top of page
  • Writer's picturekim

Get your own LINDDUN GO card deck

Great news: we’ve teamed up with Agile Stationery where you can order your copy of the LINDDUN GO card deck. Nothing beats the experience of playing LINDDUN GO with a real, physical card deck.

LINDDUN GO is the leaner variant of LINDDUN. It takes on a more collaborative and playful approach in finding privacy issues.

All you need to get started are the LINDDUN GO threat cards and a simple model of your system. Then you are ready to threat model for privacy.


LINDDUN GO was created as a tool to guide privacy threat modeling.

You can use it in several ways.

As the driver of a privacy threat modeling workshop

Ideally, threat modeling is performed by a diverse team with varied viewpoints, including for example a domain expert, architect, privacy champion, security champion, DPO, developer.

The first step in every threat modeling exercise is getting a mutual understanding of the system-under-analysis. To obtain this, you need a model of the system.

In the next step, the participants of the workshop will collaboratively elicit privacy threats.

As inspiration, they use the LINDDUN GO threat cards to drive the discussion. Each LINDDUN GO card describes a potential threat for a specific LINDDUN threat category (Linkability, Identifiability, Non-repudiation, Detectability, Unawareness, or Non-compliance) targeted at a specific 'hotspot' in the system (for example, incoming flows containing personal data).

After shuffling the LINDDUN GO threat card deck, participants take turns drawing cards. Each turn, the first participant discusses privacy threats related to the drawn LINDDUN GO card. Other participants join the discussion and fill in any potential gaps.

As training material in a privacy engineering exercise session

While the primary goal of LINDDUN GO is to put it to practice, it can also be a useful educational tool in trainings.

When you are not a privacy expert, thinking about what can go wrong from a privacy perspective can be very difficult. The LINDDUN GO cards can therefore also be used in trainings. Either as theoretical background, or, preferably even, in a practical exercise.

Each LINDDUN GO card illustrates examples, guiding questions, information on impact, etc. This is thus a great starting point for training participants to tackle a (group) exercise in a systematic way.

As a trainer, you can also scope the exercise by making a selection of the most interesting LINDDUN GO threat cards for your particular training exercise.

(Side note: creating selections and sharing these with the team is also possible when using the digital version of LINDDUN GO.)

As a training participant, you get acquainted with core privacy concepts and can immediately apply them to an exercise.

As a reference catalog

Maybe you are already a privacy expert but still like to do a quick gap analysis to make sure you covered all key privacy issues.

Maybe you do not have the luxury to run a collaborative threat modeling session and you have to do the exercise by yourself.

Maybe you are new to the privacy community and want to get familiar with potential privacy issues.

Whatever is your profile, if you want to know more about what privacy threats can exist in a software system, the LINDDUN GO cards can be used as a handy reference guide, classified according to 6 privacy threat categories.

What if the privacy threat modeling session is remote?

Use the digital card deck to jointly iterate over a shuffled deck. Or, do it the old-school-way: a designated player shuffles the deck, draws cards, and shares them with the others.

Everyone in the session can use their personal copy of the physical deck (or use the PDF) to read the details of each card that is currently being assessed.

Want to try it out yourself? Order your physical deck now at Agile Stationery.

All information, including a PDF version and a digital version of the card deck, remains available on the website:

Do you just want a quick overview of what LINDDUN GO is and how you can use it: check out the LINDDUN GO flyer.

Don't forgot to check out the full catalog of Agile Stationery. They have many other interesting threat modeling games and tools (such as Elevation of Privilege), including a very fancy poster of the Threat Modeling Manifesto.

1,491 views0 comments

Recent Posts

See All
bottom of page