On Friday, June 28, 2013 12:28 PM, Eleanor Saitta wrote: > On 2013.06.28 04.21, Rich Kulawiec wrote: >> On Fri, Jun 21, 2013 at 04:56:24PM +0100, Michael Rogers wrote: >>> I agree - "no smartphones" is sound advice. "No phones" is >>> even better. But the problem is, nobody follows that advice. So >>> we have to be pragmatic. > >> [snip insightful comments] > >> I would like to agree with you -- and in part, I do. > >> But I'll suggest that the yardstick for "pragmatic" has moved >> considerably during the last few weeks. > > And yet, the yardstick for what users will accept hasn't moved > more than a half inch. Yes, we're going to get more people to try > to use better tools now. They'll still fail, because the tools > still aren't designed for them and they still do actually have > other jobs to do. [snip]
> Did you know that there's a private bus line going in in San > Francisco that you can't ride without an iPhone? Now, what was > that again about telling people to not carry phones? Or the unspoken but equally massive database that our credit cards generate about our location and detailed buying habits; but try living any approximation of a normal life without one. > I understand very well that giving people advice that is > insufficient isn't acceptable. However, giving people advice > they're going to ignore wastes their time, destroys your ability to > be an adviser on issues where they might take your advice, and > doesn't result in any better outcomes. > > We as the security community need to stop doing this and come up > with a third option that understands that our users have multiple > priorities. If we don't want to understand the world our users > live in and their needs, we might as well all fuck off to a cave > somewhere. > > E. Channeling Gunner for a moment, can we get a love bomb here? I think the key is that it's time to *also* support the "average" user. We can't stop working to create systems that are as secure as possible for the people who are directly targeted and whose lives are at risk -- but we also cannot only support that very motivated individual. If we can improve the baseline - making everyone more secure from a variety of threats, we start winning at a much longer-term game; and we make the extra mile that people on front line have to do to be even more secure a bit less challenging. This means tools have to be easier, and need to be usable at a basic level without training. Is the level of security they'll be at good enough for {insert problematic context/country here} ? No, of course not, but it's a hell of a lot better than an unpatched WinXP box with out-of-date anti-virus and outlook express. I feel like the ladder for security tools is missing rungs on the bottom 2/3ds of it, and we're at an amazing (and frightening) point in history to build those rungs in. /end friday rant Jon > -- Too many emails? Unsubscribe, change to digest, or change > password by emailing moderator at compa...@stanford.edu or changing > your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech