Some donation data prompts are nasty
Some donation data prompts are nasty
Posted Jul 31, 2024 13:31 UTC (Wed) by somlo (subscriber, #92421)In reply to: Some donation data prompts are nasty by kleptog
Parent article: Lessons from the death and rebirth of Thunderbird
Keeping the specific threat model in mind is important, and unfortunately underrated. When we lose track of that, we end up looking for *perfect* security that's somehow also palatable to the average normie user, which so far hasn't happened.
It's important to distinguish between the zombie that's chasing after *you* specifically, in which case you need to prepare by focusing on Rule #1 (Cardio) -- vs. a bear that's just chasing after *lunch*, in which case outrunning the poor sod next to you is perfectly adequate. :)
I find this very insightful on the topic: https://scholar.harvard.edu/files/mickens/files/thisworld...
Posted Jul 31, 2024 15:14 UTC (Wed)
by farnz (subscriber, #17727)
[Link]
It's also worth being realistic about the outcome of defending against a specific threat; I can promise you now that if a sufficiently capable bad actor has taken me and my family hostage, and is going to kill us all if we don't give the bad actor everything they need to get into my accounts, that they're getting what they ask for, because the consequence of not giving them everything is bad enough that I don't want to risk it.
There is, of course, a relevant XKCD comic about this, with the bad guys not giving up because the computer security is too good, but instead assaulting the computer owner to get access, and we forget that observation at our peril.
Some donation data prompts are nasty