[Discuss] Most common (or Most important) privacy leaks

[richb at pioneer.ci.net (Rich Braun)]

Ned Harvey said thus:
> The tiny grain of truth in your argument was that by forcing you
> to log into *any* password manager, they've gained access to *all*
> your stuff.  Which is an argument against using any password
> manager...
> Plausible deniability is important in some cases.  Not compatible with a
> password manager.

I have two scenarios to describe on this point:

1) Suppose the manager you used had multiple profiles that you could select
(say, a separate one for utility companies, another for brokerages, another
for banks, another for low-sensitivity websites)?

2) Suppose there were many different viable password-manager tools, instead of
just LastPass?

Item #1 could be compared to having multiple pockets in your
jacket/pants/money belt: if the robber suspects you have them, and has plenty
of time to check, they'll find the money in your inside/hidden pockets.  But
when traveling, I put money in separate pockets/places because it's that much
better-protected.

Item #2 basically comes down to how well the thieves/robbers know your
protection: ADT sells the most security systems, so any thief who invests the
effort will familiarize himself with ADT.  Today it's unlikely that a criminal
is particularly familiar with LastPass, but in a few more years of market
dominance, LastPass will be widely known among such folks.

I'll make one final point on this before I leave it alone, because (I assume)
consensus here on BLU is that I've lost my marbles and have gone off the deep
end with security-protection concerns (but hopefully at least some of y'all
are glad some of us in the systems-security biz contemplate worst-case
scenarios --device drivers in Target POS systems were, uh, targeted but Banana
Republic wasn't -- their executives have no idea who I am but are glad they've
got a tighter deployment system).  That point is this: why do elderly people
get targeted by con artists?  Shouldn't their years of wisdom protect against
ordinary scams?  Here's why wisdom != protection:  because most of us get set
in our ways and we no longer consider all the possibilities for new
vulnerabilities.  Older people are far easier pickings.

In the future, an extortionist will no longer need a weapon in your face.  New
modes of attack are emerging each year.  Bank robbers rob banks because that's
where the money is, and the online equivalent is that hackers rob big
companies because they've got more money and are easier to infiltrate. 
However, as corporate defenses improve, individuals will become more
attractive targets.

Enough said.

-rich