You and I differ on digital literacy. To me it's the only way to
ultimately solve this problem. It's not about educating people
technically. See my paper on "Digital Self Defence as Civic
Cyber-Security". Here in the UK we're taking that line (officially) at
last. And starting young!
Before limiting peoples' options to corporate walled gardens on the
assumption that "its safer" we can try actually scuring the products,
hardware and OS is the foundation. Got to stop listening to the
negative, defeatist voices who say "that's impossible".
And y'know there are laws against computer misuse. We ought to
seriously try enforcing them, even if that means the inconvenient
truth of exposing criminals with fancy brand names and logos. :)
I like your optimism and on my best days I mostly agree with it.
My skepticism is rooted in two phenomena:
1. Our society seems to be unable to address criminal behavior at the current scale, how can we expect it to improve if we expand the attack surface? Counties are unable to stop basic phone and tech support scams for decades now. There are just a few dozen companies that are responsible and we still fail. I can’t trust the authorities to be able to address more sophisticated scams at a bigger scale. Corruption is at the core of this. So now we also have to solve corruption.
2. Tech literacy is not enough to effectively avoid tech scams. It’s helpful for sure, but look at how many educated people got burned by crypto. I agree it’s work in progress and maybe we will become better as a society. But I need to see more proof to feel confident in that.
It is true that many essential organizations cannot effectively defend their networks. But it is also important to point out that there are many orgs that _are_ effectively defending their networks. I've worked in IT in a huge range of companies, orgs, and context. One thing that is clear is the culture plays a huge role. Those with a culture of supporting people who deal with real problems fare much better, those with a culture of "Cover Your Ass" or "When you say jump, I say how high" are getting hacked left and right.
You and I differ on digital literacy. To me it's the only way to ultimately solve this problem. It's not about educating people technically. See my paper on "Digital Self Defence as Civic Cyber-Security". Here in the UK we're taking that line (officially) at last. And starting young!
Before limiting peoples' options to corporate walled gardens on the assumption that "its safer" we can try actually scuring the products, hardware and OS is the foundation. Got to stop listening to the negative, defeatist voices who say "that's impossible".
And y'know there are laws against computer misuse. We ought to seriously try enforcing them, even if that means the inconvenient truth of exposing criminals with fancy brand names and logos. :)