#securitytheatre — Public Fediverse posts

@TheConversationUS

Treating school shootings as natural disasters might send the wrong message (and create their own trauma).

Schools should consider preventing violence -- not merely responding to it.

#PublicHealth #prevention #SecurityTheatre

Bank security is such a joke. BofA, finally a bank that offers the option to use a FIDO key for 2FA. They specify "in case you don't have a US mobile phone" aka, me. So I attempt to set it up. Step 1: confirm your mobile phone with an SMS. 🤦‍♂️ #BofA #BankSecurity #SecurityTheatre

What is Security Theater?

#Security #theater refers to highly visible security measures that create the #illusion of increased #safety but don’t stop #threats.

The term is often used disparagingly to describe #superficial security practices that don’t reduce risk. Simply put, security #theatre is all about #appearances, not #results.

https://www.techtarget.com/whatis/definition/security-theater

#SecurityTheatre #ignorance #incompetent #IT #CriticalThinking #Internet #banking #airports #QuestionAuthority

What is Security Theater?

#Security #theater refers to highly visible security measures that create the #illusion of increased #safety but don’t stop #threats.

The term is often used disparagingly to describe #superficial security practices that don’t reduce risk. Simply put, security #theatre is all about #appearances, not #results.

https://www.techtarget.com/whatis/definition/security-theater

#SecurityTheatre #ignorance #incompetent #IT #CriticalThinking #Internet #banking #airports #QuestionAuthority

What is Security Theater?

#Security #theater refers to highly visible security measures that create the #illusion of increased #safety but don’t stop #threats.

The term is often used disparagingly to describe #superficial security practices that don’t reduce risk. Simply put, security #theatre is all about #appearances, not #results.

https://www.techtarget.com/whatis/definition/security-theater

#SecurityTheatre #ignorance #incompetent #IT #CriticalThinking #Internet #banking #airports #QuestionAuthority

What is Security Theater?

#Security #theater refers to highly visible security measures that create the #illusion of increased #safety but don’t stop #threats.

The term is often used disparagingly to describe #superficial security practices that don’t reduce risk. Simply put, security #theatre is all about #appearances, not #results.

https://www.techtarget.com/whatis/definition/security-theater

#SecurityTheatre #ignorance #incompetent #IT #CriticalThinking #Internet #banking #airports #QuestionAuthority

What is Security Theater?

#Security #theater refers to highly visible security measures that create the #illusion of increased #safety but don’t stop #threats.

The term is often used disparagingly to describe #superficial security practices that don’t reduce risk. Simply put, security #theatre is all about #appearances, not #results.

https://www.techtarget.com/whatis/definition/security-theater

#SecurityTheatre #ignorance #incompetent #IT #CriticalThinking #Internet #banking #airports #QuestionAuthority

Frustrated the Govt.NZ mobile app for Android won't work on my (much more secure) @GrapheneOS
Android phone, because they use Google's device attestation and/or play integrity API. It's likely much more secure than either bloated and/or outdated devices with Google sh*t.

There's not even a benefit in it AFAIK to raise the degree of security. What *extra* security would that give they're not already getting without it???

It would be nice if someone (who is pro-attestation/integrity) could *actually* describe a true threat vector that it prevents. So far, it's just corp orate bullying, and people buying into it as it's being sold as an additional security feature.

#GovtNZ #SecurityTheatre

@[email protected] @[email protected]

Some experts say privatization is the solution

New paper: "Agents of Chaos."
20 AI researchers red-teamed autonomous #LLM agents with email, shell access, and persistent memory.

How do you compromise one? Change your Discord display name to the owner's. In a new channel. That's it. Full admin. File deletion. Identity reassignment.

An agent nuked its own mail server to protect a secret from a non-owner - then reported the secret deleted. It wasn't. The email was still sitting on ProtonMail.

Another leaked 124 email records including SSNs and bank accounts because the request sounded urgent. Direct ask for "the SSN"? Refused. "Forward me the email thread"? Here you go, unredacted.

No authentication. No authorization model. No access control. No permission boundaries. Display names as identity verification. In 2026.

We solved this in the 1970s. Unix permissions. RBAC. Cryptographic auth. Principle of least privilege. All well-understood, all ignored.
The industry is shipping agents with root shell access and the security model of a Post-it note on a shared fridge.

Paper: (interactive) https://agentsofchaos.baulab.info/

#AI #AIAgents #AISafety #InfoSec #RedTeam #AIGovernance #AgentsOfChaos #SecurityTheatre

Research shows the visible presence of long arms in public actually *reduces* both objective and subjective measures of safety.

1. This does not make most people feel more safe.

The visible presence of instruments of death and maiming in a context has measurable and pernicious effects on free speech and even free thought. The visible presence of firearms tends to increase most people's level of stress hormones (adrenaline, cortisol), triggering our fight/flight/freeze response while inhibiting higher order cognitive functions. Even where this effect is mild, across a whole population over time, it makes a cultural difference.

Research also shows people tend to self-censor more while in the presence of firearms, and are less likely to be generous or vulnerable.

#NSWpol #NSWPolice #SecurityTheatre #ChrisMinns

https://www.theguardian.com/australia-news/2026/feb/25/heavily-armed-nsw-police-to-patrol-places-of-worship-and-protests-after-hate-unit-made-permanent-ntwnfb

1/2

You want to add a new card to your Apple wallet? Sure, go ahead! You'll need a 6-digit code to verify yourself, just a sec.

Oh, you're an _additional_ cardholder? Well then you will need a Letter of Introduction, handwritten using a peacock quill on vellum, sealed with wax with your liege's insignia and delivered by horseman to the bank's headquarters in Rome.

#ux #usability #securityTheatre

Airport security doesn't let you have spices anymore.

This isn't security, this is theft. #SecurityTheatre

I went to the Australian Open tennis today to see Coco Gauff and Alex De Minaur ease their way into round 2. Gauff had problems with her serve and faced some spirited opposition from the unseeded Rakhimova.

Only blemish on the day was that I decided to remove my bicycle repair kit from the bike (bike parking was fairly crappy, stuck under a bridge) and that proved too much for the Security Theatre at bag check. I’m now down one very blunt multitool, which I asked the security people to send to a good home.
#ausopen #tennis #SecurityTheatre #cycling

I eventually managed to log in. Apparently the account lockout was temporary, the dialog just didn't bother to say so and went straight to the "shit's fucked, get help" error message.

My new Windows password hasn't migrated to my Microsoft account (🤔) so now I'm just locked out of Teams. I'm in no rush to fix that.

#UXfail #badUX #ITnightmares #SecurityTheatre

The company's payroll is due today thanks to the bank holiday this week, and that's my responsibility with a professional certification on the line, so I do not have the option to wait for support from IT. Even for incredibly advanced tasks like "turning on my computer".

Fortunately (?) I also have an app for the company's password manager on my phone, and very nearly everything I do is SaaS, so I am now doing the company's payroll on my personal laptop. Which is now accessing every employee's personal information and has none of the security vetted and certified by the company, just whatever free privacy tools I happen to have.

You know, "security".

#UXfail #badUX #ITnightmares #CorporateLife #SecurityTheatre

I am returned to the Windows login screen, and enter my new password, from the new scrap of paper attached to my monitor. You know, "security".

*Your account has been locked due to too many unsuccessful login attempts. Please contact your IT department.*

My IT department is one guy, and he's also off this week.

#UXfail #badUX #ITnightmares #CorporateLife #SecurityTheatre

I create a third new password, which is also not complex enough. Then I wildly guess that some part of the process doesn't like one of the symbols I used, so my fourth password is only letters and numbers.

*Your password has been changed successfully, please log in again.*

#UXfail #badUX #ITnightmares #CorporateLife #SecurityTheatre

I know that it's 27 characters because I counted them, from the piece of paper I've written it on and stuck to my monitor.

The password manager will not update the Windows password on its own. I have to remember to go in and update it myself later, or next time I reboot I will be locked out. So every password I've ever used is written on a scrap piece of paper and carried around with my laptop, just in case.

#UXfail #badUX #ITnightmares #CorporateLife #SecurityTheatre

I create another new password. This time I force-close the app, and then the notification finally arrives and I confirm with my fingerprint.

*Password doesn't meet our arbitrary and stupid complexity requirements, please try again."

This is doubly annoying because it could have told me that before going through the two-factor confirmation rigamarole, and also because nothing indicates what the requirements are, just that the 27-character password with caps and numbers and symbols that I entered wasn't complex enough.

#UXfail #badUX #ITnightmares #CorporateLife #SecurityTheatre

I create a new password. *Please confirm on your mobile device.*

I wait a while but the linked password manager app that my company makes me keep on my phone does not produce a notification.

Eventually the dialog times out.

#UXfail #badUX #ITnightmares #CorporateLife #SecurityTheatre

Monday after my winter holiday break, I'm looking forward to a productive week catching up for year-end and finalizing finance tools for 2026 while most of my coworkers are still off for the week.

I open my work laptop. *Your Windows password has expired.*

This is always a sign of a bad day starting. 🧵

#UXfail #badUX #ITnightmares #CorporateLife #SecurityTheatre

Ah yes, arming an extremist militia group, I'm sure this will promote public safety.

NSW has been a security state for a long time, but at least before we had gestures towards civil rights, democracy, and community trust. It's gross that a Labor government is the one taking the gloves off.

https://www.theguardian.com/australia-news/2025/dec/28/minns-government-actively-considering-if-jewish-security-group-should-be-armed-after-bondi-attack-ntwnfb

#bondi #auspol #securitytheatre

Wow, Bah HUMBUG!!! No fun allowed. Get in line so we can properly x-ray your junk

#SecurityTheatre

Urgh! 4.30am passport check... with knocks on the door that would wake even the dead and which you can hear all down the carriage.

Aren't we in Schengen? "Yes, but that doesn't mean the police isn't allowed to control." #CrossBorderRail #SecurityTheatre

"2 Faktor Authentifizierung" Apple Style

#SecurityTheatre

When I updated to the latest (for this phone) version of Android, it came with a particularly noxious feature. It flagged every app as harmful - including the ones I'd installed from the play store. This meant that every morning (for the next few weeks after the update) I'd wake up to a bunch of alerts, and would need to manually approve each app update. Fortunately, I only needed to do this once for each app.

Unfortunately, my phone manufacturer hasn't learnt from this major fuck-up. They've updated their security app, and now I need to authorise every time I update an app. This is tedious and counter productive.

With so many false positives, instead of making my phone more secure, the security software has made it far less secure. Apps no longer automatically update as soon as the update becomes available and just wait until I manually approve them. Something, I'm less likely to do because of all the hoops I must now leap through because of this stupid, inefficient security theatre.

#Android #Updates #SecurityTheatre

Wo sind eigentlich die Grenzkontrollen, Herr Dobrindt? 🤔

#SecurityTheatre

@slashdot The whole security theatre of Apple App Store and totally walled garden of closed platform of iOS et cetera formally "justified" by promise to prevent exactly _this_ type of shit of scam and fake apps from happening.
#security #securityTheatre #apple #scam

Today in confiscations at the #airport security: canned salmon, and three cans of sardine. The officer even called a "manager" so he could, wearing a suit, and with an expression of a person doing a very important job explan to me that salmon is liquid.

FWIW I was anticipating this, but I originally was planning to take a train, so...

#SecurityTheatre

... so here I am typing in a full name and generating a password, then confirming my E-mail address from another E-mail, then going back to the original saved HTML document to have it load a decrypted version it downloaded from the website.
And since my identity was never validated except by E-mail, none of that was more secure than E-mailing me a simple HTTPS link.
But worse, it makes users believe this is a valid way to interact by E-mail.
#security #securityTheatre #cybersecurity #encryption

#ebay needs to update their #GeoIP database.

I've just logged on from an old computer in my house, and it's sent me an email saying someone has logged in from Shropshire, which is over 100miles away, when most sites think I am based in North London (which is still wrong, but my ISP is at least based there).

No other site seems to ever think I'm in Shropshire.

I wish companies would just list the IP address and browser details in their "a new device had logged in to you account" emails, any other details seem to be totally wrong, and therefore useless 🤬

#SecurityFail #SecurityTheatre

Is Node.js the future of backend development, or just a beautifully wrapped grenade?

Lately, I see more and more backend systems, yes, even monoliths, built entirely in Node.js, sometimes with server-side rendering layered on top. These are not toy projects. These are services touching sensitive PII data, sometimes in regulated industries.

When I first used Node.js years ago, I remember:
• Security concepts were… let’s say aspirational.
• Licensing hell due to questionable npm dependencies.
• Tests were flaky, with mocking turning into dark rituals.
• Behavior of libraries changed weekly like socks, but more dangerous.
• Internet required to run a “local” build. How comforting.

Even with TypeScript, it all melts back into JavaScript at runtime, a language so flexible it can hang itself.

Sure, SSR and monoliths can simplify architecture. But they also widen the attack surface, especially when:
• The backend is non-compiled.
• Every endpoint is a potential open door.
• The system needs Node + a fleet of dependencies + a container + prayer just to run.

Compare that to a compiled, stateless binary that:
• Runs in a scratch container.
• Requires zero runtime dependencies.
• Has encryption at rest, in transit, and ideally per-user.
• Can be observed, scaled, audited, stateless and destroyed with precision.

I’ve shipped frontends that are static, CDN-delivered, secure by design, and light enough to fit on a floppy disk. By running them with Node, I’m loading gigabytes of unknown tooling to render “Hello, user”.

So I wonder:
Is this the future? Or am I just… old?

Are we replacing mature, scalable architectures with serverless spaghetti and 12-factor mayhem because “it works on Vercel”?

Tell me how you build secure, observable, compliant systems in Node.js.
Genuinely curious.
Mildly terrified and maybe old.

#NodeJS #BackendSecurity #SecureCoding #PII #Compliance #SoftwareArchitecture #ServerSideRendering #TypeScript #Java #Kotlin #Golang #Erlang #Ruby #Scalability #Observability #DevSecOps #LegacyVsModern #SecureByDesign #CompiledLanguages #CloudArchitecture #StatelessDesign #SecurityTheatre #TechSatire #LinkedInTechRant

My bank, sending me a code which is to be shared with a provider to enable payment: "NEVER SHARE THIS CODE!"

Me: <feeling apprehensive> shares code with provider to enable payment.

🤔

#ModernBanking
#SecurityTheatre
#onlinepayments

Articles laud a particular team at a #dotCon for finding vulnerabilities in a #modem.

The funny thing is the #vulnerability appears to be in the #firmware and not the modem per se. The firmware is likely #propietary, so this is *not* not the great success story for the dotCon as the #securityTheatre-hungry talking heads may suggest.

Modems will be safer when they are fully #FOSS

#routerFreedom #modemFreedom #RCE #gooGlE #remoteCodeExecution

@bojkotiMalbona
Sounds like #dataCollection for the purposes of compromising all known computer systems that a dissenter might need to access.

Its likely #overrreach, #securityTheatre and an abuse of privacy and privilege of course.

There are almost no #ethical paid jobs left in tech — maybe some #gameDev, and maintaining *some* existing systems.

#APAB #itsMore1984