On 9/10/12 9:46 AM, Jacob Appelbaum wrote: > I'm sorry to say it but a lot of the users have been here for a while - > most people that use crypto just don't know they're doing it. > Ironically, if users don't get good advice, they'll just be in the same > spot - thinking they're safe when they're not - all over again!
That's what we want to avoid. > I think that the real changes belong in the platforms - anything that > requires configuration is probably already doomed to fail and screw a > user. That requires pushing developers to create user accessible, secure platforms. >That's generally the approach that I've seen work - everything > that requires 0) user education and 1) realistic honesty about threats > or risks results in 2) denial or mistakes or a bork'ed tool shooting the > user in the foot. We don't know what we don't know. We're asking for help, and I at least, appreciate your imput. > Since clearly a few loud people were bent out of shape by my comments - > they have no idea that I encouraged you or tried to help out; so let me > set the record straight: go you! Thanks, I appreciate the support. All of your contribution is appreciated. > I think it is *great* to make the book and I think it is great to do it > with a set of unifying principles - it will help to ensure that good > stuff gets into the book and crappy stuff stays out of the book or is so > noted as crappy or contentious. I think that means that peer review is > essential before rushing to publish. Agreed, and I did voice concerns at the short deadline for publishing. > I really encourage you to put in a few chapters about the following: > > social and technical compartmentalization > targeted exploitation realities (from Core Impact to Metasploit) > threat modeling > intention/goal based risk analysis > physical security risks > practical information on real surveillance/censorship systems > getting involved > going from a user (to a translator or...) to a developer > outlining the currently missing tools that we need to build This list is appreciated. Thank you for the feedback. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
