Lukewarm take:
When I see general* "security advice" that mentions "do not use public WiFi" or "use a VPN", I am immediately suspicious about all other advice offered.
Yes, a decade ago that was a consideration, because most sites were not using HTTPS. Credentials were flying cleartext on the wire.
Today, almost all sites use HTTPS.
*) "general" meaning "without a very specific threat model in mind", meant for general public, etc.
#InfoSec
Michał "rysiek" Woźniak · 🇺🇦 /
npub1af…q5gp4
2024-06-07 12:59:14
Author Public Key
npub1afml2kzwamqxppl50207sf5jwgl3l6ugn6hnuwugtxt7ctnhdtkqjq5gp4Published at
2024-06-07 12:59:14Event JSON
{
"id": "47b6f6e2285128c13f1ff0a9ce10b3fcee530b403589e588902eb6577e5cf96c",
"pubkey": "ea77f5584eeec06087f47a9fe82692723f1feb889eaf3e3b885997ec2e776aec",
"created_at": 1717765154,
"kind": 1,
"tags": [
[
"t",
"InfoSec"
],
[
"proxy",
"https://mstdn.social/@rysiek/112575457144211032",
"web"
],
[
"proxy",
"https://mstdn.social/users/rysiek/statuses/112575457144211032",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mstdn.social/users/rysiek/statuses/112575457144211032",
"pink.momostr"
]
],
"content": "Lukewarm take:\n\nWhen I see general* \"security advice\" that mentions \"do not use public WiFi\" or \"use a VPN\", I am immediately suspicious about all other advice offered.\n\nYes, a decade ago that was a consideration, because most sites were not using HTTPS. Credentials were flying cleartext on the wire.\n\nToday, almost all sites use HTTPS.\n\n*) \"general\" meaning \"without a very specific threat model in mind\", meant for general public, etc.\n\n#InfoSec",
"sig": "4e91e851ad8f78679216a95a5ff6b04b494edcaa98a941fc017b6835004fe99ee504c9b583f7515dd9d8994b38f315aaa7772f66d82e5b2ddb7af271e4f341c2"
}