It is great that people are becoming more and more aware of this. But I genuinely don't think it's enough.

I mean, I agree with A). I'm right here with you hoping for a better world. And slowly but steadily, more people seem to care about privacy and security. Just a few days ago the 300,000 signature milestone was reached for initiating a referendum about a new mass surveillance law. Public awareness is growing and I love that.

But I don't think it is enough. Public awareness means that the low hanging fruit of insecurity is getting caught: I don't know anyone my age who isn't careful about their social media presence, and most people know not to connect to any WiFi network that looks free.

The main reason I linked to that discussion and the core of my argument is that we're now seeing fuckups so massive, so far-reaching that there is nothing you or I can do about it. Awareness is futile against an entire WPA protocol being insecure. Similarly, there will be companies that have your data, and they will at some point fuck up royally, and there is no researching or 'adjusting your behaviour' or bear spray that can stop it. Take Equifax: it's an oligopoly of three credit agencies, so there isn't enough pressure on any of those to get them to change their behaviour. Especially not since their real customers are the companies that buy their data. Maybe the government manages to break the market up or sets strict rules, and I really hope they do for the sake of everyone involved, but I highly doubt it.

I mean, it used to be just email / credit card data, like when Target or Adobe messed up. Now it's home addresses, SSNs, full names. Identity thefts are going to have a field day. What can normal people even do against that? Bear spray doesn't do shit against a tsunami.