After major security vulnerabilities or data breaches, "security people" show up and tell you to delete your account immediately. "Oh, time to delete your account! Switch to service/product … instead!"

Such statements totally ignore that security vulnerabilities are widespread and the vast majority of data breaches won't become publicly-known. Full control over your data and devices requires 100% isolation from the internet, not just arbitrarily switching services or products.

OTOH one could very reasonably say that, say, signal is better than Facebook from a privacy and security standpoint.

@infosechandbook yeah, rather then pointing at what people should use, we are better of educating people why one would want to use a service or why not.

@blacklight447 @infosechandbook teach people that everything they store might end up in public. Do not store unnecessary data no matter what platform or technologically you use.

@Bobo_PK @blacklight447 @infosechandbook

The internet is not safe, and will never be made safe. Anything you make accessible to the internet will be used against you.

@Bobo_PK @blacklight447 @infosechandbook Even encrypted data with proved secure ways? Like gpg encrypted with a asymmetric key?


You can accidentally leak your private GPG key, or the endpoints of end-to-end encryption can be compromised. GPG also offers no perfect forward secrecy. An attacker can just record encrypted data, and may have the ability to decrypt everything in future.

As @Bobo_PK suggested, cryptographic algorithms change over time. Years ago, DES was considered secure …


Sign in to participate in the conversation
Mastodon is a microblogging site that federates with most instances on the Fediverse.