On 5/18/2010 4:44 AM, Gervase Markham wrote:
On 18/05/10 05:20, johnjbarton wrote:
Many of our potential users are inexperienced computer users, who do
not
understand the risks involved in using interactive Web content. This
means we must rely on the user's judgement as little as possible. As
Edward Felten says, "given the choice between dancing pigs and
security,
users will choose dancing pigs every time."
Wow, now that is over the top!
Do you mean the facts he states are not true, or his conclusion ("we
must rely on the user's judgement as little as possible") is not a valid
conclusion from the facts?
I mean that starting a design from the point of view that the users have
faulty judgment will almost certainly lead to software that fails. It
positions the designer as a superior being and the users as cattle to be
herded in directions deemed important by the designer. In fact, both the
security system designer and the users are humans with entirely
equivalent ability to make judgments.
The concluding sentence citing Felten gets right to the heart of the
problem. Felten poses a false choice, then revels in the forgone
conclusion: stupid users, they would pick dancing pigs because they are
so stupid, while we, sage security folk, would know to pick security.
If users choose to disregard or subvert security systems, the problem is
with the system. It is irrational to think that the problem is user's
faulty judgment.
jjb
Gerv
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
