I’ll use this analogy: Do you hate seatbelt reminders in cars? It’s the same concept. You’re putting a lot of trust in people that just isn’t going to work out well in the long run, as was seen with countless people continuing to ignore seatbelt safety for generations until it was forcefed into the culture. I view cybersecurity reminders the same way, where lots of people ignore it until it’s forcefed into the collective to be taken seriously.
Those who hate it because they already take it seriously, will just figure out how to quiet the alarms/notices and/or move on. Again, I get that you’re essentially saying, “but it’s the principle of the matter!” I just don’t think it’s that big of a deal, as I’d rather be comforted knowing that my friends and family who send me videos/pictures/random crap are doing so from a device that isn’t as likely to be completely compromised.
I’ll use this analogy: Do you hate seatbelt reminders in cars? It’s the same concept.
AFAIK the government that I pay taxes to doesn’t demand seat belt reminders. Instead it fines people for not using the belt. (I’m not sure though; I don’t own a car.)
That said, working with your example: the risk associated with not applying a security patch, on typical conditions, is way smaller than the one of not using a belt; one is at worst ransomware and personal data leakage, another is literally losing one’s own life (or worse, getting brain damage). So it’s apples and oranges.
Even then I think that my view is consistent between both situations:
The devs / car makers should offer the reminder
They should instruct users why that feature is there, and why it’s a bad idea to turn it off.
Even then you should be able to deactivate that feature, if for some reason you want to do so.
Trying to prevent the user / car owner from deactivating the nagging boils down to the devs / car makers stepping over their boundaries, assuming that the user is something lacking human-like rationality, and assuming that there are no reasonable motivations to do so.
If the software user / car owner causes himself harm by deactivating it, that’s their problem. And if they cause damage for someone else, they need to be held accountable for it, no matter their “intention” (whatever this means).
You’re putting a lot of trust in people that just isn’t going to work out well in the long run
You’re assuming that I trust people to not fuck it up; I don’t.
Instead what I think that, if and when they fuck it up, they should own their actions, instead of effectively being a dead weight for everyone else. “Oh noes, I got a vyrus lol!!!1” - that’s their problem, not mine.
Those who hate it because they already take it seriously, will just figure out how to quiet the alarms/notices and/or move on.
I’ll use this analogy: Do you hate seatbelt reminders in cars? It’s the same concept. You’re putting a lot of trust in people that just isn’t going to work out well in the long run, as was seen with countless people continuing to ignore seatbelt safety for generations until it was forcefed into the culture. I view cybersecurity reminders the same way, where lots of people ignore it until it’s forcefed into the collective to be taken seriously.
Those who hate it because they already take it seriously, will just figure out how to quiet the alarms/notices and/or move on. Again, I get that you’re essentially saying, “but it’s the principle of the matter!” I just don’t think it’s that big of a deal, as I’d rather be comforted knowing that my friends and family who send me videos/pictures/random crap are doing so from a device that isn’t as likely to be completely compromised.
AFAIK the government that I pay taxes to doesn’t demand seat belt reminders. Instead it fines people for not using the belt. (I’m not sure though; I don’t own a car.)
That said, working with your example: the risk associated with not applying a security patch, on typical conditions, is way smaller than the one of not using a belt; one is at worst ransomware and personal data leakage, another is literally losing one’s own life (or worse, getting brain damage). So it’s apples and oranges.
Even then I think that my view is consistent between both situations:
You’re assuming that I trust people to not fuck it up; I don’t.
Instead what I think that, if and when they fuck it up, they should own their actions, instead of effectively being a dead weight for everyone else. “Oh noes, I got a vyrus lol!!!1” - that’s their problem, not mine.
A lot of times, there’s no way.