From Privacy Policies to Privacy Threats: A Case Study in Policy-Based Threat Modeling

Privacy threat modeling is a systematic approach to assess potential privacy risks which are a consequence of a given system design. Eliciting privacy threats requires a detailed understanding of system components and the ways in which these components interact. This makes it hard to impossible for any user, e.g., parties who interact with the system but do not possess knowledge about the inner workings of that system, to meaningfully engage in threat modeling and risk assessment. We explore an approach to address this problem by relying on information from a system's publicly available privacy policies to derive system models and apply threat modeling analyses. We chose the WhatsApp instant messaging system as a case study for privacy threat modeling from the perspective of a "regular" user. We apply the LINDDUN GO methodology and evaluate how threats evolved with time in two significant territorial areas, the European Union and India. Our study illustrates the impact of regulations and court cases and our approach may aid practitioners without inside knowledge to make informed choices regarding privacy risks when adopting third-party services.