Digital threat modelling for partner abuse

How this threat model works

Let’s say you’re being followed, but not in the dark alley sort of way. More like your phone always knows where you are, your messages seem strangely public, and your ex-partner is suspiciously well-informed about things you never told them.

Welcome to the digital side of abuse, where everyday technology becomes a toolkit for control.

Threat modelling, in this context, is a way of asking: what could go wrong, who might cause it, how would they do it, and what are the consequences? It is like doing a home safety check, but for your digital life.

Ground truth

This is not a normal threat model.

In most security thinking, the attacker is a stranger: an unknown entity probing from the outside. Here, the picture is different.

The attacker knows you. They may have had entirely legitimate access to your devices and accounts. They understand your habits, your contacts, your routines, and your emotional triggers. And they may appear credible and sympathetic to others, which is part of how the harm works.

This means the usual advice does not apply in the usual way. Changing your password is a start. But if they know your mother’s maiden name, your childhood pet, and your recovery email address, a password change buys you hours at most.

You are not defending a system from the outside. You are untangling one from within.

Why survivors need a different kind of model

Most tech security models are built for businesses: firewalls, hackers, boardroom panic. This is not that.

Here, the threat is not some figure in a hoodie. It is someone you might share a bed, a child, or a Netflix account with. They may not be doing anything that looks like “hacking.” But they often have access (to your devices, accounts, or passwords), knowledge (of your habits, routines, and emotional triggers), and motivation (to monitor, control, or harm you). That combination changes the rules entirely.

Why this model helps

Because recognising the pattern is the first step in breaking it.

This is not about assigning blame to anyone for being targeted. Most technology is designed to be open and convenient, and that design often works in an abuser’s favour. But once you can name the problem, you can start building strategies around it.

It also helps support workers, legal professionals, and anyone else involved to understand that:

  • This is not “just a tech issue”

  • It is not paranoia

  • And no, “just block them” is not a solution

We use this model to understand, not to diagnose. Everyone’s situation is different. But thinking through what is at risk, who might exploit it, and how they might do it is a solid step toward reclaiming control.

How the model works

The pages that follow move through the threat landscape in a practical order:

  • The threat landscape covers what has changed in the last few years and why it is important now.

  • Assets covers what actually needs protecting, starting with your identity, not your devices.

  • Adversaries covers who causes harm and what capabilities they realistically have.

  • Threats covers what they are trying to achieve: surveillance, control, isolation, and more.

  • Vectors covers the surfaces through which access is gained, from identity to environment.

  • Attacks covers how abuse actually unfolds in practice, the patterns that repeat.

  • Impacts covers what harm looks like, not just in the short term but over time.