d.rift 

Infosec guides: Enumerate the assets you want to protect and the threats to them and the likelihood and consequences of...

Users: I don't know, I just click on the 't' and there's a screen, what do you mean login, I didn't know it had files, what is going on here.

You can't _threat_ model if you haven't got _model_. The problem is so much bigger.

Apr 1 at 3:18pmWeb
Show threadсерафими многоꙮчитїи1d ago

@d_rift what should be in the standard mental model of a computer owner?

(I'm thinking that there are conceptual things like CPU/Memory/Disk, local/cloud storage, stable/volatile memory, local/remote code, encryption in motion/encryption at rest, keys, passwords, and then I'm thinking nobody will have the patience even though the set is reasonably small because the concepts sit in a larger body of common knowledge)

Show threadd.rift 1d ago

@djm62 this is exactly the problem. Which invisible wires do you need to know about? And damn us programmers for having made them invisible.

Real life example. Someone can in fact (to my great surprise) create a tumblr account without knowing that accounts have login credentials, what a login credential is, that they tied it to their google account, or that it's even possible to log into it from another device, let alone how. And we want them to monitor their recent and active sessions! Ffff.

Show threadсерафими многоꙮчитїи1d ago

@d_rift one thing that stuck with me from learning to drive: knowing what the clutch pedal was doing helped me use it. Not so much the brakes or accelerator, I could get by on a summary of what effect they had.

I guess that's the utilitarian criterion - is there something you would do differently based on knowing this detail? Maybe that's also a pedagogically useful way to explain it? If you can't find a behavioural distinction, you can consider it safe to skip/summarise.

Show threadd.rift 1d ago
@djm62 it's hard. People care about different things. One person might change purchase habits because a camera brand used by the local grocery dumps video to an unauthenticated S3 bucket. Another may not care. Another may not know why they might care.
Show threadd.rift 1d ago
@djm62 But like, where I'd put the bar on a gut level — know what it takes for you to access your stuff, know who else can access it and how, know who can lock you out of it and how — I can't even meet that bar myself except on technologies I have very tight control over.
Show threadсерафими многоꙮчитїи1d ago

@d_rift I think the grocery store example basically fits if you have the primitives - video data goes to remote storage on the web without access control.

How likely is it for someone to get access? Pretty likely, and if you don't know that you have enough context to ask and understand the answer

How bad is it if they do? Probably fine for most people - it's a little worse than just being seen in the grocery store, but not much.

That's different from your reply though - my opinion is the average person shouldn't really have a finer-grained knowledge than "me (and anyone with my credentials) and the provider (and anyone with their credentials) and the world (delete as applicable)".

And I care more about the average person than I do about targeted individuals with powerful adversaries, because that's when you have a duty to learn more and also have to think about risk appetite - nobody is particularly secure when there's a laser mic on their window and people with no legal repercussions for getting physical. There's a point of diminishing returns which is totally personal. If you are literally or figuratively in a bunker, it's probably more pragmatic to do a Snowden and start talking to your enemies' enemies.