On Friday, June 28, 2013 12:28 PM, Eleanor Saitta wrote:
> On 2013.06.28 04.21, Rich Kulawiec wrote:
>> On Fri, Jun 21, 2013 at 04:56:24PM +0100, Michael Rogers wrote:
>>> I agree - "no smartphones" is sound advice. "No phones" is
>>> even better. But the problem is, nobody follows that advice. So
>>> we have to be pragmatic.
>
>> [snip insightful comments]
>
>> I would like to agree with you -- and in part, I do.
>
>> But I'll suggest that the yardstick for "pragmatic" has moved
>> considerably during the last few weeks.
>
> And yet, the yardstick for what users will accept hasn't moved
> more than a half inch. Yes, we're going to get more people to try
> to use better tools now. They'll still fail, because the tools
> still aren't designed for them and they still do actually have
> other jobs to do.
[snip]
> Did you know that there's a private bus line going in in San
> Francisco that you can't ride without an iPhone? Now, what was
> that again about telling people to not carry phones?
Or the unspoken but equally massive database that our credit cards
generate about our location and detailed buying habits; but try living
any approximation of a normal life without one.
> I understand very well that giving people advice that is
> insufficient isn't acceptable. However, giving people advice
> they're going to ignore wastes their time, destroys your ability to
> be an adviser on issues where they might take your advice, and
> doesn't result in any better outcomes.
>
> We as the security community need to stop doing this and come up
> with a third option that understands that our users have multiple
> priorities. If we don't want to understand the world our users
> live in and their needs, we might as well all fuck off to a cave
> somewhere.
>
> E.
Channeling Gunner for a moment, can we get a love bomb here?
I think the key is that it's time to *also* support the "average"
user. We can't stop working to create systems that are as secure as
possible for the people who are directly targeted and whose lives are
at risk -- but we also cannot only support that very motivated individual.
If we can improve the baseline - making everyone more secure from a
variety of threats, we start winning at a much longer-term game; and
we make the extra mile that people on front line have to do to be even
more secure a bit less challenging.
This means tools have to be easier, and need to be usable at a basic
level without training. Is the level of security they'll be at good
enough for {insert problematic context/country here} ? No, of course
not, but it's a hell of a lot better than an unpatched WinXP box with
out-of-date anti-virus and outlook express.
I feel like the ladder for security tools is missing rungs on the
bottom 2/3ds of it, and we're at an amazing (and frightening) point in
history to build those rungs in.
/end friday rant
Jon
> -- Too many emails? Unsubscribe, change to digest, or change
> password by emailing moderator at compa...@stanford.edu or changing
> your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at compa...@stanford.edu or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
