This World of Ours (2014) [pdf]

Original Article ↗ Hacker News Discussion ↗

Appreciation and style of the essay

  • Many commenters love this and other essays by the same author (“The Slow Winter”, “The Night Watch”), sharing stories of dramatic readings that left rooms in stitches.
  • Others find the style “word salad” or dated, arguing that what once felt fresh internet humor now feels derivative.
  • Despite style criticism, even detractors concede there are sharp insights about security culture embedded in the comedy.

Mossad threat model and real‑world security

  • The “Mossad vs not‑Mossad” framing is heavily debated.
    • Supporters see it as a useful way to puncture overcomplicated academic models and remind people that truly elite adversaries will just bypass crypto.
    • Critics call it a “false dichotomy” that ignores nuanced threat models (activists, small orgs, mass surveillance) and may encourage fatalism (“if it’s hopeless against Mossad, why bother at all”).
  • Several point out that state agencies are fallible (intelligence failures, bureaucratic variance, cost/benefit constraints), and that “Mossad as omnipotent” is more cultural myth than reality.
  • Others emphasize a third category: NSA‑like actors who want to surveil everyone cheaply, not assassinate specific people.

Everyday vs state‑level security practices

  • One recurring theme: “you don’t have to be unhackable, just not worth burning a novel capability on.”
  • Some advocate “gray man” behavior—staying unremarkable so powerful entities don’t invest serious resources in you—while others argue this is morally dubious or impossible in war zones or under tyranny.
  • There’s broad agreement that incremental practices (password managers, MFA, full‑disk encryption) matter a lot against common threats, even if they won’t stop a top-tier agency and even if perfect OPSEC is unattainable.

Hardware, supply chain, and PKI

  • Heated discussion around whether foundries and CPU vendors are an underappreciated attack surface (e.g., management engines, hardware backdoors), versus a distraction from more likely vulnerabilities.
  • Some argue owning or collectively auditing your own silicon would shrink the trust base; others counter that most people would only make themselves less secure compared to mainstream hardware.
  • On PKI, commenters echo the essay’s skepticism about “beautiful” decentralized schemes versus messy, centralized-but-working systems (Debian keys, SSH, commercial CAs).

Anonymity, Tor, and surveillance

  • Several push back on the essay’s Tor snark, stressing its life‑or‑death importance for whistleblowers, dissidents, and vulnerable groups, while acknowledging it also shelters serious crime.
  • Debate over strong anonymity:
    • Proponents envision a world where powerful agencies can’t even identify whose “phone to replace with uranium.”
    • Critics worry about astroturfing, bots, and state propaganda at scale.
  • Others highlight emerging threats like ubiquitous microphones and keyboard acoustic attacks, suggesting that even strong passwords are limited when audio can be harvested at massive scale.

Critique of academic security research

  • Commenters agree the essay accurately skewers academic tendencies:
    • Highly artificial adversary models and “proofs” that hinge on unrealistic constraints.
    • Protocols that assume perfect implementations and ignore operational realities.
    • Ideological decentralization demands from people who’ve never run large systems.
  • Some link to more formal papers making similar critiques, viewing the essay as a humorous but substantive intervention in how the field defines “security.”