[vecter]

> the “users don’t care” argument, i believe, is a cop out to make ourselves feel good.

Strongly disagree. It's just the simple reality that most users don't care about security. The vast majority of potential consumers in the world don't choose digital products based on security. I always see this security angle touted on Hacker News, but I'm quite frankly shocked that people here don't have the self-awareness to realize that we live in an uber-tech geek's echo chamber.

Have you ever met an "average" Facebook user? They really, truly, do not understand or care about security. I'm very confident that even if you sat one down and walked them through all of the implications of what poor security even means, they would walk away and not change their behavior whatsoever.

[canada_dry]

The whole "users don't care" is really ignoring consumer's cognitive dissonance on security.

Adopting the stance that "vast majority of potential consumers in the world don't choose digital products based on security" time-and-time again bites organizations in the ass when there's a breach.

[MattGaiser]

> time-and-time again bites organizations in the ass when there's a breach.

The bite isn't very hard though. The largest data breach of the 21st century in terms of users was Adobe and it cost them just 2 million in legal.

The only painful data breach I can think of financially has been Equifax. Everyone else just sent out a "reset your password" email, paid for a couple lawyers and PR people, and went on with their companies.

Can you name a company killed by a data breach? I can't think of one.