> you’re either dealing with Mossad or not-Mossad.
No, you’re leaving out one very important class of actors, which I will call the NSA: The NSA, and others like them, unlike Mossad, are not after you personally, in that they don't want to do anything to you. Not immediately. Not now. They simply want to get to know you better. They are gathering information. All the information. What you do, what you buy, how you vote, what you think. And they want to do this to everybody, all the time. This might or not bite you in the future. You seems to imply that since nothing immediately bad is happening by using slightly bad security, then it’s OK and we shouldn’t worry about it, since Mossad is not after us. I think that we should have a slightly longer view of what allowing NSA (et al.) to know everything about everybody would mean, and who NSA could some day give this information to, and what those people could do with the information. You have to think a few steps ahead to realize the danger.
The NSA _is_ Mossad. The NSA has means way beyond what an individual actor has. The NSA splices cables and taps directly into ISPs and large companies to vacuum up all your data. Do they read your encrypted data ? Maybe not. But the moment you truly become interesting to them, they _will_ have a wrench to make you give out the password. Don't kid yourself.
All that is true. What I was criticizing was the logic of the linked paper, which went, essentially: ‘When I do slightly insecure things, nothing bad observably happens. Therefore, Mossad must not be after me. It follows that it’s OK to not be very secure, since only Mossad could break through my security anyway’. This logic is faulty for the reason I wrote; your slightly bad security can be broken without you necessarily knowing about it, since the reason the entities I termed “the NSA” have for breaking your security is different from the reason which what he termed “Mossad” has.
No, you’re leaving out one very important class of actors, which I will call the NSA: The NSA, and others like them, unlike Mossad, are not after you personally, in that they don't want to do anything to you. Not immediately. Not now. They simply want to get to know you better. They are gathering information. All the information. What you do, what you buy, how you vote, what you think. And they want to do this to everybody, all the time. This might or not bite you in the future. You seems to imply that since nothing immediately bad is happening by using slightly bad security, then it’s OK and we shouldn’t worry about it, since Mossad is not after us. I think that we should have a slightly longer view of what allowing NSA (et al.) to know everything about everybody would mean, and who NSA could some day give this information to, and what those people could do with the information. You have to think a few steps ahead to realize the danger.
(This has been a partial repost of a comment written a year ago: https://news.ycombinator.com/item?id=23572778)