Fear mongering

Ronan Farrow tells people to restart their phone every day.

“DNSFilter has found that one in every 644 clicks on unsubscribe links that say ‘click here to unsubscribe’ leads users to potentially malicious websites” – From “Think Twice Before You Click ‘Unsubscribe’” in The Wall Street Journal

Good gravy, I have seen so much misguided fear mongering lately. Like, there’s stuff to be legitimately concerned and vigilant about, but in so many ways that comes down to:

1. Be careful what you click on.
2. When you do click on something, make sure it’s the right thing.
3. Don’t enter your email address or password on a webpage you got to by clicking a link in an email. Go to the site manually and then log in.
4. When you enter your password for that thing, make sure it is a strong password that is different from every other password you use, and that is stored in a password manager.
5. Most things should ask you for a one-time two-factor security code, provided by the same password manager.
6. If you do enter your password into a bogus thing, immediately change your password in the real thing.

The WSJ article isn’t wrong, but they should start it with, “You should absolutely be ready to hit “unsubscribe” on any email you know to be legitimate, which are from legitimate entities that just want to tell you something you might actually wanna know or to sell you something you might actually like. and those entities don’t want to run afoul of the federal CAN-SPAM act, which requires they have an unsubscribe link.” And then talk about the 1-in-644 statistic.

But yeah, if you’re someone who just clicks on every damn thing you see on the Internet, your email inbox probably looks pretty horrorshow anyway, so good luck to ya.

Meanwhile, about restarting your phone every day: That’s insane, or at least irresponsible guidance. It is very unlikely to help if you actually have spyware installed. And Farrow doesn’t highlight how hard it is to get spyware on a phone, almost certainly requiring a targeted attack on an individual, spending time tricking them into installing it.

Instead, Farrow should be talking about passwords and multi-factor authentication, but that doesn’t fit into a soundbite nearly as well as saying that people should be more “freaked out.” They should be vigilant and thoughtful.

Rant over.