work-related files
- [ ] Social media accounts
- [ ] Browse history and search queries

**Physical:**
- [ ] Laptop and phone
- [ ] Home network
- [ ] Physical documents

## Adversaries (Who I'm Protecting Against)

**Primary threats:**
1. [Example: Data breaches exposing my passwords]
2. [Example: ISP selling my browsing history]
3. [Example: Ex-partner accessing my accounts]

**Tier:** [1-5 from list above]

## Consequences (What Happens If I Fail)

**Worst-case scenarios:**
- Identity theft and financial fraud
- Blackmail or extortion
- Job loss or reputation damage
- Physical harm (stalking, swatting)

**Likelihood:** [Low / Medium / High]

## Mitigations (What I'll Do About It)

**Quick wins (this week):**
- [ ] Enable 2FA on critical accounts
- [ ] Change weak passwords
- [ ] Install privacy browser extensions

**Short-term (this month):**
- [ ] Set up password manager
- [ ] Enable full-disk encryption
- [ ] Review and delete old accounts

**Long-term (this course):**
- [ ] Master GPG for encrypted communication
- [ ] Use Tor for anonymous browsing
- [ ] Implement compartmentalization strategy

## Review Schedule

- [ ] Review threat model monthly
- [ ] Update when life circumstances change
- [ ] Adjust defenses based on evolving threats

Save and close (Ctrl+X, Y, Enter in nano)

4. Environment Setup: Your Cypherpunk Lab

Create Your Workspace

Organized directory structure for the course:

mkdir -p ~/cypherpunk101/{bin,logs,notes,keys,exercises,backups}
cd ~/cypherpunk101

Directory purposes:

  • bin/ - Custom scripts and tools you create
  • logs/ - Encrypted audit logs, hashes, metadata
  • notes/ - Your learning journal (markdown)
  • keys/ - Public keys only (NEVER private keys in git!)
  • exercises/ - Hands-on lab work by week
  • backups/ - Encrypted backups of important data

Initialize Git Repository

Version control for your learning:

cd ~/cypherpunk101
git init
echo "# Cypherpunk School 101 - My Learning Journey" > README.md

Create .gitignore (very important!):

cat > .gitignore << 'EOF'
# Never commit private keys or secrets!
*.key
*.pem
*.p12
*.pfx
*_rsa
*_ed25519
*private*
*.secret

# No encrypted private data
*.gpg
*.enc
*.asc.gpg

# No sensitive logs
auth.log
access.log
EOF

Make first commit:

git add README.md .gitignore
git commit -m "Week 1: Initialize cypherpunk learning repository"

Shell Enhancements

Add helpful aliases to your .bashrc or .zshrc:

cat >> ~/.bashrc << 'EOF'

# Cypherpunk101 Course Aliases
export PATH="$HOME/cypherpunk101/bin:$PATH"

# Quick navigation
alias cp101='cd ~/cypherpunk101'
alias journal='nano ~/cypherpunk-journal/journal.md'

# Encryption shortcuts (will set up in Week 3)
alias encryptfile='gpg -e -r "Your Name"'
alias decryptfile='gpg -d'
alias signfile='gpg --clearsign'

# Security helpers
alias genpass='openssl rand -base64 32'
alias genhex='openssl rand -hex 32'
alias hashfile='sha256sum'
EOF

Reload shell:

source ~/.bashrc

Test:

cp101  # Should navigate to ~/cypherpunk101
genpass  # Should generate random password

5. Core CLI Tool Proficiency

Essential Tools Every Cypherpunk Knows

Documentation & Help:

# Read manual pages
man curl
man gpg
man ssh

# Quick help
gpg --help
openssl --help

# Search for commands
apropos encrypt
apropos security

Text Processing:

# View files
cat file.txt          # Display entire file
less file.txt         # Scroll through file (q to quit)
head file.txt         # First 10 lines
tail file.txt         # Last 10 lines

# Search and filter
grep "password" file.txt        # Find lines with "password"
grep -i "error" log.txt         # Case-insensitive search
grep -r "TODO" ~/cypherpunk101  # Recursive search

# Piping (combining commands)
cat file.txt | grep "error" | wc -l  # Count error lines

File Operations:

# Hashing and checksums
sha256sum file.txt
md5sum file.txt
sha512sum file.txt

# Comparing files
diff file1.txt file2.txt

# Finding files
find . -name "*.txt"
find . -type f -size +1M  # Files larger than 1MB

Network and Security:

# Network information
ip addr               # Show IP addresses
ss -tupln             # Show listening ports

# System information
uname -a              # System info
whoami                # Current user
id                    # User ID and groups

6. First Encrypted Note (GPG Preview)

We’ll dive deep into GPG in Week 3, but let’s get a taste now.

Generate a Quick GPG Key

gpg --quick-gen-key "Cypherpunk Student <[email protected]>" default default 0

What this does:

  • Creates a GPG key pair (public + private)
  • No expiration (we’ll learn key rotation later)
  • Default algorithm (RSA 3072)

Encrypt Your First Message

echo "This is my first encrypted message. Privacy is a human right." > ~/cypherpunk101/exercises/first_message.txt

# Encrypt it
gpg -e -r "Cypherpunk Student" ~/cypherpunk101/exercises/first_message.txt

Result: Creates first_message.txt.gpg (encrypted file)

Decrypt It

gpg -d ~/cypherpunk101/exercises/first_message.txt.gpg

You’ll see your original message!

Practice Exercise

Complete this mini-lab:

# 1. Create test file
echo "Cypherpunks write code" > ~/cypherpunk101/exercises/week1_test.txt

# 2. Hash the file
sha256sum ~/cypherpunk101/exercises/week1_test.txt > ~/cypherpunk101/logs/week1_test.sha256

# 3. Verify the hash
sha256sum -c ~/cypherpunk101/logs/week1_test.sha256

# 4. View system info
uname -a > ~/cypherpunk101/logs/system_info.txt

# 5. Find all .txt files
find ~/cypherpunk101 -name "*.txt"

# 6. Count lines in your threat model
wc -l ~/cypherpunk-journal/threat_model.md

Up Next

Week 1c covers starting your learning journal, cypherpunk culture resources, and setting expectations for the course.

Key Takeaways

  • Threat modeling answers: What, from whom, consequences, mitigations
  • Most people need Tier 1-3 defenses - not nation-state level paranoia
  • Environment structure keeps your learning organized and secure
  • .gitignore is critical - Never commit private keys
  • Shell aliases speed up common cypherpunk operations
  • GPG preview - You encrypted your first file (deep dive in Week 3)