Documents published since initial revelations in 2013 have revealed several classes of pervasive surveillance attack on Internet communications. In this document we develop a threat model that describes these pervasive attacks. We start by assuming an attacker with an interest in undetected, indiscriminate eavesdropping, then expand the threat model with a set of verified attacks that have been published.