In this op-ed, a cybersecurity researcher argues that major companies are leaving customers at risk by not enforcing security by default. The opinions expressed here do not necessarily represent the opinions of Ars Technica.
Major social networks, e-mail providers, and communications companies offer products with insecure default settings, needlessly exposing their customers to hacking, identity theft, and government surveillance. Some firms offer security options that can be used to protect against common attacks; however, they are frequently so hidden in obscure configuration menus as to be invisible to the average user. Consequently, most consumers don't know about these options, and so they neither seek them out nor enable them.