stop taking security advice from tech influencers
i don’t know what it is but it really irks me to see random non-security (though maybe tech-literate) people online try to give their 2 cents on security advice. i imagine this must be pretty common for people in most professions hearing outsiders speak about their particular specialty, but still. they tend to be wrong/misguided in around 90% of their takes and understandably so. it’s a bit grating that they still feel comfortable giving advice to their audiences about how to be “secure”. they even have strong opinions about things! this mostly tends to lean towards the ones who know just enough to be a little paranoid and nowhere near enough to understand threat modeling or even the fundamental principles of confidentiality, integrity, and availability.
if it’s not clear, i’m mainly talking about content creators. it is a bit funny to hear them get on their soapbox and preach on the 1000 ridiculous choices they’ve made to be “more secure”. but it’s mostly just annoying. sometimes their hearts are in the right place and they’re just trying to educate people, which i can appreciate. but more frequently it’s just someone who’s maybe only recently become aware of security stuff and picked up some terminology.
even better is when they know the term “threat modeling” and then still go on to give security advice that would be most useful against nation-state actors while glossing over all of the fundamentals that make 90% of the difference for average users.
giving shitty security advice can have actual consequences for people who take that advice and think they’re safe. but it’s probably harmless in most cases, so whatever.