OR will NEVER win. A secure and/or private thing that you can't use simply CANNOT win vs something that actually works. If it doesn't work well being secure or anything missing the point why people even get the tool.
Sadly many companies totally miss that and think they'll get lucky. That's sort of sad.
That's true. The problem is: what is a good product? Good is relative to what the insecure garbage on the market is offering. You can move fast, drastically add complexity, keep it extra cheap, and so on if quality or security aren't on the table. So, a good product that meets one's needs can look like a bad one if it's secure and makes right tradeoffs vs the "good product" that sells its users out.
One simple example is how several companies did high assurance VPN's whose trusted computing base was very difficult to hack. Yet, to get there, they had to eliminate most features competition was adding to their all-in-one appliances. I pointed out one could just chain them together with the high assurance solution being the interface to untrusted network. Rest of functionality can be in next device. Even such a simple scenario was almost always rejected as it was cheaper or simpler to have one do-it-all(-like-crap) device.
Apply such logic throughout entire industry and we have whole, insecure stacks that can't be made better without sacrifice. Nonetheless, companies keep trying with medium-assurance, full-featured appliances that are easy to configure. They sell very few and most go out of business. Enough said.
I think this differs highly per region. In some European countries, people are very privacy-aware. I know quite a number of people who refuse to use Google's services or Dropbox, because of privacy reasons.
As for security companies selling hardened phones, etc. They are typically very expensive and/or inconvenient.
Guess I need to try to market stuff in Europe instead. ;)
Re expensive or inconvenient
They're often perceived as expensive. Truth is most COTS is too cheap: corners cut everywhere to get it at that price point which gives unrealistic expectations on price. So, key firewall or server is five digits instead of three to four. Don't need many of them but good luck selling even one. Always will be an uphill battle.
Far as convenience, that can be improved on and some apps are very convenient. The users' cut-off point is the real issue. Do they want one thoughtless step for everything? Can't do secure comms that was as verification requires extra step somewhere. Same with trust or key mgmt in other things. Im with us eliminating unnecessary complexity & technical stuff but users need to meet us halfway on convenience angle.
Security and privacy are very hard issues to address. So any solution will be temporary, very restrictive or fall short of it's promise.
For instance you can't have total privacy even if you never use Google and use tracker blockers, erase your browser's fingerprint etc. you are still sharing information with servers you're visiting.
