Yes, this article is targeted at people who don't understand the problem of using their .gov email address to sign up for dodgy sites, but think about whether you'd rather have your bank statement made public or a large, visualizable data set representing most of your browsing history.
I would love to see more work done on privacy through noise/obfuscation, such as that started by Adnauseum and TrackMeNot - not necessarily publishing your credit card details online as suggest in another comment here, but in making random search queries and clicking on random ads when your device is idle. Most of us have sufficient processing power and bandwidth for the overhead not to be a problem. It's sad that it looks like both add-ons have failed to make a splash, and seem to have fallen out of active development (end of 2015 marks the last commits for both projects, which is too soon to pronounce them dead, but they definitely don't seem to be hives of activity).
Edit: While I'm musing on this, I wonder if NoScript could use a UI overhaul. A little icon that says "Something broken? Try activating these domains" with some heuristics e.g. first try allowing the current domain, then stuff on common CDNs, then maybe digging into DNS records or SSL certs for common ownership...
It's possible to whitelist (and blacklist) specific targets, including local site, and a set of specified third-party targets.
That said, overall, it's a bit of a complexity bunghole, and may not be for the general public. But then, computers in general aren't, in many ways, either.
Not only to have pre-built lists but also to share your own list between devices.
I also cover basics like using better passwords, not reusing them and ways to keep them safe (keepass, last pass, a password memo book, etc.). And I emphasize over and over again to keep your software up to date. Let companies that have experts on staff do the work for you. Update Windows, your web browser and all Internet connect applications regularly (also applicable to iOS, the App Store and the Play Store).
Finally, I cover basic anonymity tools like ad-blockers and Disconnect.
The final paragraph loses a lot of my clientele, so NoScript is a non-starter for them.
When I try explaining this to other people, even other engineers, they usually tangent into a discussion about how paranoia and an inability to trust are unhealthy. And they stand their ground in the face of mounting evidence, insisting the designer is a humble, well-meaning person like themselves, and would have no reason for doing such evil things.
But people who come to these lectures or cryptoparties usually have a desire to do something about their personal IT-security so hopefully they can find the motivation.
Strong consumer protections exist in many developed nations which limit your liability, it is the banks who stand to lose. No doubt it can be a hassle if your credit card number is stolen, But that card is the bank's property. You just report any fraudulent transactions and get a new card if necessary. The more important thing to protect is your private data, you can't get that privacy back.
* By 'regular users' I mean when I say "Try an ad-blocking extension with your browser, add it from the menu" and they say "What is the menu?" and we build their knowledge up from there... . It can be frustrating for all but I highly recommend it as it keeps you grounded and provides balance for the HN bubble I sometimes find myself in.
You almost have to be an experienced webdev to recognize which domains are necessary and which aren't.
But this is also why I emphasize that you can freely use the global whitelisting option and still be much safer than without noscript. Simply because the sites that will get you are often the sites that open unexpectedly. Unknown domains that you did not request.
Is that your choice or user demand?
Confidentiality is one of the pillars of security, and beyond a doubt the most common attack on user security is on confidentiaility by commercial and government organizations.
If someone got access to my banking details, they could do far more damage than just make my bank statements public.
Now I've dealt with identity theft and credit card fraud, and I work in digital marketing, so I know which one I'd choose: Nobody is going to visualise my individual browsing history, and even if they did (for what reason I can't imagine), I can't imagine what they'd do with it! I can imagine someone might try to build a demographic profile about me to sell me stuff that I'd like, but that's good because it would be stuff that I would like.