I've been thinking lately about how we teach folks about digital security and safety and how we don't really have a way to retire old advice
I know folks who heard they should never connect to a public or unfamiliar Wi-Fi network, never scan a QR code, never charge their phone at a public outlet - and they never got the stand down memo that those threats have been largely mitigated and as long as they're keeping their phones and browsers up to date, it's usually fine to do those things.
And to some extent it's easier to say "just don't" than it is to teach nuanced risk analysis, because sure, connecting to other computers is never 100% safe no matter what.
But I worry that when reasonable precautions calcify into superstitions, we're contributing to the narrative that computers are inherently unknowable and dangerous, which leads to people giving up on even trying.
@Annalee @JXilon Good point and part of the issue with most security discussions (or computer discussions in general). We figure out the single optimal practice for a given goal (don't get infected/suborned), without considering other goals (educate people), and then we beat the point into the ground.
This creates the situation you describe, where people have heard "the best solution is to never..." and therefor don't research reasonable compromises instead.
@Longwing @JXilon that advice didn't become widespread because it held for high risk targets, but because there were widely known and widely used attacks that average people had to worry about. And that's just not true anymore. Those threats have been remediated.
The rules are different for high value targets because what exploits remain are too valuable to be worth using against random people.
Annalee
Jeff Xilon
Longwing