On Sat, Oct 25, 2014 at 10:57:54AM +0100, Bernard Tyers wrote: > Hi, > > I am working on an idea for a cryptoparty for non-technical people, called > ”Humane Cryptoparty”. > > This idea has come out of my HCI dissertation last year on non-technical user > mental models and OTR. > > One finding was users had good theoritical mental models of OTR, but bad > functional, or vice-versa. This lead them to make mistakes. > > The objective of the human cryptoparty is to see the affect understanding the > concepts of OTR has on user behaviour and their usage of OTR. > > In short, the idea I have is to explain various important concepts with > non-technical analogies. This is not easy to do correctly, I know. > > I have be working on some analogies for OTR. I’d like to get your advice on > how valid this is. > > The objective is not to be as non-technical as possible, while explaining the > concepts involved. > > The analogy uses: > > - envelopes (encryption) > - unique adhesives (public keys) > - unique ”glitter” patterns (perfect forward secrecy) > - solvents (private keys)
That all seems awfully complicated. You seem to be wanting to emulate the *mechanisms* rather than explaining the *outcomes*. Is that important? Does your audience really need to understand the effect of private keys, etc.? What kind of mistakes in using OTR have you seen that are caused by a misunderstanding of, say, how PFS works? OTR is designed to give you security whether you know it's there or not, at least against a passive adversary. The part that may require some understanding is the buddy verification (https://otr.cypherpunks.ca/help/4.0.0/levels.php) that ups the protection to work against active adversaries as well. I can image something like "whispering through a sheet" or something like that to analogize the situation. - Ian _______________________________________________ OTR-users mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-users
