Bruh, you’re kind. “Experts” have warned me that I am here spreading FUD.
I think the labels are the problem. It could really just say, L0, L1, L3, … without attaching words to it, which is I believe Jonah’s intention (explained here).
… because, in my eyes, anyone who anoints themself an “expert” is most certainly not one, like you suspect. I briefly touched upon about this once on some blog. Reproducing:
Privacy and security are very serious topics in our industry. The advances made in the recent years are nothing short of astonishing. Let’s Encrypt , who vend free TLS certificates, now power over 200 million websites. The TLS v1.3 standard drafted by E. Rescorla CTO at Mozilla, is 160+ pages long, took 4 years to draft, has contributions from industry experts from around the world, and is a document full of considerations for end-user’s privacy and security. On the other hand, engineers and cryptographers at Signal are pushing the envelope, going where any competent privacy and security conscious organization would aspire to go. Read this preview of just how they secure a user’s PIN: state-of-the-art and expensive but that didn’t deter them one bit (note: upcoming OPAQUE standard may be a cheaper way to accomplish a similar feat, curious reader). Despite stronger protections on Android, attacks that exfiltrate data are a reality and the world’s most vulnerable professionals are at most risk.
If the Meltdown and Spectre exploits are any indicator, the stakes are very high and it is easy to see why companies, even the ones that get a bad rap for privacy, go to extreme lengths to secure their user’s data. The recent supply-chain exploits make it clear that the Information Security industry is no place for ego-building or showcasing fake mastery of forbidden arts. Very capable engineers, academics, cryptographers, and hackers have all had their fair share of fails in the face of scrutiny that their work invites. That’s the nature of the beast. The best among us, keep their heads down, and off to work they go month after month, year after year, to mitigate threats, and address exploits with utmost consideration, with their hubris, arrogance, and pride firmly tucked away. After all, by being cordial and humble is how the industry got here. If Dan Kaminsky were alive, he’d tell you this is how all of this is supposed to work. There is no competition here, just progress, hand-in-hand, and that’s all that matters.