the Great Filter of private communication
Stephen D. Williams
sdw at lig.net
Mon Apr 21 00:30:42 PDT 2014
Probably people just need two email clients: One for non-secure email, another that only sends secure messages. They can both use
imap for the same account. Bonus: spam might potentially have a hard time getting accepted as a secure sender, leaving secure email
spam free.
Alternately, do it on viewing / editing via plugins that are less invasive and more secure.
There are several problems:
Choosing an ID system: email address + key ID of some kind.
Key exchange / trust system: Hierarchical (do you trust some or all CAs? Their signup policies?), web of trust (GPG or similar),
personal signing, etc.
Visibility and understanding: Current systems are annoying even for experts. No hope of a normal user looking at or understanding
ID/cert/key trust situation. Make it specific and simple: CA is safe but could be coopted by TLA or mistakes, signup was weak
(could have been a stolen credit card), password could have been stolen, mitm exposure, etc. Just draw the trust / exploit tree.
Factor in multi-factor, alternate channel checking, etc.
Ease of selecting, enabling, and using read/write interfaces.
Solve the problems of control, time available, ability to save for later safely.
Stephen
On 4/20/14, 10:55 PM, Scott Blaydes wrote:
> On Apr 20, 2014, at 7:05 PM, coderman <coderman at gmail.com> wrote:
>
>> we have the maths! we have the technology!
>>
>> ... yet actual robust, private communications remain elusive.
>>
>> where the "Great Filter" thwarting our privacy codes?
>>
>>
>>
>> is it usability; anything more than invisibly automatic a failure?
> Yes. People keep claiming that it is just too hard to encrypt email. There are plugins for all platforms. If you can’t send encrypted email, sending email in the first place is probably too difficult, just txt everyone on your fone. The smartfone has made for such stupid people that if it can’t be done in just a few keystrokes (content included) then it is too hard or tl;dr.
>
> Remember the old days when there wasn’t PPP and SLIP connections? Before broadband. When a conversation on IRC was enjoyable, the right amounts of humor and actual thought? And you knew not to ask for help in #unix on efnet.
>
>> is it cost; anything more than zero too much to bear in the market?
>>
> No, everyone can afford a smartfone now a days.
>
>> is it correctness; anything less than a single mode always secure, broken?
> Life is full of levels of grey, and so is security. That password you use on new sites you don’t trust vs your gpg/pgp passphrase. The sheeple don’t have levels of grey with regards to security, either take it to their grave or everyone can see.
>
> Chatting with someone who was looking to start his own desktop Linux distro. I suggested an encrypted messaging platform over the security-hole-riddled platform he was using and he told me he had nothing to hide. I told him he wasn’t the kind of person who should be developing anything security related.
>
> Security takes effort that people are not will to expend.
>>
>>
>> perhaps all of these above, each a requisite element of robustness,
>> further compounding the difficulty of realizing an ideal.
--
Stephen D. Williams sdw at lig.net stephendwilliams at gmail.com LinkedIn: http://sdw.st/in
V:650-450-UNIX (8649) V:866.SDW.UNIX V:703.371.9362 F:703.995.0407
AIM:sdw Skype:StephenDWilliams Yahoo:sdwlignet Resume: http://sdw.st/gres
Personal: http://sdw.st facebook.com/sdwlig twitter.com/scienteer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5075 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20140421/9af6bf6e/attachment-0001.txt>
More information about the cypherpunks
mailing list