» ‘Security Trade-Offs’

John Gruber on a missed point in some of the hair-pulling about the celebrity photo theft.

Don’t trust Apple “with any of your data” isn’t just wrong because it’s a hyperbolic overreaction, it’s wrong because it’s potentially dangerous. What has been mostly overlooked in the reaction to this photo leak scandal, and completely lost in Auerbach’s argument, is that backups are a form of security — in the same sense that life insurance is a form of security for your children and spouse.

The Slate post he links to by David Auerbach isn’t the only ridiculous overreaction I’ve seen. Given the current state of security, Apple should rightly be chastised for one thing: allowing unlimited attempts at entering your Find My iPhone password for as long as it did. Yet, Auerback and others write pieces lambasting Apple for security practices shared throughout the industry. If you’re going to lambast Apple for those practices, you have to lambast everyone. Otherwise you’re implying that switching vendors will solve your problem. I guarantee you that someone somewhere is thinking they’ll be safer by switching to Android, while nothing could be further from the truth. Android obviously has its own security problems.

If not forcing two-factor authentication or failing to make security questions more secure is a pox then it’s a pox on all the houses.