Main Area and Open Discussion > Living Room
*Email privacy and security survey*
cyberdiva:
Yes, I know what it is, and no, I don't use it. I rarely if ever have anything in my email worth hiding from the world. Also, almost no one I write to uses it or wants to be bothered.
Renegade:
Also, almost no one I write to uses it or wants to be bothered. -cyberdiva (August 17, 2013, 09:20 AM)
--- End quote ---
And my guess there is because it's too darn hard to get working and email is broken anyways. :P
Vurbal:
There are a couple big problems the way I see it, and they're not specific to email. The first is simplicity and useability. For ordinary people something like PGP is obviously way too complicated - not because it's actually that hard but because it has the appearance of difficulty. Honestly, though, even something relatively simple like just going to Comodo and getting a free SSL certificate is just as intimidating.
I consider myself something of an expert on this particular subject. Most complex software is well within the grasp of most people but people like me who are good at both understanding and explaining it are few and far between. I don't know what the answer to that one is besides just keep doing what I do.
The other side of the problem is the solution providers. As someone has already noted, self signed security like PGP can be hard to trust but third party providers are inherently risky as well. Even if they're trustworthy, they represent single points of vulnerability which can impact everybody everywhere. A web of trust is the only solution to both problems but it needs to involve the industry players as well.
At the end of the day it probably comes down to mindset. Even if you don't give a rat's ass about anybody else, the less secure everybody else's systems are, the more vulnerable yours is. It needs to start by picking off the low hanging fruit by establishing some kind of reasonable baseline.
There are a lot of things I think go into that, but the first one is this. At least when it comes to getting the message out to the masses, we need to stop talking about security and start talking about privacy. Mention security and most people will tune you out before you start the next sentence. Say privacy - especially right now - and you've got people's attention. They neither want nor need to know the big picture. They just need to know how to do their part to protect themselves so we can focus on taking the next step.
Renegade:
The other side of the problem is the solution providers. As someone has already noted, self signed security like PGP can be hard to trust but third party providers are inherently risky as well. Even if they're trustworthy, they represent single points of vulnerability which can impact everybody everywhere. A web of trust is the only solution to both problems but it needs to involve the industry players as well.
-Vurbal (August 17, 2013, 11:06 AM)
--- End quote ---
And that's EXACTLY why I'm hopeful for Bitmessage to sort its problems and enter the arena of strong encryption that we can trust.
There are a couple big problems the way I see it, and they're not specific to email. The first is simplicity and useability. For ordinary people something like PGP is obviously way too complicated - not because it's actually that hard but because it has the appearance of difficulty. Honestly, though, even something relatively simple like just going to Comodo and getting a free SSL certificate is just as intimidating.
-Vurbal (August 17, 2013, 11:06 AM)
--- End quote ---
This is the biggest problem right now.
While I *could* get it working for *ME*... doesn't mean jack if other people aren't on board.
The barrier is a function of difficulty, tech savviness, broad adoption, and willingness to use it. And willingness is a function of "how damn long will this take me to get it running, and who can I use it with?" Blah blah, etc. etc.
I've had a bitch of a time trying to get other people to use Jitsi with me. So far I've got 1 (one) friend to use Jitsi with me. And half the time we end up on Skype. Jitsi is great, but it ain't prime time yet. :(
Then there's email... hopeless. It's just total dog s4!+.
Vurbal:
The other side of the problem is the solution providers. As someone has already noted, self signed security like PGP can be hard to trust but third party providers are inherently risky as well. Even if they're trustworthy, they represent single points of vulnerability which can impact everybody everywhere. A web of trust is the only solution to both problems but it needs to involve the industry players as well.
-Vurbal (August 17, 2013, 11:06 AM)
--- End quote ---
And that's EXACTLY why I'm hopeful for Bitmessage to sort its problems and enter the arena of strong encryption that we can trust.
-Renegade (August 17, 2013, 11:32 AM)
--- End quote ---
That's exactly what I'm talking about. :Thmbsup: Services like that are also important because if/when they become successful there's another piece of the roadmap for developing other services.
I also think the more small to medium size players we have trying to gain a foothold in the enterprise market, the more we'll see business models catering to both individuals and business. A company like Comodo benefits most from expanding the market and stimulating competition. A company like Verisign or Microsoft benefits most from controlling the market and maintaining the status quo.
This is the biggest problem right now.
While I *could* get it working for *ME*... doesn't mean jack if other people aren't on board.
The barrier is a function of difficulty, tech savviness, broad adoption, and willingness to use it. And willingness is a function of "how damn long will this take me to get it running, and who can I use it with?" Blah blah, etc. etc.
I've had a bitch of a time trying to get other people to use Jitsi with me. So far I've got 1 (one) friend to use Jitsi with me. And half the time we end up on Skype. Jitsi is great, but it ain't prime time yet. :(
--- End quote ---
Yep. And that's where people like me fit into the picture. Without users who are at least reasonably competent how can developers get useful feedback? There's just too much trial and error on both sides which can only be solved if they meet in the middle. Lots of developers are already there waiting. The public, on the other hand, needs some herding.
Then there's email... hopeless. It's just total dog s4!+.
--- End quote ---
It's not just email either. To paraphrase one of my favorite (made up) Einstein quotes, we cannot solve our problems using the same thinking that created them.
Email, passwords, and even independent security authorities are obsolete. They're modeled on outdated corporate processes and technical limitations that no longer apply. Building replacements requires a completely different perspective based on current needs and technology. It's sort of like the transition from horseless carriages to cars.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version