On 08/06/2012 10:19 PM, fr...@journalistsecurity.net wrote: > No doubt the functional security of tools is an indispensable, essential > concern. Ignoring any vulnerabilities is dangerous, indeed. But the > usability of the same tools and making them accessible to > non-technologists is just as big a concern, in my view. I know you guys > think that many such users including Western journalists are simply > lazy. But many, if not most of the available tools are simply not > intuitive, or not as much as most technologists who already know how to > use them seem to think.
I'm pretty sure we're all in agreement here: the security and privacy tools we have today are virtually unusable. We aren't currently providing workable solutions for even the most basic use cases. I don't think the problem is that we (as "technologists") don't know this, are refusing to acknowledge it, or think you're all lazy for not loving our terrible tools; the problem is that it's difficult to deliver on. Here's the situation as I currently see it: 1) The crypto is the easy part! When we were writing RedPhone, it took me less than two days to write the ZRTP implementation from scratch. Then we spent months trying to develop a usable interface, a frictionless experience, and high call quality. The project is over a year old now, and we're still not where we want to be in terms of user experience, but we basically haven't touched the crypto after those first two days. 2) There are very few people actually contributing to this space right now. Most of the people who are interested don't come from a software development background, and even fewer are graphic designers. 3) The resources required to produce a high quality application are substantial. I work on an encrypted text messaging application for Android, called TextSecure. If we look at what's happening in that general communications space, the standard for user experience is set by applications without an emphasis on security like, WhatsApp, etc. These other apps are the single product focus for entire companies. It's possible that there are ~30 engineers working on that one application, and yet that's roughly on the same scale as the number of software developers working seriously in the entire "liberation technology" communications space. So I agree with you, and it's hard, but we need to accomplish what you're asking for while still being rigorous about delivering security and avoiding the creation of more haystacks. I believe we can do it, but it's going to take time, and I think it probably means you don't get a webapp right this second. - moxie -- http://www.thoughtcrime.org _______________________________________________ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech