Main Area and Open Discussion > Living Room
For better security, maybe it's time to abandon e-mail?
Innuendo:
Nor should they have to IMHO. That's what responsible professionals in our field exist for.
-40hz (December 23, 2014, 10:18 PM)
--- End quote ---
Unfortunately, people have evolved to the point where they are much akin to electricity in that they will always take the path of least resistance. Until the 'responsible professionals in our field' can come up with something new while at the same time come up with something that makes every insecure method more inconvenient for the end users that will cause them to jump ship to the new method, nothing will change.
It doesn't help that most attempts at making things more secure, but easier to use for the end user usually end in disaster. WPS stands as a shining example of that. It was implemented as a way for end users to have a secure home network without having to worry about long passkeys. Of course, it didn't take long for the 'bad people' to find vulnerabilities in WPS which has prompted everyone with half a brain to recommend turning that feature off when you configure your router.
Unfortunately, for all, everyone without half a brain vastly outnumbers those who do and they merrily continue to use vulnerable implementations because people would rather have easy than secure.
Just look at SnapChat. One of the most insecure programs in the history of computing run by a company who simply does not care about the security vulnerabilities in their product and yet there is no sign of SnapChat's popularity waning. An endless string of security professionals *and* media outlets have reported that it is insecure and vulnerable to hacking. The general public have declared they do not care and continue to use it.
Any solution that requires downloading, installing, and/or configuring something that just provides a secure method of something that's already installed on people's PCs or devices is doomed to failure out of the gate.
I admire the intent of this thread & have often wished for the same, but the idiocracy has spoken.
wraith808:
Google Wave was a (half-hearted) attempt. And it got got flamed down, before it even got a chance to come to fruition.
As it was in development still, encryption could have been a building block, instead of a bolted-on thing for almost all other forms of communication.
-Shades (December 24, 2014, 06:35 AM)
--- End quote ---
Knotable is wave like, but also interacts with e-mail. And I still haven't found as much of a way to use it as e-mail.
40hz:
I admire the intent of this thread & have often wished for the same, but the idiocracy has spoken.
-Innuendo (December 24, 2014, 09:03 AM)
--- End quote ---
That remains to be seen I think. My great grandfather felt the same way about telephones. Why would anybody in their right mind want to talk into a piece of unsanitary plastic when they could just send someone a nicely written letter through a perfectly good postal system for one one-hundredth the cost?
He was firmly convinced phones were just a passing fad. And he never willingly used one, even though he did on rare occasion. My family just smiled at "Grandpa Roy" and called him on the phone if we were in a hurry - or sent him a nice note through the mail if we weren't.
My feeling is it doesn't make sense to let ourselves get bogged down with those who are happy with what they've got for whatever reason.
It's important to remember we're designing this sort of thing primarily for us and for our needs. If there's enough who truly want it - and it actually does what it's intended to do - there will be more than enough critical mass to make it happen.
Just look at e-mail and the Internet. They were once the exclusive playground of the "cool kids." These proto-geeks felt it was all much too complex for the average person to ever use. Then along came AOL and Tim Berners-Lee.
As I said earlier, one key requirement is that we let our machines handle the grunt routine tasks and do the heavy lifting. That frees us up to do the things we non-machines are better suited for.
Or so it seems to me. 8)
Stoic Joker:
Unfortunately, people have evolved to the point where they are much akin to electricity in that they will always take the path of least resistance.-Innuendo (December 24, 2014, 09:03 AM)
--- End quote ---
This IMO is indeed the crux of the problem.
Until the 'responsible professionals in our field' can come up with something new while at the same time come up with something that makes every insecure method more inconvenient for the end users that will cause them to jump ship to the new method, nothing will change.-Innuendo (December 24, 2014, 09:03 AM)
--- End quote ---
Okay, this part made me giggle. Not because it's wrong...because it isn't. But because of the above stated issue ... People are lazy. The classic AOL class End (L)user wants to simply click on the magical 'Deliver me from all evil nastiness that is or will ever be' button one time when the computer comes out of the box. ...And then that should - and is to must be - the absolute complete and most utterly totally impenetrable shield of magical protection that is defended by winged demon monkeys that instantly fly to the rescue while they blindly click on any and every idiotic god damn thing that flies across the screen.
I'm on vacation ... But never the less I get an email from the brass who's in panic mode because of some browser window that appeared making them think someone else was looking up stuff on their workstation. My "responsible professional' response... was simply to state that this is why it is recommended to lock a station before walking away from it so we don't ever need to have conversations like this. It ain't like I haven't mentioned this little nuance like 14,000 times in the past ...(high-five for guessing why)... Derp! :wallbash:
Security is something that is practiced. It cannot be installed, or baked in to any degree of absolution (pun intended). Computers will never be totally secure, for the same reason that the roads will never be perfectly safe. Because no matter how much protection you build into the vehicle, you still can't compensate for the fact that the pilot is freaking stupid.
TaoPhoenix:
Thinking in terms of a decentralized non-logging P2P approach is a good start. It won't be totally secure since nothing really can be. But it can be made secure and difficult enough to capture that the cost-benefit ratio tilts in favor of letting something go unless dealing with a demonstrably "high value" target. At the very least it makes broad-sweep data gathering less attractive and far more costly in terms of storage and analysis. You can only raise taxes so much to fund a hopeless project. Even the U.S. military, who wrote the book on money pits, knows that. Merged with known strong encryption (if that means anything now - or will continue to mean much in the near future) makes it even more of a challenge to would be interceptors.
As far as "if people would just ______" I can only say: not gonna happen. And I'm enough an old-school computer guy that I was taught (and believe) that if it always needs to be done, a person shouldn't need to do it at all.
No-exceptions, boring, "always" is what we created machines for. Computers don't always handle exceptions well. But they're champs at mandatory and routine tasks. So lets let our software take care of the heavy lifting. Drudge work is what we originally built the little ogres for in the first place. (Who in their right mind wants to spend years of their limited lifetime calculating ballistics tables for field artillery no matter how good they are at math - or how much they enjoy it?) Let all those expensive chips we built keep busy instead of running endless NOPs when they don't have anything better to do than waste electricity and sit around waiting to be hacked.
Just my :two: for now. ("It's a 'three pipe' problem, Watson.")
8)
-40hz (December 22, 2014, 08:51 AM)
--- End quote ---
I'm a good test case. I admit I am as lazy as the rest of them, and 20% as ignorant. If you ran one of those "biased" surveys, no one very (very) few people would gleefully want all their email to be had by hackers. (Rule ___ : The minute you say no one wants X, someone in the four billion plus people online wants that, for wonderfully obscure reasons!)
So what I'd like to see for example is something like a plugin to _____ so that I log into my Yahoo mail and it looks just fine on my end, and all mail I get looks just fine, but it is somehow encrypted and all that behind the scenes, with nothing much harder than installing a Firefox/clone plugin.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version