[Discuss] Most common (or Most important) privacy leaks

[Rich Braun]

You can lead a (pick the animal) to water but you can't make 'em drink. 
That's how I feel about LastPass, which suffers from two gigantic human flaws:

1) Non-sophisticated users can & will forget the master password -- in short
order -- regardless of how much you warn them that there's no escrow key, no
forgot-password recovery link.

2) By centralizing all your passwords on a service that's got 90%+ of
market-share, even a sophisticated user is vulnerable to coercion.  A violent
thug need only notice a Bank of America statement in your postal mail before
sitting you down in front of a laptop, gun in your face, demanding your bank
credentials and hence your LastPass master key.  LastPass provides no tools
for plausible-deniability of the existence of secondary access codes, so
chances are that most of us facing a (hopefully-rare) extortion situation
would be giving up the online keys to every single one of our assets at once.

I haven't figured out how to solve #1 for my friends/family, and I think #2 is
worth solving as cyber-crime increases over the next decade.

-rich