[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

the Great Filter of private communication



Probably people just need two email clients: One for non-secure email, another that only sends secure messages.  They can both use 
imap for the same account.  Bonus: spam might potentially have a hard time getting accepted as a secure sender, leaving secure email 
spam free.

Alternately, do it on viewing / editing via plugins that are less invasive and more secure.

There are several problems:

Choosing an ID system: email address + key ID of some kind.
Key exchange / trust system: Hierarchical (do you trust some or all CAs?  Their signup policies?), web of trust (GPG or similar), 
personal signing, etc.

Visibility and understanding: Current systems are annoying even for experts.  No hope of a normal user looking at or understanding 
ID/cert/key trust situation.  Make it specific and simple: CA is safe but could be coopted by TLA or mistakes, signup was weak 
(could have been a stolen credit card), password could have been stolen, mitm exposure, etc.  Just draw the trust / exploit tree. 
Factor in multi-factor, alternate channel checking, etc.

Ease of selecting, enabling, and using read/write interfaces.

Solve the problems of control, time available, ability to save for later safely.

Stephen

On 4/20/14, 10:55 PM, Scott Blaydes wrote:
> On Apr 20, 2014, at 7:05 PM, coderman <[email protected]> wrote:
>
>> we have the maths! we have the technology!
>>
>> ... yet actual robust, private communications remain elusive.
>>
>> where the "Great Filter" thwarting our privacy codes?
>>
>>
>>
>> is it usability; anything more than invisibly automatic a failure?
> Yes. People keep claiming that it is just too hard to encrypt email. There are plugins for all platforms. If you canâ??t send encrypted email, sending email in the first place is probably too difficult, just txt everyone on your fone. The smartfone has made for such stupid people that if it canâ??t be done in just a few keystrokes (content included) then it is too hard or tl;dr.
>
> Remember the old days when there wasnâ??t PPP and SLIP connections? Before broadband. When a conversation on IRC was enjoyable, the right amounts of humor and actual thought? And you knew not to ask for help in #unix on efnet.
>
>> is it cost; anything more than zero too much to bear in the market?
>>
> No, everyone can afford a smartfone now a days.
>
>> is it correctness; anything less than a single mode always secure, broken?
> Life is full of levels of grey, and so is security. That password you use on new sites you donâ??t trust vs your gpg/pgp passphrase. The sheeple donâ??t have levels of grey with regards to security, either take it to their grave or everyone can see.
>
> Chatting with someone who was looking to start his own desktop Linux distro. I suggested an encrypted messaging platform over the security-hole-riddled platform he was using and he told me he had nothing to hide. I told him he wasnâ??t the kind of person who should be developing anything security related.
>
> Security takes effort that people are not will to expend.
>>
>>
>> perhaps all of these above, each a requisite element of robustness,
>> further compounding the difficulty of realizing an ideal.


-- 
Stephen D. Williams [email protected] [email protected] LinkedIn: http://sdw.st/in
V:650-450-UNIX (8649) V:866.SDW.UNIX V:703.371.9362 F:703.995.0407
AIM:sdw Skype:StephenDWilliams Yahoo:sdwlignet Resume: http://sdw.st/gres
Personal: http://sdw.st facebook.com/sdwlig twitter.com/scienteer

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20140421/9af6bf6e/attachment.html>