If you’ve spent any time in cybersecurity, you’ve probably met someone who sounds absolutely certain they’ve mastered it all after a few YouTube tutorials. Maybe you’ve even been that person. That’s not arrogance, it is the Dunning-Kruger effect in action.

What the Dunning-Kruger Effect Means

The Dunning-Kruger effect is what happens when people know just enough to overestimate their ability. It’s the moment you think you understand a topic right before you realize how much more there is to learn.

The name comes from psychologists David Dunning and Justin Kruger, who ran a series of studies in the 1990s which revealed that people who perform poorly on a task tended to overestimate their performance. Their results showed a simple truth: regardless of skill, most people think their abilities are above average.

In technology, this shows up in familiar ways. A beginner writes a few lines of Python and claims to have built a revolutionary app. Someone installs a VPN and believes they’re “unhackable.” Confidence often runs ahead of experience, not out of arrogance, but because the limits of a skill are invisible until you’ve spent considerable time inside it.

Even advanced practitioners can fall into a quieter version of the same trap. A network engineer might assume their firewall rules cover every scenario, only to discover a misconfigured port exposing internal systems.

Don’t Mistake Confidence for Competence

If you’re new to cybersecurity, the hardest thing isn’t learning the tools, it’s learning who to listen to. Many online spaces reward confidence, not accuracy. Forums, Discord channels, and YouTube comments are full of people who sound certain, but certainty is cheap. Real knowledge explains why something works, not just what to do.

Before taking advice, look for someone who admits what they don’t know. They’re often the ones worth learning from.

The Subtle Curve of Growth

This classic “Mount Stupid” graph paints a neat story: confidence soars, crashes, then climbs again with knowledge. It’s a good metaphor, but real growth isn’t always that tidyand self-awareness can develop unevenly.

Progress in cybersecurity isn’t about avoiding mistakes, it’s about calibrating your confidence to match your understanding. When your ego and your knowledge move in step, your knowledge and understanding deepens

How to Avoid the Dunning-Kruger Trap

• Keep learning even when you feel confident. Real skill isn’t a destination, it’s maintenance.
• Ask for feedback early and often. Don’t trust your instincts alone to judge your skill.
• Challenge your assumptions. If something feels obvious, double-check it. Most technical errors hide in what “everyone knows.”
• Watch for loud certainty online. The best experts usually explain, not declare.

Why the Internet Makes It Worse

The internet accelerates the illusion of knowledge. Everyone can Google a few terms, read an AI summary, and start giving advice. The illusion of knowledge spreads fast when there’s no built-in pause between “learning something” and “applying it”. Knowing where to click isn’t the same as understanding what’s happening under the hood.

Don’t Mistake Confidence for Competence

If you’re just starting out, be careful not to mistake confidence for competence. Online, certainty often outshines understanding. The trick is to listen critically. Ask questions, check sources, and test things yourself. Real understanding holds up under scrutiny. If someone can’t explain why something works, they probably don’t understand it as well as they think they do.

Keep Learning and Stay Curious

The good news is that most people eventually grow out of Mount Stupid. The best engineers, hackers, and sysadmins are the ones whose competence outpaces their confidence and aren’t afraid to admit when they don’t know something. Curiosity replaces confidence, and discussions start sounding more like: “What happens if I do this?” instead of “I already know how this works.”

In the end, the Dunning-Kruger effect isn’t just about ignorance. It’s a stage of learning, a rite of passage in everything, including cybersecurity. At Hackers-Arise, we believe in learning through experience, the kind that teaches you persistence and makes you a creative thinker.

If you’re ready for your competence to match your confidence you should start with our Cybersecurity Starter Bundle.

The post The Dunning-Kruger Effect: When Confidence Talks Louder Than Skill first appeared on Hackers Arise.

This iconic scene in Minority Report where purchases are tied to bio-metrics is no longer science fiction, it is your impending future. In more and more stores, networked cameras tag your face, follow your path, and link this information to loyalty profiles and purchase histories. In an era of rising surveillance, retail harvesting may seem relatively innocuous, but once these systems are in place every grocery run becomes a data point in a profit model. While we know that retailers are using this technology to track us, you can be assured that nation-state actors and cyber crime as doing likewise.

Personalized Pricing

Personalized web pricing has been a reality for the last decade. Online businesses have been caught increasing prices based on demand, desperation, and even iPhone model. Brick-and-mortar shops have been a reprieve from this unethical profit maximizing, but as more stores replace paper tags with electronic shelf labels (ESL), in-store surveillance pricing becomes a very real possibility.  

While retailers continue to frame facial recognition technologies as theft control or a means to “increase the customer experience”, the boundary of unethical price gouging and price discrimination was breached long ago. The question is no longer ‘will they’ but ‘how will they’. Soon, bio-metric signals could link your physical presence to data about income, purchase history, medical prescriptions, and emotional state. With that linkage, ESLs can adjust the price (read, raise the price) in real-time to what an algorithm predicts you’re willing pay.

Selling Your Data

The data rarely stays in-house. Data brokers have long gorged themselves on data from your online activity. The next prize is biometric and in-store behavioral data. Retailers are happy to sell it to advertisers, insurers, hedge funds, and political shops, exposing you to surveillance pricing and finely targeted persuasion. The business of selling data is so good that it now accounts for 35% of Kroger’s net income.

How You Can Prevent it

You don’t have to accept this as normal. While there are many extreme methods to completely thwart facial recognition, like wearing a full silicone mask, we are going to focus on simple tools you can easily integrate into your daily routine.

Keep in mind these techniques won’t defeat advanced military or government systems; they’re meant to blunt retail data collection.

The majority of retail cameras rely on high-resolution visible light cameras. Modern facial recognition systems typically measures 68 landmarks on the face, but rely on 8 critical landmarks to structure the data.

Meaning the more of these key landmarks you obscure, the less confident a consumer-grade match becomes. A baseball hat tilted low and big sunglasses is enough to obscure 4-5 of these points. Including a covid mask will cover all these points.

Infrared Cameras

Some retailers are incorporating infrared (IR) cameras to map facial features and your standard sunglasses do not block IR light. This means eye landmarks and eye tracking can still be logged. To circumvent this technology you can integrate reflective materials and IR blocking lenses. Reflective materials bounce IR light back to the camera, creating a glare that has been demonstrated to interrupt IR camera scanning.  In systems that don’t have glare filtering IR cameras, a reflective hat alone may be enough to distort the camera image.

These hats can be purchased from Amazon, but if you need a hat with more breathability I prefer this one made by Chrome.

The newest generation of IR cameras use polarized filters to block the effect of reflective materials. To deal with these there are a number of IR blocking glasses you can purchase. Amazon carries IR blocking lenses, but most of them are too dark for indoor use except for this pair.

Reflecticles is the OG company making privacy glasses. The ghost and phantom are their premium models that pair IR blocking lenses with reflective frames, but they also carry basic IR blocking glasses at a lower price point.

If you need prescription lenses Zenni Optical recently rolled out a IR blocking coating on their lenses that blocks 80% of the near-IR spectrum. The primary complaint about them online is they iPhone’s IR based FaceID, which is a pretty good endorsement.

Summary and Conclusion

The reality is that stores are no longer just selling groceries, they are selling you. While these face obscuring techniques are essential, they need to be paired with low tech techniques to be fully effective:

• Use cash whenever possible
• Use other people’s loyalty programs. The phone number (area code) 123-4567 works at a lot of grocery stores.
• Request that your image be removed from PimEyes, FaceCheck ID, Whitepages, Spokeo.

Facial obscuring is the right move for people concerned about the future of corporate surveillance. However, the technology is ever evolving, so in my next article we’ll go over the emerging science of gait identification and how to beat it.

The post Major Retailers are Spying on You!: How to Prevent it first appeared on Hackers Arise.