[anigbrowl]

And people wonder why I am only lukewarm about encryption and opsec. I use both for myself, but I've given up evangelizing other people years ago because (as I've said here on HN many times):

For regular people, the effort of encrypting things is simply not worth it because they're powerless against a really determined attacker. It's rational to protect against casual attacks from spammers and scammers, but protecting oneself against state-level attackers is futile unless you make a full-time job out of it.

Someone usually pipes up at this point saying 'we need to limit the powers of the state', like some sternly-worded law is going to undo the existence of the technology or take away the vast economic and political incentives to deploy it. Get real folks, technology doesn't get un-invented, and powerful organizations are just like powerful organisms; they're opportunist, they maximize their own chances of survival, and when they do collapse the resulting power vacuum is filled as rapidly as any other vacuum would be. One can certainly seek to govern the behavior of a state or state organ, but attempting to limit its technical ability is naive, for the same reason that you'd be naive to try to fix police brutality by legislating about the design parameters of police batons.