[liberationtech] skype

Yosem Companys companys at stanford.edu
Thu Mar 21 14:36:53 PDT 2013 

Rich, that's because you're not thinking like the average non-technical
user, who usually does the following:

The user hears from a friend that she can make calls for free over Skype.
 So she clicks on the Skype link.  Skype has millions of users, meaning it
will be around for a while. The Skype website looks visually attractive,
meaning that it must have a lot of developers.  More recently, it is owned
by Microsoft, which the user trusts for similar reasons.  "Most large,
stable, visually-striking brands can be trusted," the user thinks.  She
doesn't think for she doesn't know that "Microsoft has been attacked a lot."

Now, the user installs Skype.  She clicks through a few steps, easy enough.
 That's a low barrier to adoption.

Next, the user sees all their family and friends on there.  "Great," she
thinks. "Now I can call that friend who told me to install it."

After that, the user reads in a news article that Skype is insecure.  "That
sucks," she thinks. "But it's not like I do anything confidential on there
anyway."  Or, perhaps, she thinks, "I haven't done anything wrong, so who
cares if I'm being watched. I'm glad the government is looking out for
those terrorists."

To the extent that the user cares about security, now she needs to figure
out what's the best secure alternative out there.  But notice what happens:
 There's no large, established competitor that is secure.  Those
competitors don't have brands.

To the extent that the user finds a secure competitor, say because Consumer
Reports published an article on it (for the average non-technical user may
not know of EFF), then she might click and check it out.  She might ask her
family and friends.  But their family and friends have never heard of it
and, even worse, are not on it.

"I care about my security," she may think. "So I will try it anyway."  But
all the time it gnaws at her that she doesn't know the competitor's name
and that she has to take a leap of faith to install it.  The company says
it's open source.  "What the heck does that mean?"  She thinks.  "What if
this company is untrustworthy?  What if this company goes under and sells
my data?  What if..."  Too many barriers to adoption.

We always think, "let's make the most private and secure solution,"
forgetting that users care about many brand attributes that the most
superior technical solution can't provide.

On Thu, Mar 21, 2013 at 1:05 PM, Rich Kulawiec <rsk at gsp.org> wrote:
> On Wed, Mar 20, 2013 at 11:17:03PM -0400, Louis Su?rez-Potts wrote:
>> One is tempted to suggest using other than Skype. Alternatives exist,
>> and these are secure, at least according to their claims. As well,
>> Skype's code is not transparent, in the way that other, open source,
>> applications' are.
>
> I'm more than tempted: I can't understand why anyone would even consider
> using Skype.  It's closed-source, therefore it must be presumed insecure.
> Nothing Microsoft says about it can be trusted.  There is reason to
believe
> that it's been successfully attacked by third parties.  &etc.
>
> I dunno 'bout y'all, but I think that's enough to blacklist it
permanently.
> Done.  Over.  Next?
>
> ---rsk
> --
> Too many emails? Unsubscribe, change to digest, or change password by
emailing moderator at companys at stanford.edu or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130321/5eba93b0/attachment.html>

More information about the liberationtech mailing list