As a "young person" (under 30), my thoughts: There's a minority of us that do genuinely care, possibly more than most - so hiring someone from this minority would be helpful - but the vast majority of my peers don't care about privacy nor security. They often take this defeatist mindset of "my data is already out there, why should I care?", or prefer convenience over security. For example, "why should I switch to Signal if I have a public Instagram profile?" or "I can't remember all those passwords! I just use one for everything."

As for your comment about junior engineers, see kennywinker's reply to this thread - I share the same thoughts.

Very generous of you to blame the screw up of one of the largest companies in the world on a jr engineer.

I’ve been a jr engineer at a large company. I had the power to implement absolutely jack shit on my own. I deeply doubt the security flow for account recovery in meta ai account security was a single jr engineer.

What i think is actually going on is basically a soft form of ai psychosis. Senior engineer gets ai to code ai account recovery feature, that same or a different engineer asks ai to review the feature, and then it gets pushed to prod. Move fast, break things. The ai coded it, the ai reviewed it - the people trusted the ai because it sounds confidently right.

Just like how the ai doesn’t know if you should walk or drive to the car wash, the ai doesn’t understand exploits like this one.