@AC
"I think a lot of the points are flimsy straw-man arguments at best."
Only if you don't understand the premise of the article, which is that the current advice being given in the media on how to avoid this collection of your metadata skips over a lot of issues and is thus dangerous to rely on
"VPNs are handily ignored/not addressed."
Quite. And why? Because they are not addressed by those who are giving this advice in the media - usually people whose regular segment tells viewers about the new tablets and smart watches and just what 'cloud' means. These 'gurus' are being brought in for 5 minute question-and-answer segments where the presenter will ask: "what is metadata?" and "so what can I do to keep my information private?" and the producer wants 30 second answers so they can move onto the next story about Kim Kardashian or cross-promotional plug for whatever series or reality TV show is airing.
They give explanations and tips that are easily-digestible by the layperson and so those people go away thinking that they understand it but don't because many of the important details have been glossed-over and ignored.
I don't know where you sit in IT but I have had numerous instances where people have infected their PC with a virus or malware and said: "but I have anti-virus; isn't that supposed to stop this happening?" They believe this to be the case because they haven't understood that anti-virus offers only a measure of protection, not some perfect defence against any and all that the web can throw at them.
"The average user is not going to be de-anonymised on Tor."
Unless I am mistaken, this is precisely what Richard said: the government is unlikely to go to that effort but if you are actually of interest, it is possible, so if you are giving the advice "use Tor", then it is responsible to at least mention that it is not bulletproof.
Regarding the lack of security when using a public wifi connection, you say that you are pretty sure this is "well known". To who? I can tell you that next to zero non-technical people I know understand why public wifi is insecure. Remember again that Richard is commenting on the technical advice that is being given by the kind of people the media bring on to explain it and tell people "what it all means for you and how you can stay safe".
With your comment about leaving your mobile phone behind, do you really think the average person - at whom this information is being aimed - actually does this? What you think is obvious ("shock") is not always so to the non-technical.
When you ask "what security advisors" are giving this information about secure drop sites, perhaps that was the wrong term for Richard to use. He is, again, talking about the kind of information provided to the public be journalists and "IT Guys" who routinely go on breakfast and current affairs shows but also newspaper and web journalists. At least I think he is. When I read this article, I had a few such people specifically in mind.
So, while I accept that a proper 'security advisor' would be a little more thorough, I think the author is using the term not as a job description but to denote the people he is talking about who are advising the public about security. That's how I read it - I could be wrong.
Richard's points do not present a 'straw man' at all; they are presented as comment on the advice given by those in the media giving advice to the public. They are over-simplifying in an attempt to avoid their viewers having to think too much before they cross to the weather person presenting from whatever local event has paid them for the publicity or cutting to "Steve in the kitchen" who will tell audiences all about how amazing the latest plastic time-saving food-preparation gadget is.
And if you think that people don't take such advice seriously and without further research then I'm afraid you have a rather inaccurate (though pleasantly optimistic) view.
Biting the hand that feeds IT
