I have this conversation almost daily about the related, but seperate field of cybersecurity. I can't count the number of times I've had conversations that go along the lines of "why are we even...
I have this conversation almost daily about the related, but seperate field of cybersecurity.
I can't count the number of times I've had conversations that go along the lines of "why are we even bothering restricting where people can download files from? If someone wanted to, they could just use a thumb drive, and if we restricted that, they could just put the file on an internal network share".
If we used that justification, we'd have no security or privacy anywhere.
Any privacy method can ultimately be defeated. The question is only by who, and how easily.
For instance, there's a huge difference in the level of effort between the NSA targeting you and spending millions of dollars to get a zero day on your device than someone you went on a bad date with that just so happens to work for Verizon and has the access needed to read your SMS messages.
This reminds me of a conversation I had with a friend, years ago, about the myriad "What Sesame Street Character Are You?" quizzes that were so popular on Facebook. I mentioned to them that by...
This reminds me of a conversation I had with a friend, years ago, about the myriad "What Sesame Street Character Are You?" quizzes that were so popular on Facebook. I mentioned to them that by sharing the information that these quizzes asked for, you're answering many of the most common account recovery-type questions (street you grew up on, school name, etc). They were, in actuality, giving away information that could be used to compromise their account, any email addresses associated with it, and so on.
Their response was "Well, they probably already have this information anyway." To which I responded "Well, you don't have to make their job any easier, do you?"
So much of security does depend on people being unwilling to surmount the bare minimum practices, but those practices do prevent the vast majority of bad actors.
Why do we have locks on doors or bars on windows? Why do we lock the car when we walk away from it? Why do we bother putting a cheap lock on a file cabinet? It's some level of deterrent. Don't...
Why do we have locks on doors or bars on windows? Why do we lock the car when we walk away from it? Why do we bother putting a cheap lock on a file cabinet? It's some level of deterrent. Don't make it easier for anyone to warrantlessly search or access what isn't theirs.
I appreciate the perspective in the article. "Cherish the win." Don't push people away by telling them they need to do more, faster. WhatsApp isn't as good as Signal and I would love to have more contacts on a service that collects less metadata. But it's better than an MMS or RCS group! "Privacy is a culture we need to build ... Tolerate imperfection and treasure improvement."
If anyone needs a good reminder that locks are basically useless on their own, one just needs to look at a few Lockpicking Lawyer videos and realise that it's not the lock keeping you safe, but...
If anyone needs a good reminder that locks are basically useless on their own, one just needs to look at a few Lockpicking Lawyer videos and realise that it's not the lock keeping you safe, but the fact your bike takes more effort to crack than the one next to it.
Physical locks are indeed very similar to the online privacy/security question.
You don't need a lock on your bike, but now every yokel can just walk off with it if they so please.
Having a simple lock will prevent random drive by steals, but will not stop a dedicated bike thief.
Having multiple locks or a slightly more difficult one will have the bike thief go for the lower risk bike next to yours even if they can still crack yours were they so inclined.
I have this conversation almost daily about the related, but seperate field of cybersecurity.
I can't count the number of times I've had conversations that go along the lines of "why are we even bothering restricting where people can download files from? If someone wanted to, they could just use a thumb drive, and if we restricted that, they could just put the file on an internal network share".
If we used that justification, we'd have no security or privacy anywhere.
Any privacy method can ultimately be defeated. The question is only by who, and how easily.
For instance, there's a huge difference in the level of effort between the NSA targeting you and spending millions of dollars to get a zero day on your device than someone you went on a bad date with that just so happens to work for Verizon and has the access needed to read your SMS messages.
Better is always better than nothing.
This reminds me of a conversation I had with a friend, years ago, about the myriad "What Sesame Street Character Are You?" quizzes that were so popular on Facebook. I mentioned to them that by sharing the information that these quizzes asked for, you're answering many of the most common account recovery-type questions (street you grew up on, school name, etc). They were, in actuality, giving away information that could be used to compromise their account, any email addresses associated with it, and so on.
Their response was "Well, they probably already have this information anyway." To which I responded "Well, you don't have to make their job any easier, do you?"
So much of security does depend on people being unwilling to surmount the bare minimum practices, but those practices do prevent the vast majority of bad actors.
The worst part about those was that I never took any notice of them, only to have my wife tag me in the comments with the answer on my behalf.
Why do we have locks on doors or bars on windows? Why do we lock the car when we walk away from it? Why do we bother putting a cheap lock on a file cabinet? It's some level of deterrent. Don't make it easier for anyone to warrantlessly search or access what isn't theirs.
I appreciate the perspective in the article. "Cherish the win." Don't push people away by telling them they need to do more, faster. WhatsApp isn't as good as Signal and I would love to have more contacts on a service that collects less metadata. But it's better than an MMS or RCS group! "Privacy is a culture we need to build ... Tolerate imperfection and treasure improvement."
If anyone needs a good reminder that locks are basically useless on their own, one just needs to look at a few Lockpicking Lawyer videos and realise that it's not the lock keeping you safe, but the fact your bike takes more effort to crack than the one next to it.
Physical locks are indeed very similar to the online privacy/security question.
You don't need a lock on your bike, but now every yokel can just walk off with it if they so please.
Having a simple lock will prevent random drive by steals, but will not stop a dedicated bike thief.
Having multiple locks or a slightly more difficult one will have the bike thief go for the lower risk bike next to yours even if they can still crack yours were they so inclined.