2015-10-03 0:01 GMT+02:00 Shelley <shelley@misanthropia.org>:
Using one of those file hosting sites provides a greater level of
convenience. Perhaps so much greater that without that level of convenience
it would hardly be possible at all.

 I'm surprised to hear that come from you.  I've never used a cloud backup and the most I've ever lost is a day or two's worth of data/ media.  I have redundant backups.  It's not difficult (it truly isn't, I'm not trying to be snotty.)

*possible at all for them

I'm trying to argue we need more convenient + secure services/applications/workflows/etc. because apparently security wasn't worth it for the reporters.

I'm also aware of the exceedingly detrimental effect copyright law has had on general filesharing. Somehow information controls, huge dangers to freedom of speech, are permissible because ideas aren't free but instead licensable at owner's whims. 


Reg backups - I think you have a far better way of managing things than I do. It was actually on my mind to fix within the week (earlier if I'd have found a client-side-crypto-cloud-backup-thing). There's no excuse really - I just kept delaying it because I never /actually/ lost data before (I always had a backup somewhere). I've never been very systematic about it and it feels totally off that it isn't already automated in our operating systems. (/vent... losing data hurts)
 
The consumers don't care to invest in
security very much, in fact, hardly at all.

 Do you mean the same lusers who broadcast the fact that they're on vacation all over Failbook, post photos with GPS enabled and are then surprised when their home is burglarized?

I mean so many of them that we do not have much security now. (btw: geotagging is cool, it's bad for security, but so are all pictures)
 
* full disk crypto is not a thing in androidland ;(

 Sadly, it's not a "thing" anywhere right now.  Not when EC has been intentionally weakened, etc.  Hell, even if crApple did have true full disc encryption, I wouldn't use their closed source crapware.

I actually lost (a test server's) data before because I crypted it and locked it up - and forgot the horrendously complicated extra-long passkeys. Since then I opt for something easier to remember/derive, because everything else is detrimental to security. Making physical notes means "import sec.physical" which is a foolhardy proposition.
 
tl;dr: javascript could be fine if we'd have secure software - as it is
HTML/CSS/images/videos/etc are all also dangerous. Top level security seems
(and often is) useless - therefore we don't really have it (even when we'd
like it so very much) unless we keep ourselves from essential features.

 "Essential" is very much a subjective term.  I don't mind most of my web browsing experience looking like plaintext (in fact, I much prefer it.)  However, I understand most people do not want to use the web in that way.  We all make concessions we consider acceptable, sacrificing privacy/security for convenience.  I'm guilty of it, too.  Anyone with a smartphone and a credit/debit card is as well.
 
It makes you slower. Incompatibility makes you slower. Slowness makes you irrelevant. Slowness equals failure. (depending on how much slower you'll be, of course) I say this because it sometimes seems strategically so.