Three years ago, I tried to start something called the Human Security Initiative. Not by accident acrynomically close to Human Computer Interfaces.
This is desperately needed. We need to sit our asses and oh-so-smart brains down, get some designers and psychologist into the room, and talk about how to properly design security, not just engineer it.
Top labs are *still* researching how to replace passwords while maintaining security.
I know. I've tried my own hand on this topic, to no avail. It's really hard.
And yes, entering your password once is a very big progress.
That's true except all kinds of people have learned to use GPG.
If you have to, or really, really want to, you will learn to use the worst tool in the history of mankind. But we should think about people who have no such drive.
The real reason people rarely use it is pure laziness
That's a cop-out. Another cheap excuse. You're blaming the user and stopping there. Let me help you with some cognitive dissonance: The same users that you call "lazy" spend an hour a day clicking on a screen to plant FarmVille crops. The most useless and boring activity ever invented. If Zynga can get them to click on some pixels repeatedly, twenty times a day, why can't we get them to click on a button once?
it insisted that the very idea of Net neutrality squished its First and Fifth Amendment right
There's your problem right there. Once we grow three brain cells and understand that corporations are not people, and while they deserve rights, they don't deserve the same rights. I'm not even saying higher or lower, just saying there's a fucking difference, acknowledge it!
I'm not saying users are completely blameless littel angels. But I'm so sick and tired of this reflex of blaming everything on stupid users.
Some comedian said it very nicely about another topic: When a house burns down, and the firefighters put out the flames, they don't just go home and write a report saying "fire destroyed the house". They go in and sift through the debris and try to figure out what caused the fire.
In IT we largely don't do that. We treat users as mystical black boxes and root causes and once we've found the user somewhere in the chain of causality, we stop. We don't ask ourselves why the user made this mistake or why the users don't seem to want security. We say "stupidity" the same way ancient map makers put "here be dragons" on their maps.
And that, I say, is stupid. We should go in there and figure out what actually is in that white spot. Why did the user make this mistake? Why do they fall for phishing? Why do they want speed over security? And a boilerplate "because they're stupid" is not an acceptable answer.
We're so smart (or so we think), but we can't figure out how to make security desirable, unobtrusive and a positive experience. Really?
You can lead a horse to water but you can't make him drink.
cheap excuse
People are too lazy to type in a password in order to send mail.
Then make it not necessary to type in a password. Even I don't understand why I should type a password for every mail I send.
Yes I do use GPG its the best thing we have going right now for the average person to protect his data.
No, it's not. It might be technically the best tool, but if it's unusable, then in sum total, it's not. There are many factors that go into these equations, and we techies are sometimes blind to some of them.
But it's so easy to make a good estimate, takes less than 10 seconds:
Take your instinctive estimate.
Double it.
Increase units by one (if you think "hours", make it days. If you think "weeks" make it months, etc.)
So if you think it'll take 2-3 days, tell your manager it'll be ready in 4-6 weeks. Don't forget that in management school, they teach these fuckers to under-promise and over-deliver. He understands.
From a human psychology standpoint he would rather know that it will be done in 3 days, barring delays, than not know when it will be done and have it in two hours. I personally think that is a dumb way of doing things, but I am the outlier, not the director.
The psychological issue is that you don't know, but you have a hunch, you have some insight. You know it's probably going to be a few hours.
But for non-techies, all this stuff is a total blackbox. When you say "I don't know" they panic, because for them that means anything from a day to a month or maybe infinity. Uncertainty is a horrible psychological state and people try to avoid it. It's an instinct. When you don't know if that shadow is a monkey or a lion, it's better to panic just in case.
By saying "three days", you give him certainty. Now he knows the shadow isn't a lion.
Some people will applaud this action, saying that no one should have their private pictures posted without their consent. Some people will call this an issue of right to privacy. Those people are misguided.
Explain how, exactly.
There are things that you just don't do (like, say hitting a woman).
Unfortunately, if the population is large and anonymous enough, you always have someone who does something that you shouldn't do. That's when we need a law. You understand these laws don't fall from the sky, yes? They're the written down rules of society. And society needs rules, otherwise it's not a society, it's just a mob.
And posting sex pictures of other people without their consent is just the kind of stuff that you don't do. And if people don't get it, you have to tell them.
Blame the users mostly for not giving a fuck about encryption.
That is stupid. It's like saying blame the drivers for not giving a fuck about fuel injection. Users should not have to care about encryption. They should care about having secure and private communication, and how to make that happen is our job, it's why we are being paid more than burger flippers.
- Crypto doesn't play well with webmail
But you've heard of Hushmail, yes?
We have the technology. If we want, we can make strong crypto work. Problem is that most of the big players with the money to make it happen don't want, and the small guys either don't understand the technology and complexity (users) or are incapable of making it actually usable (techies).
If we suddenly are no longer able to google one particular kind of content, someone will offer their own search engine, supported by specialized advertising, for it.
Welcome to the Internet, great to have you here. When you hang around for a bit, you will notice that there are search engines beside Google, especially for adult content.
the half-mystical "deep Web"
Has nothing to do with porn sites. There's very little about porn that's deep, or hidden, except maybe a few very, very extreme fetishes, but unless it's illegal in 120 countries, you are very likely to be no more than five minutes away from it as soon as you open a browser.
People keep using that word but do not really seem to know what it means.
True, but the "it's just free market" screams also obscure and important point: It's not censorship when one store, newspaper or company does it. But what if everyone does it? If thanks to pressure from certain interest groups, your particular topic vanishes not from one store and newspaper, but from all of them?
When a story cannot be published even though both supply and demand exist, is that not censorship?
That is why it's right to question such changes when big companies do it. I'm not worried for porn, it'll always exist. But asking Google the simple question "why" is not wrong.
because not everyone on the internet can discern between what they click on... (like kids
Little kids are not at all interested in porn. There've been very few studies on this, due to the obvious difficulties of getting the ethics board to approve, but from what I've read about it, their primary reaction is boredom. Like "what is this shit and how do I get back to what I wanted?".
Teens are interested in porn. And short of locking them all up in isolation cells, they will get it, because they're ready to dedicate even more time and effort to the task than the puritans do to "protect" them.
to make the internet as tame as American TV
"Tame" for very specific definitions of that word. As many comedians here in Europe have said in one way or the other: American movies is where children are protected from seing the nipple they suckled on some years ago, but hacking people into pieces is perfectly fine.
Remember when Apple was forced to remove all porn apps from the App Store? I'm sure it wasn't because they wanted to, but there's a group of dedicated social conservatives who do nothing but complain about anything even remotely explicit.
This. The democracy we live in is highly vulnerable to dedicated groups or particulate interests. I've seen it up close when the Pirate Party here in Germany imploded (and went back from 4-7% of votes to 1-2% in one legislation period) because it had been infiltrated by too many people pushing their agendas in topics such as drugs, womens rights, public transport and such.
Small groups of people fanatically dedicated to one narrow interest can deliver a tremendeous amount of force, because they are focussed, unwavering and never stop to even consider compromises. They will always push over any moderate opponents.
Think back to the superbowl "wardrobe malfunction" - it probably wouldn't have gotten anywhere
All of Europe and probably most of the rest of the world was shaking its head over that one and wondering if someone had forgotten to tell you guys that it's the 20th century, not the 12th.
Never call a man a fool. Borrow from him.
