On 20 Aug 2013, at 01:01, Eric Murray <ericm@lne.com> wrote:
On 08/19/2013 03:54 PM, Steve Furlong wrote:
. I still haven't figured out whether that means that email encryption is too difficult to set up and use or it means that most everyone is mostly too stupid.
Matt Blaze posted a tweet that's appropos yesterday:
"anyone who thinks users who misunderstand technology don't "deserve" privacy doesn't "deserve" to be a security engineer."
[I guess you're jokign Steve, but I'll kinda bite :)] (At the risk of being flamed…actually, fuck it..) He is damn fucking right. He posted the following a few minutes before: "Small silver lining in NSA revelations: hardly anyone's carping that those who can't figure out crypto apps don't "deserve" privacy anymore." Users are not idiots - they do not focus on this because it is hard. If* there is stupidity, it's the security engineers who develop tools that people can't use. Security people need to understand their ultimate goal is to get tools they build (and build damn well for the most part) into the hands of people, real people. I know this is The majority of people (Yes! None crypto-technology focused people too!) don't see crypto as a goal - they see using their software as a tool to task to succeeding their goal - sending the e-mail, receiving the SMS. Security and crypto should be by default. Steve, to start your reading: http://hornbeam.cs.ucl.ac.uk/hcs/people/documents/Angela%20Publications/1999... http://www.gaudior.net/alma/MakingSecurityUsable.pdf http://www.cs.berkeley.edu/~tygar/papers/Why_Johnny_Cant_Encrypt/OReilly.pdf include http://www.computer.org/portal/web/computingnow/securityandprivacy If there is anything positive to come out of all this it's two things: non-security peopel realising those "nerds" can help, and security grasping the realisation that they need people too. Talk to people. Find out what it is they need to accomplish and help them do it securely and privately. You'd be amazed how much it'll do. Bernard * Not something that I think will contribute to the overall conversation. -------------------------------------- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org