[mindslight]

Sure, and I didn't advocate doing otherwise. My point is the larger context - there is no "secure" on mobile.

Likewise, my point about losing a datacap was that it was preferable to having more personal info backhauled into commercial surveillance databases. It's not an either-or and I'm not desiring either one - just calling attention to the larger context of user-security versus the myopia of marketing/corporate security.

[tscs37]

There is secure on mobile. Secure is not a binary property, it's a spectrum of options and possibilities which heavily depend on your environment and your threat model.

You either get security updates at the possible downside of sending more data to some database of a known vendor or you get the very possible risk of being part of a slide on DEFCON Fail Panel by some unknown blackhat.

I choose a known advesary over an unknown any day.

[mindslight]

At its core, digital security is a binary property equivalent to mathematical proof. Since universal security is neigh impossible (two people can keep a secret if both are dead), we then predicate it on various trust relationships / threat models - what one is secure against.

The modern non-technical but security-conscious person concedes that their devices are pwnt by (ie they are forced to trust) AppGoogAzon anyway, and simply shies away from trusting technology. The phenomenon is what it is - I'm not advocating for it, but advocating for understanding it.

Furthermore, are you saying that you actually know all the players in the commercial surveillance industry?!

I'd appeal to your same argument of known versus unknown, but point out that at least the motives of the rando blackhat are known. Whereas the surveillance industry will be innovating new ways of monetizing their malicious databases for the next century!

[tscs37]

That's a rather narrow mindset. As previously explained, security is not binary, even in the circumstances you mentioned.

I don't know all the players in the. Surveillance industry but I'm not as paranoid to believe they are worse the. Black hats.

You probably also have little probability of knowing the actual intentions or motives, which actually helps little in threat mitigations.

[mindslight]

It's not a "narrow mindset", but a formal basis that fosters analysis.

It's true that drive by black hats could be looking to snarf up all the personal information they can, and selling it into the corporate surveillance databases. I just think it's less likely than they're looking for a quick hit to defraud some banks.

It's not a matter of "paranoia" (there we go again with the handwavey maligning subjectivity!), but of looking at the outcomes. It's paradoxical - the things we think of as "bad" really are not that worrisome, because the shared goal is to correct them. Meanwhile the things we think are "just the way it is" form an insidious creeping trend.

I have very little fear of say my bank account being drained, because if that actually were to happen, then we're in general agreement that it will be made right - from bank policy on up to common law. Whereas if my de-facto mandatory insurance rates mysteriously double, there is both little immediate recourse and many people will even argue in support based on the just world fallacy!

[nitrogen]

I'm honestly quite surprised people went to the trouble of downvoting all of your comments on this thread; I think people are talking past each other and missing the bigger point that some threats are being ignored because of their insidious subtlety.

[zaarn]

As another comment mentions; security is not binary.

Binary Security is a sign you failed at security. You can be not secure at all, somewhat secure, etc, against a set of threat models or anywhere in between those steps.

Whether or not you have properly prepared against a threat model and you are confident in defending against it is a binary property (or rather, two binary properties) but the underlying security is not.