A young man, most likely of eastern European descent, in front of a dimly lit, black computer. Green letters projecting on his face. He is wearing a balaclava. You know you are looking at a stock image of what mainstream media imagines a “hacker” or “cyber criminal” looks like.

Actual hacking looks nothing like this, of course. Even the image of pimply teenagers in their mother’s basement isn’t true anymore, as most of the hacking has shifted to professional criminal gangs. Still, the threat of being hacked is ever-present, and defending against attacks is a necessary evil for anyone who uses a computer connected to the internet, lest your bank or Facebook account ends up in someone else’s hands.

However, this also gives rise to something called Security Theater, which you’ve almost certainly experienced. Every time you pack all your toiletries into a see-through bag, and empty your water bottles before going through security, you’re experiencing security theatre. It is every “security measure” that is mostly for show, does little to improve security, and mostly serves an impediment to the vast majority of people is just there to give you a sense of security and that “something has been done”, while making your life miserable.

Security theatre doesn’t just exist in real life, it has also found a home in various websites. For example, in The “Cobra Effect” That Is Disabling Paste on Password Fields, Troy Hunt examines a “security features” you might have encountered on websites before, and why it actually makes the website and you as the user less secure.

On the flip side, as Scott Helme writes, even useful security features can be abused to do bad things. Implementing good security on the server side is rarely as simple as flipping a switch. More often than not, you’ll have to take careful consideration into account, and make trade-offs, when doing so.

Next week, I’ll examine a different security problem: how does a website know that you are who you claim to be?

• CloudFlare, SSL and unhealthy security absolutism – "Total end-to-end security or nothing" might seem like a good policy, but in practice, a 90% solution is still better than nothing, and much easier to achieve for most people.
• On Efficiency – Efficiency and security are often at odds, and finding the right balance isn't easy.
• How Much of the Earth Can You See at Once? – (video, ~25m) Not only answers the question, but also provides an interesting demonstration at how bad humans are with really large things and numbers.

Magical realist transportation