On 05/02/2013 12:06 AM, Chris Karlof wrote:
> On May 1, 2013, at 11:49 AM, Harry Halpin <hha...@w3.org
>>> "Many crypto protocols treat service providers as adversaries, a model thatï¿½s nonsensical in the modern computing
>>> environment. Consumers donï¿½t seek technological privacy protection against governments and service providers but against their peers, nosy neighbors, stalkers, employers, insurance companies, advertisers, and the like."
>> That quote makes sense if you as a consumer are a young, privileged, Stanford professor. I know some folks in Syria who would probably disagree with that quote.
>> Of course, most folks in places even like Syria don't use decent security because the software is unusable. Trying to fix that make sense.
> Hi Harry,
> I urge you to read the pair of articles. In hindsight, I probably did the article a disservice by grabbing a quote out of context.
> *Most everyone* in the Western world is privileged compared to "most folks in Syria", and Arvind highlights this distinction in his first article. The point Arvind is trying to make here is that designing applications with crypto for insurgents in Syria is very different problem than designing for Western consumers . If you build an application targeting US consumers that uses something akin to an oppressive government as the primary threat model, you are very much barking up the wrong tree.
As someone who has argued with Arvind in public on this issue, I don't
think he's right. He *is* right that users go for cloud options, and I
think there's *plenty* of good security and usability arguments about
why a scheme like PiCL makes much more sense than imagining security by
proximity - that something on a device is somehow magically more secure
than it is on a cloud. However, I think that users in Syria are not that
different than users in USA. They all demand high usability first and
foremost - that's why folks used Skype so much rather than say, Mumble.
On the same hand, trusting Skype backfired on Syrian users - as much as
it has on activists in the USA. For example, the Mubarak internet
shutdown of Twitter was mirrored early on by the T-mobile black-out of
the pre-Twitter txtMob system at the Republican National Convention
protests in *2004* In the end, people need reasonable security models
even in "developed" countries.
While perfection is the enemy of the good, any scheme that assumes a
single point of failure trust anchor in a major corporation or a
government (or browserid.org
) is probably a bad idea. If you disagree, I
have a Clipper Chip I'd be happy to sell you :) I hope Personae aims
for both usability and reasonable security properties re encryption - I
have trust in all of you there!
>  But unfortunately, designing applications for people in oppressive regimes doesn't skirt all the usability challenges with serious crypto applications just because the users' lives depend on the crypto functioning correctly.