• federico3@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    3 years ago

    This statements can be profoundly misleading when taken without context.

    Security is complex and multi-faceted. It needs to be understood with the proper context:

    • what type of user are we protecting: skilled, unskilled, an entire company? An entire nation?
    • what type of data are we protecting: a database? The user email address, browsing activity, connection metadata?
    • what is the threat model or the attacker: a simple email scam? Surveillance from big companies? Targeted attack from a nation state?

    The majority of security breaches are surprisingly low-tech (phishing, guessable password…, stalkerware, built-in telemetries)

    Without context an article that goes “Linux being secure is a common misconception in the security and privacy realm.” can easily fuel FUD.