• FutileRecipe@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        11 months ago

        N + X - Y ? N

        Except now you’re adding an additional party to trust (the -Y). So it could still be considered less secure than N.

        • ono@lemmy.ca
          link
          fedilink
          English
          arrow-up
          4
          ·
          11 months ago

          So it could still be considered less secure than N.

          It could be, or it could not be. Depends on the particulars, and on the needs of the individual.

          Mind, I’m not going around presuming to tell other people what’s better for them, as one or two others in this thread are doing. I’m just stating what’s a good fit for me.

          • FutileRecipe@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            11 months ago

            Depends on the particulars, and on the needs of the individual.

            That’s not really how things like security works. It’s either more secure or it’s not. The security of a thing does not depend on needs. Now, does the application of it or does someone need it to be more secure? That’s where risk acceptance and the needs of the individual come into play.

            I’m not going around presuming to tell other people what’s better for them, as one or two others in this thread are doing.

            Same. I’m not saying “stop doing this.” I’m just trying to educate people and make sure they’re not operating with a misunderstanding. Needs of the individual and all that. I think some people just go crazy for something that’s not big tech, and then quit looking at the particulars.

            • ono@lemmy.ca
              link
              fedilink
              English
              arrow-up
              3
              ·
              11 months ago

              Depends on the particulars, and on the needs of the individual.

              That’s not really how things like security works.

              If that were true, threat modeling wouldn’t exist. ;)

              I think some people just go crazy for something that’s not big tech, and then quit looking at the particulars.

              I expect that’s probably true. It’s safe to assume I’m not one of them, though. Cheers.

              • FutileRecipe@lemmy.world
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                11 months ago

                If that were true, threat modeling wouldn’t exist.

                I feel like we’re talking about different things. I’m talking about static concepts, if X is more secure than Y, not individual setups where something is tweaked. Threat modeling is tailoring the security to your needs. It doesn’t bend security of a static object or make the application of something less than what it is. It requires one’s actions to do that by not utilizing it.

                Take bullet proof glass, for example. Bullet proof glass is more secure than regular glass. Now, do you need (does your threat model require) bullet proof glass? No? Ok, that doesn’t mean bullet proof is now less secure than regular glass, it’s just unneeded.