nowadays 98% of things implying "security" are actually unwanted products, protections for "the other side" or trivial distortions of reality where, conveyed by "security" itself, the user himself becomes the product
- no, I don't need protections for the side channel, I never asked for them
- no, I don't need a unique identifier, who is the demented person who asked you for it
- no, I am not going to glitch the power supply, and even if I did it means I am interested in doing it and wish it worked instead I was prevented from doing it
- no, I don't care at all about having a hw store for certificates, which are ephemeral and dropped from above anyway so what am I supposed to trust?
- and so on
"not secure by design" nowadays comes close to being a coveted feature
replies(9):