It is an udev configuration problem: as configured it tries to guess what
the device is to add it to the relevant group and sometimes it makes wrong guess (e.g. a scanner was marked as a floppy).
> But after that any new user defaults to no group membership except their own, so it's not too bad. Just as long as I don't get UID 1000 on Debian then any removable media is safe from me. :)
It should be noted that the extra groups are only added to the user
created during the installation process. The assumption is whoever install the machine is the admin. Further more since you are also in plugdev, you can mount filesystems anyway.