Michał "rysiek" Woźniak · 🇺🇦Jun 7, 2024

Lukewarm take:

When I see general* "security advice" that mentions "do not use public WiFi" or "use a VPN", I am immediately suspicious about all other advice offered.

Yes, a decade ago that was a consideration, because most sites were not using HTTPS. Credentials were flying cleartext on the wire.

Today, almost all sites use HTTPS. Doesn't mean the risk is zero, but it's way lower.

*) "general" meaning "without a very specific threat model in mind", meant for general public, etc.

#InfoSec

Show threadMichał "rysiek" Woźniak · 🇺🇦Jun 7, 2024

Actually, downgraded that take to "lukewarm", it should really not be controversial at all these days. It's been a hot minute since LetsEncrypt changed the HTTPS landscape!

What is beyond me is that such "security advice" still gets pushed. 

Show threadMichał "rysiek" Woźniak · 🇺🇦Jun 7, 2024

Also, shout-out to @letsencrypt for dramatically changing the security landscape of the Web for the better over the years.

Rarely is there an example of a project so effective and so directly improving everyone's lives, while at the same time keeping the original engineering mindset and just Doing Stuff Right™ humbly in the background.

Next November it will have been exactly a decade since LE started. We all owe them a huge 10th birthday party.

#InfoSec

Show threadBen CurthoysJun 7, 2024
@rysiek @letsencrypt All my podcasts are supported by adverts for VPNs and I don't understand what they are supposed to be protecting you from these days.
Show thread~n
@bencurthoys @rysiek @letsencrypt
That's easy to answer.
What they are protecting one from is loss of sleep rooted in not understanding one's threat model.
That is a billion $currency industry.
Sadly so.
Jun 8, 2024 at 1:06amWeb