We have a lot of trouble in the industry with normal people being stupid.
Or rather, sorry, I should say, people being lazy. Saying stupid is unfair.
How do you get people not to make their password "password". After all, we are insisting they have a damn password. They don't want one. They just want things to work.
Yes, if they get hacked, they moan, but it does not matter how much we try, they will take the lazy route.
People will not care if a site is using https or http.
People will not care is some site has a warning. The poke posted a good image for this today.
So keeping normal people safe is hard work.
But what if you do have something to hide - whether it is something non-criminal but embarrassing or just commercially sensitive. What if it is criminal, or worse terroristy...
Well, then you need to plan and be careful. Then you need to check how you keep yourself safe and communicate safely.
This is why the security theatre of politicians today is bad - they want to advocate weaker security for the masses, for everyone, so that they can catch criminals more easily.
The effect will be weaker security for the masses, yes, and a much harder time protecting them. However, anyone with any reason to actually put in a modicum of effort, such as terrorists, can easily stay safe - using their own encryption rather than using WhatsApp.
A terrorist can simply google* how to do this, download the right code, and be their own vendor for end-to-end encryption. Cimincals can stay safe. (*Books also have this information)
Who wins here - the criminals!
Who loses here - the rest of us!
Please, let us use encryption to protect us all - yes it protects criminals as well, but we can't stop that, and protecting the rest of us actually thwarts a lot of criminals. Net gain.
This blog also on YouTube:-