On 5/20/2010 4:28 AM, Gervase Markham wrote:
On 18/05/10 15:54, johnjbarton wrote:
I mean that starting a design from the point of view that the users have
faulty judgment will almost certainly lead to software that fails.
If users did not have faulty judgement, and always made correct security
decisions, then there would be no phishing.
It
positions the designer as a superior being and the users as cattle to be
herded in directions deemed important by the designer.
Not at all. Saying that someone is wrong is not a statement about their
personal worth.
But the act of declaring someone is "wrong" is a statement about their
personal worth. It says we are superior, we know right from wrong, and
the pathetic user must be judged by us.
I really don't think that this is what the Draft 3 document intended,
but it is what comes across. I believe that what the Draft 3 document
intended to say was that the user interface for security systems should
not rely on a previously obtained technical understanding of computer
security. Wouldn't that be a more appropriate way to state the design
criteria?
In fact, both the
security system designer and the users are humans with entirely
equivalent ability to make judgments.
An equivalent ability to make judgements, or an equivalent ability to
make _right_ judgements about computer security (which is the point at
issue)?
Let's try to imagine a scenario where we ask if a user will "make
_right_ judgements about computer security". To me this scenario has a
user, a user interface, two outcomes 1) "right" and 2)"wrong", and an
judge who declares at the end of the trial whether the user has selected
correctly. If users pick the "wrong" path, then we adjust the user
interface to make that path more difficult to pick. When users complain
that this makes the user interface too difficult to use, we brand them
as on the wrong end of "security-vs-convenience", and we start that pig
thing again.
Cormac Herley's article points out that reality has two more ingredients
critical to design: the cost of making decisions and public good vs
private good. By including these factors we can arrive a better overall
results.
We want users to be able to make informed choices based on accurate
assessments of risk in the time scale they can will allow and we want to
avoid pitting individual users against the community resource. Aren't
these sensible additions to the user interface criteria?
jjb
Gerv
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto