Currently the threat model is relying on threats described in RFC 6973 and elaborating on the threats that apply directly to the Web. We should consider additional academic literature on privacy to make sure we're starting with a broad enough conception (in particular, not just individual control over information about oneself) and not missing relevant threats that we'd like to address (or even to note what we're not able to address).
Currently the threat model is relying on threats described in RFC 6973 and elaborating on the threats that apply directly to the Web. We should consider additional academic literature on privacy to make sure we're starting with a broad enough conception (in particular, not just individual control over information about oneself) and not missing relevant threats that we'd like to address (or even to note what we're not able to address).