I'm no security buff. Sure, I know enough to make sure that the basics of my sites are good to go; I'm not about to release a system with forms ready for injection, but at the same time, if you looked me in the eyes and asked me how exactly an HTTPS connection is encoded, I'd simply smile and change the subject.
Recently, I have been noticing two trends, one of the general public and one of the tinfoil hat wearing CS crowd. Actually, make it three trends, but I will get to that one later. Let's start with the first two, and how about we make things simple and use the easiest target we have right now: Google.
To the general user, Google is straight magic. Type in words, get results. Recently, Google has begun to use more and more gathered information to help tweak the results of their search in order to provide better service to their users. To me, this is a good move! I get better results based on what I tend to search for? Sign me up! To the general public, this is transparent, and simply looks like Google is doing a good job, perhaps a little better than what they used to do. Then there's the hatters. "Big brother is watching! Personal information is being intruded upon and EULAs are destroying the universe! Don't use Google! Use duckduckgo!"
To be fair, most of the people I am talking about are not crazy. Not at all. In fact, they are much smarter and well versed in this field than I am and I should probably listen to them more. The problem is that while yes, they are being safe, they are shutting down a huge area of innovation - personalization from use.
The real issue comes from the third category I mentioned before: the people who don't understand the matters, but hear buzzwords from the security buffs. That is when you get the headlines, and that is when it all leaks out to the general public, and that is when the "magic" turns into Skynet. This causes a lot of issues for the developer, causing people to not trust most services, just because of a few bad apples. It is a touchy topic indeed, because those bad apples do tend to be really bad apples, but when it gets to the point where we shelter ourselves from some of the better uses of these "big brother" type systems, it is really just counter-productive.
Let's be clear here, nobody at Google is sitting there, reading off what searches your account has made, laughing at you when "male enhancement" shows up. Nobody is reading through your juicy emails and going, "Hey! Mark! Take a look at what this guy has been doing!" That is just silly. The problem is, the real security buff probably know this, but the way they talk makes the spillover sound like it really is happening.
At this point, I've done nothing but bash the buffs, yet the title says "Thank You." That is because we really do owe it to the "foil hatters" who take the time to be skeptical about everything. If it weren't for the people who don't trust a thing and instead roll their own answer to some problems, we wouldn't have a lot of the great services around today, and the open source world would be crippled. On top of that, you help tighten everything up by calling out these intrusions of privacy, and when they really are intrusions, you get them fixed. At the end of the day, you're just doing your part, and for that I thank you.