[liberationtech] eternity USENET (Re: Internet blackout)

Fri Jun 28 11:17:39 PDT 2013

On Friday, June 28, 2013 12:28 PM, Eleanor Saitta wrote:
> On 2013.06.28 04.21, Rich Kulawiec wrote:
>> On Fri, Jun 21, 2013 at 04:56:24PM +0100, Michael Rogers wrote:
>>> I agree - "no smartphones" is sound advice. "No phones" is
>>> even better. But the problem is, nobody follows that advice. So
>>> we have to be pragmatic.
> 
>> [snip insightful comments]
> 
>> I would like to agree with you -- and in part, I do.
> 
>> But I'll suggest that the yardstick for "pragmatic" has moved 
>> considerably during the last few weeks.
> 
> And yet, the yardstick for what users will accept hasn't moved
> more than a half inch.  Yes, we're going to get more people to try
> to use better tools now.  They'll still fail, because the tools
> still aren't designed for them and they still do actually have
> other jobs to do.
[snip]

> Did you know that there's a private bus line going in in San
> Francisco that you can't ride without an iPhone?  Now, what was
> that again about telling people to not carry phones?

Or the unspoken but equally massive database that our credit cards
generate about our location and detailed buying habits; but try living
any approximation of a normal life without one.

> I understand very well that giving people advice that is
> insufficient isn't acceptable.  However, giving people advice
> they're going to ignore wastes their time, destroys your ability to
> be an adviser on issues where they might take your advice, and
> doesn't result in any better outcomes.
> 
> We as the security community need to stop doing this and come up
> with a third option that understands that our users have multiple 
> priorities.  If we don't want to understand the world our users
> live in and their needs, we might as well all fuck off to a cave
> somewhere.
> 
> E.

Channeling Gunner for a moment, can we get a love bomb here?

I think the key is that it's time to *also* support the "average"
user.  We can't stop working to create systems that are as secure as
possible for the people who are directly targeted and whose lives are
at risk -- but we also cannot only support that very motivated individual.

If we can improve the baseline - making everyone more secure from a
variety of threats, we start winning at a much longer-term game; and
we make the extra mile that people on front line have to do to be even
more secure a bit less challenging.

This means tools have to be easier, and need to be usable at a basic
level without training.  Is the level of security they'll be at good
enough for {insert problematic context/country here} ? No, of course
not, but it's a hell of a lot better than an unpatched WinXP box with
out-of-date anti-virus and outlook express.

I feel like the ladder for security tools is missing rungs on the
bottom 2/3ds of it, and we're at an amazing (and frightening) point in
history to build those rungs in.

/end friday rant

Jon

> -- Too many emails? Unsubscribe, change to digest, or change
> password by emailing moderator at companys at stanford.edu or changing
> your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 