On 02/04/14 03:33, Ximin Luo wrote: > Why is it a given assumption that people "will not check > fingerprints"? People exchange phone numbers all the time.
But people also don't verify phone numbers before dialling them. Why? Because the cost associated with the risk of a wrong phone number is low (usually something like making a local phone call). So they just don't bother as it's comparable to the cost involved in making a legitimate use of the phone number. (I know what it costs to call a cell phone in my country, so in the worst case, I've only made an extra call to find out that I got the wrong person.) Obviously the cost could be higher, in case somebody *maliciously* tricks me into using a wrong phone number and I'm getting an impostor or a form of MitM attack. But that's rather unusual for most in real life. > (Do people think it's *immoral* to encourage more > people to verify fingerprints?) Interesting point. I know many people who react to suggestions like that with the usual "just go to your room and put your tin foil hat back on ..." response. I guess most want to be "normal" and not have to worry about this crypto nerd stuff. In their mind unlocking the car with their key (logging into their computer, entering the PIN on their phone) ought to be enough, without the need to check the license plate/SIM card number (analogue to fingerprint). > Software is another way to change > people's behaviour, and software that lowers the cost of a task > will encourage more people to do that task. At least it should hopefully lower the threshold that significantly more will do so. Guy
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
