Domain: gaudior.net
Stories and comments across the archive that link to gaudior.net.
Comments · 7
-
Not precisely possible — Long known.
I often quote in this context a nice 1999 article, Why Johnny can't encrypt: a usability evaluation of PGP 5.0.Yes, it's old, but still interesting: What kind of shortcomings do crypto interfaces have in order to be used by a random Johnny?
-
Re:How about buying PGP?
It has a decent UI
Really? Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. Yeah, it was a while ago and some things have improved, but most of the issues remain and I doubt another focus group study would find significantly different results.
The problem is that designing a UI that makes it easy for people who don't know anything about cryptography or security to achieve useful cryptographic security is really, really hard. Almost as hard as educating everyone about cryptography and security enough that they can achieve useful cryptographic security with PGP.
-
Re:The chain of trust is broken.
The chain of trust is broken because cryptographers, a class of developers with a long track record of being utterly incapable of building software that's usable for regular humans, has been left in charge of building iit.
When the problem is taken up by other, more UX knowledgable, developers we'll get a solution to the problem.
-
Re:why do these things never mention encryption?
True, but generating appropriate keys, choosing sane settings, managing keys appropriately, dealing with the Web of Trust, etc. can be quite challenging for many.
The concept of asymmetrical keys and how they work can be difficult for many to understand. It's not unheard of for users to generate a key using the intended recipient's name and email address, then try to use it to send them mail. See http://gaudior.net/alma/johnny.pdf for a usability study of an admittedly old Mac version of PGP.
I routinely use GPG, as to several of my technically-minded colleagues, but even they get frequently mixed up on some of the details.
-
Re:We've seen this with PGP
Putting pgp keys in our emails doesn't help that. It has to be transparent. And that's exactly what Scheiner is saying.
Yeah, good luck with that. In my experience, mail encryption is fundamentally difficult - like going from driving cars to planes. You have to know the basics of key management ie get someone's PUBLIC key, encrypt messages using HIS public key & he decrypts using HIS private key. That's already a dealbreaker for most people. Does he seriously expect they'll listen when he talk about key backups, key signing or the importance of only keeping decrypted attachments in ram?
Why johnny can't encrypt. (pdf) -
Re:Outlook plugin?
Before making yet another unusable PGP interface you should probably check out the two research papers below. They are two very famous user studies done that look at why the normal user can't use PGP correctly even as an Outlook extension.
http://www.gaudior.net/alma/johnny.pdfWhy Jonny Can't Encrypt
http://cups.cs.cmu.edu/soups/2006/posters/sheng-po ster_abstract.pdfWhy Jonny Still Can't Encrypt
Using the papers to address some of your suggestions:
* Automatically decrypt/sigcheck all incoming emails
How does the user know it has been decrypted and which key decrypted it? Currently PGP solves this problem by putting a line at the begining of the email saying that it was decrypted. But there is nothing to stop a phisher from putting a similar line at the begining of their emails before they are even sent.
* Automatically encrypt/sign all outgoing mails.
How does the user know they have successfully encrypted their email? Quick feedback is an essential part of learning. By making the encryption invisible the user gets no feedback and since the program auto decrypts they can't even send it to themselves to make sure it worked. Plus what happens if the user wants to send it to someone who can't decrypt it?
* Automatically (just ask for password confirmation or something) addition of incoming pubkeys to my keyring.
What is going to stop people from helpfully adding the phisher's keys to their keyrings? You had better make sure there is an easy way to remove them. -
there is a literature on usability and security
There is actually a fairly large literature on usability and security. Have a look at the HCISec Bibliography at http://www.gaudior.net/alma/biblio.html