Today, Niall Kavanagh gleaned this insight:
> > That doesn't mean you need to USE them. It's your choice.
> >
>
> Cars kill millions of people every year. Fortunately we don't HAVE TO use
> them.
>
> Electricity can kill you. Fortunately, you don't HAVE TO use it.
While you have a valid point, there IS a difference. The vast majority of
people who use these wonderful on-line services have NO IDEA that they may
be putting themselves at various forms of risk, because they know
absolutely NOTHING about the technology. Most people couldn't even
concieve of the idea of someone hijacking their encrypted browser session
in which they do their banking, for example.
Whereas in both cases you mentioned, most people who attend school (at
least in this area) are afforded easy access to education about those
topics. If you fail to make use of that access, that's your business. But
at least you have the opportunity. High schools in this area offer
driver's ed. classes, and I've had electricity awareness as a topic
(though certainly not an entire semester worth) at multiple levels of my
education.
For the average person to really understand the risks envolved with
putting services on-line, the education they would need to obtain is
extensive. Most people have neither the time nor the desire to obtain
this training. The computer is a tool that is supposed to make their
lives easier, and that's all they want to know. And the providers are
happy to keep them ignorant, because it's cheaper for them, both to
provide the riskier services, and to not educate them.
> Sysadmins can often attack the very users they are trying to help.
> Fortunately, you don't HAVE TO... um, nevermind.
I'm not going near that. ;)
> Life is all about risk management, trading off perceived benefits for
> possible threats. I don't have to use E-Trade, but I can't bear the
> thought of dealing with a broker every time I want to trade a stock. The
> perceived benefit for me far outweighs the possible risk.
Exactly. I have no problem with these services existing, and even use
some of them myself, from time to time. But, though I would not call
myself a computer security expert (or anything reasonably similar) by any
means, I have a pretty good understanding of what the risks are, and can
make an informed judgement about whether or not I want to use those
services. What percentage of people who use, say, on-line banking
services, would you say have that understanding? I obviously can't
provide you figures, but my expectation is that it's very, very low.
My own experience at a previous job working with people who work in a
high-tech field suggested exactly that (though I won't go into that in any
detail for various reasons). Even a few people on this very list who work
in software, or even in OS design, have admitted that they don't really
know much about computer security and/or electronic communications
security. If THEY don't, what chance does Doctor Joe or Lawyer Jane, or
Fred Average office worker stand?
Even that isn't my biggest gripe. My concern is that given the inherently
insecure nature of such transactions, that there should always be
alternative ways to accomplish the same task. For example, in the case of
on-line banking, there should always be real tellers to whom I can go and
get a written reciept of my transaction.
Granted, NO method of transacting (anything) is completely secure, but
obviously some are more risky than others. I should not be FORCED to use
more risky services when it is reasonable to provide less risky ones.
Society should be careful to ensure that those less risky methods remain
available. We in the Linux community can, should, and often do work to
make sure that those alternatives exist. And I thank us. :)
> I hate going back and forth with you guys, because you ARE RIGHT. I
As are you.
> completely agree with you (and Kenny). I just feel I should point out your
> tolerance level for risk may not be the same as someone else. As you said
> "it's your choice".
Everyone's tolerance for risk is different. I was kinda busy when I
posted my original (very brief) comment, but the point I was trying to
convey is that there are usually alternatives, and even when there aren't
you should know what you're getting yourself into, and I don't think
that's really happening with these new on-line services and a variety of
other new technologies (like biotech, communications, etc).
If consumers are informed, then they may insist upon new (or old) ways of
doing things that meet their needs and/or expectations. That was more or
less the sentiment behind my original response; if you know that you're
unhappy with the service that's being offered you, go to your service
provider and insist they provide an alternative. Let your friends know
you're not happy too. You can be sure that if YOU want something
different, someone else somewhere wants the same thing. If there's enough
demand for alternatives, SOMEONE will meet it, because there's money in
meeting people's demands.
Also, it should be the burden of those service providers to spell out the
risks to their customers. Of course, cigarette companys have known for
decades that smoking is addictive and causes cancer, and we STILL can't
get them to admit it even though it's become common knowledge, so I
suppose I'm asking for too much.
I've left out a lot of points that I would have made, but it's getting
late and I'm sick of typing... And as you said, we agree. If you want
to talk about this some more over a beer, I'll be happy to... :)
--
Derek Martin
[EMAIL PROTECTED]
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
