-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tim wrote:

Companies have been trying to convince the home computer user that they should be encrypting for years. Doesn't work. And for not very surprising reasons. Same thing seen in the home security business, backups, etc.

(The average user doesn't make any backups. The average homeowner doesn't do any more to secure his house than what it came with. In other words, "the defaults." )

Right. I suppose there's not much that can be done for people who expect "security" to be handed down to them from the sky on a silver platter. I'm sure it couldn't be more obvious to most here that if you don't put out the effort to take responsibility for your own security, you aren't going to have it--for your computer or anything else. But then, that sounds suspiciously resonant with "if they're too lazy or stupid to get it, then screw em", doesn't it. I think the real flaw there--what keeps me so uncomforable with it (even though my gut tells me it's a logical conclusion)--is reflected in the sheer number of people I've seen change their minds once they found out a little more about how insecure they really are. Haven't you ever been in a discussion/argument/presentation about computer security with someone, and at some point you notice that moment when it finally registers, you know that it really penetrated something...and they must have that sickening queazy little feeling in the pit of their stomachs when they say: "Oh my God, I had no idea". And at some point, haven't you all felt that sick, queasy shock of recognition yourselves? Maybe from something you read on John Young's site, or in response to being hacked? I certainly did--after that everything was different. It's a great feeling to have someone thank you for giving them the information they needed to wake up and do something to help themselves. The downside is you always risk coming across like a nutcase cyber-Cassandra, but you don't have to if you just let the raw facts do the convincing for you. More generally, I found it puzzling to see everyone getting hysterical over 911 when we're precisely no more and no less vulnerable than we ever were. I didn't learn a thing from it I hadn't already come to terms with on my own. (Having been abandoned as a child and homeless on your own at 17 tends to do an excellent job of ridding a person of any excess sense of security. Not that I'd recommend it...) So maybe for all the people who responded to the shock of 911 with "I'd give up all my civil liberties to feel safe again" there were enough who were jolted into taking responsibility for their own security to make a difference. Something to consider when thinking about the future of crypto, anyway. ~Faustine. *** The right to be let alone is indeed the beginning of all freedoms. - --William O. Douglas, Associate Justice, US Supreme Court -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. (Diffie-Helman/DSS-only version) iQA/AwUBO/mvyvg5Tuca7bfvEQLFcACgmlclCaF1BLe1+BtFWhSaS8/abiUAn1YB AYsjhc0ZiGKZD4SHMzBM4VMK =k/ZP -----END PGP SIGNATURE-----