Hacker News new | comments | show | ask | jobs | submit login

I guess this list is aimed at everybody: it can be implemented without breaking too many habits, and with minimal knowledge.

Having everyone use SSL is better than nothing (and provides some amount of herd immunity to those that need to hide their communication). Two factor auth protects against a number of threat classes, such as the "local criminal" they mention. People might not care about the NSA, but there are plenty of other reasons to care about security.

Right before the list they state that these only provide incremential improvements. The last step might lead people to prism-break at some point (eg. during crypto parties).

> I guess this list is aimed at everybody: it can be implemented without breaking too many habits, and with minimal knowledge.

That's kind of the problem here. The whole situation is in such an advanced stage and so pervasive and based on such "advanced" technology that we simply can not get out of it by keeping our silly little habits that we're so used to. (And yes, it includes shunning the NSA partner companies' products: Google, Microsoft, Skype, Apple, Facebook, Yahoo, Paltalk, etc.)

This situation requires drastic measures, on the individual/personal level as much as on the societal level.

I guess I'll take EFF's marketing approach over yours:

My impression is that the article is for people who would be overwhelmed with prism-break (and couldn't do _anything_ with that list of tools - prism-break.org isn't very actionable without prior knowledge).

If someone without ITsec experience comes up and asks what to do about that nasty NSA stuff they've read in the news, and you tell them to drop their operating system ("Google, Microsoft, Apple" includes Windows, OSX, iOS, Android, Windows Phone), the applications that run on top of them, and their Internet based communication (Skype and Facebook), they'll probably ask you where they could buy a box of index cards and post stamps, and how to build a hut in the forest. And then turn around and change nothing.

That list provides a way to reduce the attack surface - not particularily against the NSA (because of the backdoors), but certainly against the Firesheep instance running on the neighbor's laptop in the cafe. It also raises awareness without overwhelming newcomers.

Let them lock down their in-flight communication. You can still tell them about endpoint security later (and why US based corporate silos are a problem in that regard), so they can "level up".

If that list isn't radical for you, you're probably not the target audience. For now, please note that it doesn't end with "you're done. Congratulations, you're now secure!", but with crypto parties and other ways to raise awareness - those are great places to consider and implement more radical steps towards security. At least if people are around who can lend a hand.

Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact