On 26/09/13 02:32 AM, Peter Gutmann wrote:
ianG <i...@iang.org> writes:

Well, defaults being defaults, we can assume most people have left it in
default mode.  I suppose we could ask for research on this question, but I'm
going to guess:  most.

“Software Defaults as De Facto Regulation: The Case of Wireless APs�, Rajiv
Shah and Christian Sandvig, Proceedings of the 33rd Research Conference on
Communication, Information and Internet Policy (TPRC’07), September 2005,
reprinted in Information, Communication, and Society, Vol.11, No.1 (February
2008), p.25.

Peter.



Nice.  Or, as I heard somewhere, there is only one mode, and it is secure.

http://www-personal.umich.edu/~csandvig/research/Shah-Sandvig--Defaults_as_de_facto_regulation.pdf



Today’s internet presumes that individuals are capable of configuring software to address issues such as spam, security, indecent content, and privacy. This assump- tion is worrying – common sense and empirical evidence state that not everyone is so interested or so skilled. When regulatory decisions are left to individuals, for the unskilled the default settings are the law. This article relies on evidence from the deployment of wireless routers and finds that defaults act as de facto regu- lation for the poor and poorly educated. This paper presents a large sample beha- vioral study of how people modify their 802.11 (‘Wi-Fi’) wireless access points from two distinct sources. The first is a secondary analysis of WifiMaps.com, one of the largest online databases of wireless router information. The second is an original wireless survey of portions of three census tracts in Chicago, selected as a diversity sample for contrast in education and income. By constructing lists of known default settings for specific brands and models, we were then able to ident- ify how people changed their default settings. Our results show that the default settings for wireless access points are powerful. Media reports and instruction manuals have increasingly urged users to change defaults – especially passwords, network names, and encryption settings. Despite this, only half of all users change any defaults at all on the most popular brand of router. Moreover, we find that when a manufacturer sets a default 96–99 percent of users follow the suggested behavior, while only 28–57 percent of users acted to change these same default settings when exhorted to do so by expert sources. Finally, there is also a suggestion that those living in areas with lower incomes and levels of education are less likely to change defaults, although these data are not conclusive. These results show how the authority of software trumps that of advice. Consequently, policy-makers must acknowledge and address the power of software to act as de facto regulation.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Reply via email to