[liberationtech] What I've learned from Cryptocat

Griffin Boyce griffinboyce at gmail.com
Mon Aug 6 23:31:13 PDT 2012 

  Jillian, Frank, and others have really hit the nail on the head.

  After twenty-one years in production, why do so few people use PGP to
encrypt their emails?  It isn't because of lack of care, or lack of trying,
but because the software is not intended for average people to use.  This
seems a failure on so many levels.  PGP/GPG should be in use by *everyone*
in conflict zones, by *everyone* living in China, by *everyone* who is
concerned about censorship.  But it isn't.

  This morning I received an email where someone had quoted my original
email to them.  The email that I sent them was encrypted. The email they
sent me was unencrypted.  While we can laugh and joke about it, we only
have that luxury because the contents don't put anyone in danger.  People
in abusive relationships, for example, do not have that luxury.  A mis-step
for them could lead to beatings, rape, or having to flee their homes.

  There's a lot of talk about "The Next Crypto War," but I think that's
bullshit.  The greatest threat to crypto doesn't come from state actors,
but from the total absence of any kind of usability.  And, for the most
part, people don't care about usability.

  If no one's using your software, then The Crypto War is already forfeit.
 Bottom line.

  It's time to start talking to the true stakeholders and asking them what
solutions THEY WANT, how existing solutions can be made better FOR THEM.
 Everything works "in the lab," but what happens in real-world situations
with average users?  TAILS fails out-of-the-box for the majority of users
who test it.  Not because it is terrible software, but because it's
unintuitive for average users.

  Awkward dinners aside, this conversation is awesome.

Best to everyone,
Griffin Boyce



On Tue, Aug 7, 2012 at 1:19 AM, <frank at journalistsecurity.net> wrote:

> Hey guys,
>
> I appreciate the importance and depth of this discussion. But I also wish
> to underscore that most of the people who are at risk are not using any
> tools whether they be CrytoCat, PGP, GChat or others for the simple reason
> that they either cannot figure them out, or don't have time to figure them
> out, or both. And I am talking about people at risk in many different
> nations.
>

-- 
"I believe that usability is a security concern; systems that do
not pay close attention to the human interaction factors involved
risk failing to provide security by failing to attract users."
~Len Sassaman

PGP Key etc: https://www.noisebridge.net/wiki/User:Fontaine
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120807/755225a0/attachment.html>

More information about the liberationtech mailing list