Conversation:
Notices
-
@hishamhm Apparently you haven't used #Thunderbird + #Enigmail.
However, the problem of solving UI/UX vs. security tradeoff is _hard_. If the user has a seamless experience, there is no security to speak of. If the user doesn't know where and how the private key is stored, there is no security to speak of. etc. etc.
-
@hishamhm And last but absolutely not least: If the user doesn't understand the concept and importance of fingerprinting, there is no security to speak of. People laud the "user friendly" interface of #Signal etc, where all of this is magically hidden, but all of a sudden someone with a similar (or visually identical through unicode etc.) identity comes along and bam - they have no idea they're getting duped.
-
@hishamhm Was it moxie@secure.example or moxie.marlinspike@secure.example? Well I guess it's all the same, the service I am using is Secure, so I can Trust it to be Verified. I'll just go ahead and chat with this moxíe.marlínspíke@secure.example person, he seems so nice.
-
@hishamhm Someone who can't be bothered to learn about the tools to use can't be trusted with secure communication in the first place.
-
@hishamhm Sorry for the rant-spam. I felt I had to get it out. .)
-
@pettter As long as you don't call it secure when people routinely leave their phones unlocked etc. because it's Secure(tm).
Why should I consider something secure if the remote party doesn't even know _why_ you should (deems it important enough to) auto-lock the screen/app/whatever? ("omg ffs that's totally not user friendly!!! gotta write the 4 digit key MORE THAN ONCE PER DAY!!!")
-
@pettter Scenario: Person A and B work at the same place, A wants to communicate securely with person B to organise solidarity. B has this really neat, simple app for secure messaging that Just Works(tm). 1. A sends secret message to B about how crappy the boss is. 2. B has archiving on because it's the user-friendly default. While noone can read the message in transi…
-
@hishamhm Doesn't matter how good the handshake is if people leave their phones logged in with content easily accessible. Some people even think it's too much work to lock the workstation when going to the bathroom.
-
@pettter That specific scenario was just one of many. Also legal discourse and protection are irrelevant in many situations when damage is already done (compare with surveillance cameras etc.).
MMN-o ✅⃠
All Hacker Poesy content and data are available under the