Is someone checking your browsing? This website will appear in your browser history. If you're concerned someone may be monitoring your internet use, consider using a trusted friend's device, a library computer, or your browser's private/incognito mode. You can press Quick Exit or hit Escape at any time to leave this site quickly. Learn more about staying safe online
⚡ Quick Exit
  1. Home
  2. About
  3. Limitations
Need support? 1800RESPECT (1800 737 732) | Emergency: 000

Limitations, Methodology & Responsible Use

What This Framework Is

The Technology-Facilitated Abuse (TFA) Matrix is a structured catalogue of techniques used to perpetrate technology-facilitated abuse in the context of domestic, family, and intimate partner violence. It applies the methodology of threat intelligence frameworks — specifically the approach pioneered by MITRE ATT&CK® — to interpersonal harm.

The framework is designed to serve three audiences:

  • Victims and survivors — through plain-language descriptions of what to notice and what to do, presented in the public view.
  • Practitioners — including domestic violence workers, law enforcement, legal professionals, and digital safety specialists — through structured technical data in the technical view.
  • Policymakers and researchers — through a systematic, evidence-based taxonomy that enables analysis, comparison, and policy development.

What This Framework Is Not

Not personal advice

This resource provides general information about technology-facilitated abuse techniques and possible protective actions. It does not and cannot account for your specific circumstances. Every situation involving abuse is different, and actions that are safe for one person may be dangerous for another. In particular:

  • Removing monitoring software, changing passwords, or altering device settings may alert the person causing harm and could lead to escalation.
  • The "What You Can Do" guidance describes possible actions, not recommendations. Whether any action is appropriate depends on your safety, your support network, and your circumstances.
  • If you are in an unsafe situation, please contact a specialist service before making changes to your devices or accounts.

Not a complete catalogue

Technology-facilitated abuse evolves as technology evolves. New techniques emerge with new platforms, devices, and services. This framework represents current understanding as of the version date and is updated regularly, but it will never capture every possible technique. The absence of a technique from this catalogue does not mean it doesn't exist or isn't being used.

Not jurisdiction-specific

This framework was developed in an Australian context and references Australian support services (1800RESPECT, the eSafety Commissioner, Services Australia). However, the techniques described are not specific to any jurisdiction — technology-facilitated abuse occurs globally. Laws, support services, and reporting mechanisms vary by country and jurisdiction. Users outside Australia should identify their local equivalents.

Not legal advice

Nothing in this framework constitutes legal advice. While many techniques described here may constitute criminal offences in various jurisdictions, this framework does not make legal determinations. Consult a legal professional for advice about your specific situation. Legal aid services in most jurisdictions provide free initial advice for domestic violence matters.

Not forensic methodology

The detection indicators described in this framework identify possible signs of technology-facilitated abuse. They are not forensically validated detection methods and should not be treated as evidence standards. Formal forensic investigation requires qualified digital forensics professionals using validated methodologies and appropriate chain-of-custody procedures.

Not clinical or diagnostic criteria

This framework describes patterns of behaviour, not psychological diagnoses. It should not be used to diagnose individuals or to substitute for professional psychological assessment. The framework describes what is done, not why — it catalogues techniques, not motivations or pathologies.

Responsible Use

On the dual-use concern

Any catalogue of abuse techniques could theoretically be read as a playbook. We have considered this carefully. Our position:

  • These techniques are already well-known to perpetrators. Every technique in this framework is documented in existing domestic violence sector literature, law enforcement training materials, academic research, and — in many cases — mainstream media reporting. Perpetrators do not need this catalogue to learn these techniques; they are already using them.
  • Victims, practitioners, and policymakers do need this catalogue. The systematic gap is not in perpetrator knowledge — it is in victim recognition, practitioner understanding, and policy response. Technology-facilitated abuse is consistently under-identified precisely because there has been no structured framework for recognising and categorising it.
  • Obscurity does not protect victims — recognition does. A victim who can name what is happening to them is better positioned to seek help. A practitioner who can identify a pattern is better positioned to intervene. A policymaker who can see the landscape is better positioned to legislate.

This framework deliberately omits step-by-step implementation instructions. Technique descriptions explain what is done and how it presents, not how to do it. Detections describe what to look for, not how to evade detection. The framework is designed to be maximally useful for defence while minimally useful as offensive instruction.

Ethical use expectations

This framework is published for the purpose of protecting people from harm. Users of this framework — including researchers, practitioners, developers, and anyone who forks or builds upon this data — are expected to use it in service of that purpose. Specifically:

  • Do not use this framework to develop tools, techniques, or services that enable abuse.
  • Do not use this framework to identify vulnerabilities in victims' protective measures.
  • Do not use technique descriptions as instructional guides.
  • If you identify a gap in the framework that could be exploited, report it responsibly through the project's GitHub issues.

Methodology

Framework development

The TFA Matrix was developed by Not A Standard using the SAFE (Security Abuse Framework for Evidence) methodology, which applies cybersecurity threat intelligence frameworks to interpersonal harm. The framework draws on:

  • Systematic review of academic literature on technology-facilitated abuse
  • Analysis of reported cases from domestic violence services and law enforcement
  • Consultation with DFV sector practitioners
  • Technical analysis of surveillance tools, platform vulnerabilities, and device capabilities
  • The structural methodology of MITRE ATT&CK® for knowledge representation

Limitations of the methodology

  • Reporting bias: The framework is built from documented and reported techniques. Techniques that are rarely reported or difficult to detect may be underrepresented.
  • Technology bias: The current version reflects techniques prevalent in markets with high smartphone and internet penetration. Techniques specific to other technology contexts may be less represented.
  • Cultural context: While the techniques themselves are broadly applicable, the framing, examples, and recommended services reflect an Australian context.
  • Temporal scope: The framework reflects technology available as of the version date. Emerging technologies (including AI-generated content, new IoT devices, and evolving platform features) will require ongoing updates.

Versioning & Currency

The TFA Matrix is maintained as a versioned dataset. The current version and last-updated date are recorded in the STIX bundle metadata. The framework is updated to reflect:

  • Newly identified techniques
  • Changes in technology that affect existing techniques
  • Improvements to detection indicators and protective actions
  • Community contributions via GitHub
  • Feedback from practitioners, researchers, and people with lived experience

Outdated or superseded techniques are deprecated rather than removed, to maintain continuity for research and analysis that references specific technique IDs.

Reporting Errors, Gaps & Concerns

If you identify an error, a missing technique, a safety concern with the guidance provided, or any other issue:

  • GitHub: Open an issue or submit a pull request at the project repository.
  • Contact: Reach Not A Standard directly via notastandard.ai.

We take safety concerns about the guidance particularly seriously. If you believe any "What You Can Do" action could endanger someone in a specific scenario, please report it so we can review and update the content.

Acknowledgements

MITRE ATT&CK® is a registered trademark of The MITRE Corporation. The TFA Matrix uses the ATT&CK knowledge representation methodology under fair use for interoperability and is not affiliated with, endorsed by, or a product of The MITRE Corporation.

This framework was built with and for the domestic and family violence sector. We acknowledge the courage of people with lived experience whose accounts inform every technique in this catalogue.