@@ -464,6 +464,12 @@ EXAMPLE2: While traveling overseas, a consumer installs and connects to a commer
> Example threats can be found in the same documents suggested in the section on security requirements.
- unauthorized use of exit node (\*\* by service provider)
- unauthorised collection of PII by client
- unauthorised filtering or tampering of traffic (mitm)
- observation or disclosure of the user's online activity by an unauthorized and/or malicious party, including delayed disclosure
- DNS Leaks to local network
## C.3 Assumptions
> List assumptions that are relevant to the risk analysis for these threats. Everything is hackable if you try hard enough. What kinds of threats are in and out of scope? What are you assuming is the sophistication of attack? Relate to use cases.
