On 20/05/10 16:45, johnjbarton wrote:
But the act of declaring someone is "wrong" is a statement about their
personal worth. It says we are superior, we know right from wrong, and
the pathetic user must be judged by us.
You are confusing "morally wrong" with "factually wrong".
A user is factually wrong to trust a phishing site. This happens, far
too often, as I'm sure you know.
Now, what do we conclude from this? If we follow your argument, that
stating that they are wrong is a judgement about their personal worth,
then we must conclude that such a user is worth less than those of us
who would get such a decision right.
If we follow my argument - that their mistake is not a statement about
their personal worth - then we can look for UI solutions which help them
to make that mistake less often without being contemptuous of them.
It seems that your position, rather than mine, is more likely to lead to
techies looking down on users.
An equivalent ability to make judgements, or an equivalent ability to
make _right_ judgements about computer security (which is the point at
issue)?
Let's try to imagine a scenario where we ask if a user will "make
_right_ judgements about computer security". To me this scenario has a
user, a user interface, two outcomes 1) "right" and 2)"wrong", and an
judge who declares at the end of the trial whether the user has selected
correctly. If users pick the "wrong" path, then we adjust the user
interface to make that path more difficult to pick. When users complain
that this makes the user interface too difficult to use, we brand them
as on the wrong end of "security-vs-convenience", and we start that pig
thing again.
No-one is suggesting that the problem has an easy solution.
Gerv
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
