[selykg]

As someone who worked in this field. Offering "options" when a vast majority of the user base don't even understand that their data is encrypted, is often a poor approach to take.

Users will forget their Master Passwords even and because they forgot them they will believe they've been "hacked" and blame you.

Users on Hacker News and similar sites where users actually understand the underlying technology to some degree are the exception, not the norm. Adding options does not help a vast majority of the user base and it complicates your codebase further. Imagine making that change and less than 1% of your users actually use that feature?

[ohyeshedid]

It's a poor approach for multiple reasons. Like being the origin of downgrade attacks.

[tmikaeld]

If the default is the downgrade, what have you lost if there's not upgrade path in the first place? nothing!

[CyberRage]

There's no issue with that. layman users won't modify these settings while advanced users will be warned.

You're thinking wrong.

[tmikaeld]

Agreed, defaults are the norm and then the advanced settings are layered. Even so, explaining and showing the differences visually or with video is possible. I don't agree with treating people as babies when it comes to tech.

[cwyers]

Yes. Part of the value prop of these services is they have experts who are better qualified to make these decisions than I am.