Never agreed with this logic. For a lot of people (anyone that does political activism of some sort for example) the threat model can be a lot more nuanced. It might not be Mossad or the CIA gunning for you, specifically, but it might police searching you and your friend's laptops or phones. It might be burglars targetting the office of the small organization you have and the small servers you have running there.
Yep. While there might be some use cases for his ultra-simplistic "Mossad/not-Mossad duality" - say, convincing Bob Jones that "b0bj0nes" is not a great password - it's 99% fairy tale.
And even if the CIA/Mossad/NSA/whoever is "interested" in you - this is the era of mass surveillance. The chances that you're worth a Stuxnet level of effort is 0.000000001%. Vs. 99.999% chance that they'll happily hoover up your data, if you make it pretty easy for their automated systems to do that.
Also worth noting that Mossad/CIA/etc. are not monoliths. Maybe you got a top agent assigned to you, but maybe your file is on the desk of the Mossad's version of Hitchcock and Scully from Brooklyn 99.
> Yep. While there might be some use cases for his ultra-simplistic "Mossad/not-Mossad duality" - say, convincing Bob Jones that "b0bj0nes" is not a great password - it's 99% fairy tale.
Honestly, the oversimplification here reads to me more like something Bob Jones could use to justify not caring about "b0bj0nes" not being a great password.
I was thinking, "Bob, stop making excuses about how it's hopeless, and you'd need a 'U0hBNTEyICgvdmFyL2xvZy9tZXNzYWdlcykgPSBjNGU2NGM1MmI5MDhiYWU3MDU5NzdlMzUzZDlk'-level password to be safe. That 'b0bj0nes' is so easy that a bored kid might get it in a few dozen guesses, and you need to change it to something better."
That password should include symbols too! Without symbols, each character is one of 62 values (sticking to ASCII letters and digits). Including symbols makes it much harder to guess passwords of a given length. Even better would be Unicode letters, digits, and symbols, even if you stick to the Basic Multilingual Plane.
Best would be non-text, binary strings. Since I already use a password manager, I don't really need to type passwords by hand. But I do understand most people prefer text passwords that could be entered by hand if necessary.
Except that's exactly what the Mossad will be expecting us to use, for our uber-secure password! By eschewing symbols and binary, we are actually meta-out-smarting their ultimate giga-quantum nuclear crypto cracker.
Or: This is Bob "Dim Bulb" Jones we're talking to. KISS, and maybe we can convince him to upgrade his password to "iwantacoldbeernow".
Sorry, your password does not meet complexity requirements because it does not contain at least one of each of the following: uppercase letters, lowercase letters, numeric digits, nonalphanumeric symbols.
Yeah it's extremely immature, even within police agencies there's a huge variation on their ability to perform digital forensics. Furthermore, just because the feds don't like you for whatever reason doesn't mean they're going to deploy their top-of-the-line exploits against you, or detain and torture you, or whatever magic voodoo bullshit the author thinks the Mossad can do.
the maximalist false dillema of "all or nothing": either it's a super-poweful super-human agency and you can't do anything, else any half-measure is fine
The idea that average people can't handle incremental improvements like a password manager, MFA, full disk encryption, etc is unhealthy infantilization of people who are entirely capable of understanding the concepts, the benefits, the risks they address, and appreciating the benefits of them.
Most people just don't care enough until after they're hacked, at which point they care just enough to wish they'd done something more previously, which is just shy of enough to start doing something differently going forward.
It's not that normies are too stupid figure this out, it's that they make risk accept decisions on risks they don't thoroughly understand or care enough about to want to understand. My personal observation is that the concept of even thinking about potential future technology risks at all (let alone considering changing behavior to mitigate those risks) seems to represent an almost an almost pathological level of proactive preparation to normies, the same way that preppers building bunkers with years of food and water storage look to the rest of us.
I do understand the concepts and exactly because of that I doubt I myself would be able of airtight opsec against any determined adversary, not even state-level one. I think it's humility, you think I infantilize myself lol.
I do use password manager and disk encryption, just for case of theft. Still feels like one stupid sleepy misclick away from losing stuff and no amount of MFAs or whatever is going to save me, they actually feel like added complexity which leads to mistakes.
The third mode is enabled by scale of data and compute. If enough data from enough sources is processed by enough compute, Mossad does not need to have a prior interest in you in order for you to fit a profile that they are interested in.
Anyone else see all the drones flying over a peaceful No Kings assembly?
