@godpod Awkward… it loves me, but I’m not there yet. It’s all moving too quickly!! 🤪😝

@jeremybmerrill if nothing anything else, I suspect there would be “deny lists” to block these ads once they’re aware of them and have ascertained it’s fake (through reporting like yours). Though, typically preventing ads from showing up by using lists ends up being a bit like whack-a-mole.

@dangoodin @zackwhittaker Solid thread 🧵. I’ll add another reason why I think a general PSA is a good idea. The ease of access for a malicious actor. A lot of security is just layers and layers of protection. So if one layer is breached, another is still standing. A bad actor has extremely easy access to the USB ports in public places. They can do what they need and simply hope to get lucky with no real cost. And if they get lucky, that’s one barrier down. How many other barriers you have, is a very inconsistent number. On the flip side- what does it cost the lay public to either carry their own charging plug or the ‘usb condom’? Pretty much nothing. So you get an additional barrier for basically free. Take it. No point slapping our foreheads later.

@jeremybmerrill it’s not like nothing is being done. If we look the human collective, your report alone will have educated lots of people. Detection I suppose is one thing, ie tech can probably have a hunch that an ad is ambiguous or some % similar to the real thing, but telling lay people that in a way that’ll affect outcomes- I wonder what we can do about that. As a communicator, what do you think is the best way to _ensure people know what they’re getting_?

@epixoip @sc00bz how much of lastpasses lapses can be mitigated with MFA? Never used lastpass so I don’t know if it needs me to validate ‘something I am’ as well.