@whitequark Agreed, though that implicitly assumes people have reasoned and more-or-less explicit threat models at all. I'd be willing to bet that's not the case for a lot of people who are either privileged enough to not need to immediately care, or who do not have the technical expertise and/or community support to reasonably assess their infosec posture.