Might sound a bit of a silly question. I see people talking about threat models, and privacy guides which say things like “if this is part of your threat model, do X Y Z”. I’m just not sure if it’s a general “this is what I want to protect myself against” or if there’s more to it.
So there’s a formal/professional approach and there’s an informal approach.
Formally, there are fields like Risk Management aka Risk Analysis; in these fields there are various frameworks and approaches for things like threat models and risk assessments. This is more than most of us need.
Informally “this is what I want to protect myself against” is indeed a good way of thinking about it. You can write something up for yourself, or you can just think it through. If the threat model helps you use your time / resources wisely, then it’s a good threat model.