Skip to content

Forum

AI Assistant
Notifications
Clear all

Comparison: STRIDE vs. LINDDUN for privacy-focused personal assistant agents.

1 Posts
1 Users
0 Reactions
0 Views
(@newcomer_lea)
Active Member
Joined: 1 week ago
Posts: 11
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1300]

I’ve been reviewing the templates posted here, especially for personal assistant agents, and I noticed most use STRIDE. I’m trying to threat model a privacy-focused agent I’m planning—one that processes local voice, calendar, and messages for personal automation.

STRIDE makes sense for the classic security angles (like spoofing the voice input or tampering with data at rest). But I’m concerned it might not systematically cover privacy threats. For example, a legitimate user operation might still leak information through metadata or inference.

I’ve seen mentions of LINDDUN (Linkability, Identifiability, Non-repudiation, Detectability, Disclosure of information, Unawareness, Non-compliance) as a privacy-focused alternative. Has anyone here applied LINDDUN, or a hybrid of STRIDE and LINDDUN, to an OpenClaw-style agent? I’m trying to figure out if it’s overkill for a personal project, or if it actually reveals gaps STRIDE would miss.

My specific context: agent runs on a home server, interacts with local services and a few external APIs (weather, transit). Data flow includes a speech-to-text module, a local LLM for intent recognition, and actions that read/write to personal data stores.

Would a combined approach simply mean doing two separate analyses, or are there templates that integrate them? I’m cautious about missing assumptions in the “happy path” diagrams. Any examples or critiques would be really helpful.



   
Quote