On Fri, Dec 15, 2017 at 3:08 PM, Matthew Hardeman via dev-security-policy < [email protected]> wrote:
> On Friday, December 15, 2017 at 1:50:38 PM UTC-6, Ryan Sleevi wrote: > > > I'm not sure I made those statements, but would be happy to clarify the > > confusion. Indeed, as I tried to call out, there are a subset of users > who > > are looking at it and relying on it - although it cannot be relied upon - > > and any proposition to improve it via validation means is fundamentally > > asserting that users SHOULD be relying on it (as it derives its value > from > > that), which I believe is a user-hostile conclusion. > > > > That is, put differently, if users are only 'safe' if they rely on that > UI, > > then we've failed them. > > If users rely on that UI, and they're not safe, then we've failed them. > > > > In short, the UI has failed them. > > So much of whether this is true depends on definitions and degrees. > > When we talk about "safe", surely we're not speaking in absolutes: > I feel like this is a semantic game that wouldn't be terribly productive, but whether or not the technology meets the expectations - even those expressed on this thread - arguably is a binary statement. This goes back to the "seatbelt that snaps in an accident" - that it feels good 99% of the time doesn't actually improve safety, if it's not fit for purpose. And the purpose isn't feeling safe, it's being safe in the case of an accident. > We're in agreement that all reasonable definitions of "safe" in the human > experience sense of the term involve known and unknown non-zero risk, right? > > It's curious that numerous users are asking for a "user-hostile" condition > to be perpetuated, isn't it? > Not really. We're a self-selected forum of already technically advanced users (by virtue of using this particular mailing list), a number with financial interests within this space, and otherwise all of us having opinions we like to share :) > Some might define user-hostile as, for example, a reduction of > functionality without suitable replacement in sight. > Except it's not a reduction of functionality, no more than removing a seatbelt that breaks 100% of the time in car accidents is removing a safety feature. Despite it feeling good, it doesn't do good - and, if anything, knowingly shipping a car with such seatbelts is doing more harm (by having people THINK seatbelts mean safety) than just not shipping at all. > Except -- and I imagine this is the really inconvenient fact that has led > to EV's survival up to this point -- you can't actually show that anyone > who ever relied upon EV suffered any harm for having made that reliance. > I'm not sure that's the right framing. We can show users confused by EV's UI, and we can show that there isn't an answer that can be given that aligns with both its technical and political implications without also ascribing responsibility to the user. Just because we can't see with perfect clarity the cause, that doesn't mean > we can't acknowledge the reality: No one is attempting do actual consumer > harm with improperly acquired EV certificates. No case that I (or > apparently anyone else here) could think of any case of consumer harm for > reliance on an EV certificate's enhanced UI by way of an improperly issued > or deceptively acquired EV certificate. > > Are we truly to buy that it's coincidence alone? If it isn't coincidence > alone, more thought should be given to saving it, warts and all. > Respectfully, this is the tiger-repelling rock. We can't show that any tigers attacked, therefore, we should keep telling users they need tiger-repelling rocks. And oh, by the way, they take away attention from solutions that do actually repel or repatriate the tigers. You've shifted the narrative in a way to avoid the more difficult conversation - we cannot show benefit from the UI (as those who are versed in what they think it means don't actually get that level of assurance), and we can show harm from the UI (in the complexity to the average user). Just because it doesn't harm those who have an idea in their head about what it means (any more than the average user who ignores it, which is to say), we also cannot show it benefits them - or the average user. It should be, at this point, an unquestionable net-negative. It's keeping a security blanket around for those who like blankets, while ignoring the fact that it hasn't been washed in years and everyone is getting sick from it. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
