Security and perception: an inverse relationship

Working in cybersecurity, I think a lot about the mismatch between actual security and the perception of security.

For instance, on September 10th 2001 did people living in the United States feel safer than they did on September 12th? Yes, they felt far safer. But ironically you could argue that on September 12th they were far safer than they were on September 10th, but there can be an inverse relationship between feeling safe and being safe.

When it comes to web3 security, the two main things people are terrified of: private key mismanagement (i.e. someone steals your keys and gets your funds) and getting scammed/drained (i.e. confirming a transaction that you think is legitimate but it actually was an approval to he network for a drainer to take your funds).

Most of the time people compartmentalize the fear of being scammed or drained and kinda ignore it. Or maybe think about it in passing when there’s something complicated or phishy they’re engaging in. But in some ways to be truly secure you need to think about it in the foreground, to ensure that the products you use and the practices you employ are secure — being paranoid and actively worrying about security — to actually be secure.

Yet people don’t want to think about it. Some builders we talk to seem reluctant to truly own the urgency of the problem. Security is invisible until there’s a problem, and suddenly it’s all that you can see. So what I’m trying to say is: if you feel safe for no other reason than nothing bad has happened, perhaps you should be more proactive and think about security.