On 5/18/2010 1:44 PM, johnjbarton wrote: > > The designer here is asserting a false, one-dimensional design space and > insisting that users make a choice along this false dimension.
Yep. But be a little sympathetic. We all have models of reality that are insufficiently dimensional. > As long as your designer views the problem of security as a tradeoff > with convenience, you are not going to improve security. You will just > create higher and more obscure barriers along that one dimension, trying > to herd users to the other end. They will work around your efforts. Now who's stereotyping users? > I do not believe that users should be asked to make choices based on > poorly presented and biased information. When the security system UI > presents the user with a choice that can expose them to security > failures and they make a choice that leads to the security failure, > where is the problem? Poor judgment by users or poor judgment by > security system designers? When the user can't be expected to learn at least a little bit about the security of the tubes coming into their house I think it's unlikely that there will any great solution. People fall for phone and mail fraud, too, and those are very mature technologies. Will we find a different phone or mail system to fix that? >> It's more complicated. >> >> I would choose to view the dancing pigs, because the technology is >> supposed to make that a safe thing for me to do. I would not, however, >> enter any important credentials after clicking through the cert warning. >> I would find it hard to explain the reasoning to my grandmother. > > Exactly my point. The entire cert warning is pointless, because the > users are faced with choices they cannot assess properly. Wait, it may have some severe limitations but I don't agree that it's "pointless". I use the cert warnings (and lack thereof) in a useful way and would not want use a browser that did not have the ability to show them (and occasionally bypass them). > The better model begins by abandoning the "security-vs-convenience" > mindset. OK, what next? > Security should be about the maximum actually and effective > security experienced by users. Sounds good, can we measure that? > Our reaction to users clicking through > the cert dialogs and being exposed to attack should be "we failed", not > "users have poor judgment". OK "we failed". What next? What do you propose other than not letting the user bypass the cert error page at all? Another page that says "we really really mean it"? A blinking red address bar? Klaxons though the PC speakers? Someone should make a browser that doesn't let you bypass these warnings at all and see how popular it becomes. I'm not trying to be silly but to point out that it's maybe not just that designers are closed minded (though undoubtedly some are). Identity is an inherently deceptively hard problem. My sense is that people are becoming a little tired of getting pwned and so the market is just about ready to begin accepting some different ideas if they come along. Hopefully these will be new and better ideas but it's possible we could end up with something worse too. - Marsh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
