How would you pursue others into an upgrade in security?

Title says it all, and if so how did you do it?
I would help my partners parents by getting a bitwarden account set up instead of having to writie then down or try to remember multiple passwords.

Betwarden should be easy to convince them. It remembers passwords for them and autofills them. More convenient & more secure! Just tell them what’s good about it and make sure to show them how to use it

You don’t. You can try, but usually it’s pointless. Sad, but true.

@zloo_regla Unfortunately more convenient is to have just one password for everything. And most of the people don’t care, they want to have easy life. Technology is complicated and this adds another layer of complications. You have to use some extension, you have to unlock it, not everytimes it works (badly written forms) and the password doesn’t fit the rules, so you have to generate it manually, sometimes it doesn’t save the login, etc … So, easier is just to use the same password and be done with it. That’s the reality.

I installed password manager to my family and explained. But anyway few of them already told me that they’re using it more just because of me. So - message not received.

Stand directly behind the person whom you are trying to convince while they are using their computer or phone.
When they become irritated by your looking over their shoulder, tell them you are simulating a government agency.

3 Likes

I have moved my dad to BitWarden. Also convinced him to set a password, and enable BitLocker. Removed 4 of the 5 anti-virus softwares he had installed, more isn’t better.

1 Like

for the mega paranoid

https://apricorn.com/

and

KeepassXC
https://keepassxc.org/

3 Likes

We can’t force folks to make better decisions for their security and privacy. In fact, the more pressure we put, the more likely it is that folks will push back, just like anything else that folks like to push to their friends and families.

What we can do is help folks see the importance of these things here and there, make recommendations when there’s a natural opportunity to do so, and otherwise be a resource for people when/if they start wanting to learn more. Just like it was a process for us, it’ll be a process for them. We also have to take into account their own threat models and how they or may not evolve.

5 Likes

Just wondering about something. Is there or should there be a minimum amount of privacy for the average American citizen? What would that look like? Would it even be acceptable?
Would having a minimum amount of privacy (some kind of basic privacy law) be an infringement on people’s freedom? When I look at EU privacy laws, I tend to not think so.

@InternetGhost What do you think? Did any of my questions make sense?

Of course, no question. That’s actually how I got them on board to bitwarden.
When they complain or think there isn’t a solution, then you can show them. If not, then not really much you can do other then when they do need guidance then it would be the right time.

1 Like

There should be. Privacy is a human right, and that includes the internet.
Sure just because its big tech people wave it off, but in some cases like Oracle where it wasn’t stressed to the consumer that data was being collected, or meta for health and student information.
No one should have to be spied on all the time and be tracked if the user has a choice to opt out.

3 Likes

I’m just thinking of some backwards thinking patriot who would balk at the idea of having privacy.

“I don’t want government forcing privacy on me!!!”

The counter argument would be, “So you want the government to have the right to spy on your personal information because it’s patriotic.”

Stand back and watch the smoke roll out the idiots ears.

Makes me rethink net neutrality all over again.
Somehow, there where people for it, at the expanse of speeds potentially being slowed and no benefit to the consumer.
But we got a burger king ad out of it so I guess its a win lol.

1 Like

@privacy_parrot damn good video. thanks.

I can understand why some people might think that the general population not being private from the government is a good thing. To some extent I believe that as well. For example, I’m not saying that the government shouldn’t have access to people’s information over the course of an investigation. What I am saying is that they should have to get a warrant.

If we rolled back time, I think the average person would agree that it’s super weird how we give away such a constant stream of information about ourselves just for the sake ads. Since when has advertising been so important in society that they should have all of this access into our lives? Like, what a weird corner of the business world to be the one to dominate people’s data?

If you gave folks the option in a perfect world, I think they would likely not agree with being monitored as much as we are now. The problem isn’t convincing them on principle. It’s that we feel that the only valid solutions are too complicated or not worth it given how trapped we are. All of the privacy mitigations we do in this community are really extra work that we shouldn’t have to be doing.

With all that said, I think the reasonable position would be a world that is much more private than it is now BUT still allowing for some access and standards where needed or wanted. What that looks like would probably be an interesting discussion to hash out in a separate topic!

1 Like

100%
Health and payment of course since how else can you survive.
Maybe paying under the table, but then health info isn’t something you can skip.
I don’t think I’m being watched, its until governments rely on Google or Ring where stuff gets a little creepy. Maybe I’m under or over thinking it. I’m not to sure.

Lead by example, mostly. Plant seeds whenever there are openings. Show them real life examples of what happens when we are careless.

Stuff like that, but also., nothing.

2 Likes

I tend to avoid hardware encrypted drives. They might be fine, but on more than one occasion a flaw has been found in the encryption of drives like these, and because it’s in hardware it can’t be patched. You’re probably better off with a standard drive and a secure FOSS software encryption solution like VeraCrypt.

They really only make sense if you absolutely need cross-platform compatibility, and you can’t install decryption software like VeraCrypt on the computers you’re plugging it in to.

@Jonah You are right. But take a moment read the following:
A friend of mine just recently purchased an encryption drive.
The package was sealed with security stickers and was certified by independent third party Technical Inspectors i.e. TÜV.
He bought the drive based on some independent research conducted on his part. He recognized some drives are garbage but the one he bought fit his demands which were third party testing and certifications.
Until now no one has been able to crack the kind of drive he purchased. Even if it was, the files contained within are encrypted with RSA and ECC. I’m inclined to think he’s a millionaire. :grinning:

I do have a couple of questions for you:
What happens to cryptography once three letter agencies are able to use quantum computers to mitigate software cryptography?
Will we have better FOSS encryption or will we shift to hardware?

I’m not sure it is… you still have to type the password whereas a password manager can autofill it for you

Well, not really. Usually people use the browser to remember the password.