Information security always seems like a hot topic within media and technology reporting circles. The Snowden leaks pushed the concept of digital surveillance into the mainstream, and many users and commentators were wringing their hands and clutching their pearls. But when it comes to actually changing behaviors, the industry and users are notoriously slow.
In the wake of Heartbleed, one of the worst security flaws of recent memory, only 39 percent of users bothered to take any action to try to protect themselves. The demographic that had heard most about Heartbleed, and was subsequently most worried, were college-educated households. So essentially, security is only a concern to nerds.
Indeed, it seems the average Internet user doesn’t care about online security. According to The Verge contributor Russell Brandom, most users aren’t willing to put up with the hassle of something as simple as two-factor authentication. He distills the problem well, using the example of a PayPal bug that left a cookie behind, which could easily be used to break two-factor authentication.
“Just disable the cookie and make eBay users log in the old-fashioned way,” Brandom writes. “But if PayPal did that, fewer users would link the accounts and it would cost the company money — more money than they’re likely to lose as a result of this bug. Given the choice between security and usability, companies will take usability every time.”
And given the opportunity, users will choose usability, too. Every time we hear about a security bug, it’s something terrifying. Still, the problem goes unpatched and people continue to use the app en-masse. Case in point: Snapchat.
“The problem isn’t that we can’t protect ourselves, but that we don’t want to,” Brandom writes.