Why not use "her" instead of "his"?
Using "his" in 2013 is, indeed, misogyny
Sheila
At 04:05 AM 6/12/2013, you wrote:
Let's first have context -- at this time I am a 30 year old
journalist. But (to establish my geek bona fides) shortly after I
could legally drive, but long before I could vote, I went through
the process of becoming a registered Debian Linux developer.
Then, as is the case now, to achieve that status, one needs to have
their GnuPG key (back then PGP) signed by a fellow developer who has
verified their identity.
While I had undergone the process with my PGP key back when I was a
high school student, by the time Debian made the switch to GPG (as I
recall for ideological reasons surrounding PGP's license) I was at
university with far less free time, and learning crypto software or
getting your keys exchanged and signed wasn't easy. And so I never
made the time to learn the new software until recent events led me
to revisit my options.
I haven't been a regular Linux user since 2001 (switched to Apple)
but I've tried available tools for Linux and what's out there for
Mac OS, even trying to compile some F/OSS solutions from scratch on
Mac OS. And to be honest, despite all the innovations in user
interface over the past 12 years, the situation doesn't look to have
changed much since 2001.
Now, I realize that for someone whose very life might depend on
strong encryption that works, their incentive to learn even the most
arcane and user-unfriendly software could be high enough to overcome
any resistance due to either inertia, poor design, or any other
conceivable reason why Joe Public wouldn't make everyday use of the stuff.
These days I'm a journalist, and while my work has rarely taken me
into places or subjects where encryption is needed, recent events
have inspired me to venture back into the available tools to see if
I could make using email with strong cryptography easy enough that I
could suggest it to regular sources for everyday use.
It still sucks. What exists is godawful at worse and cumbersome at best.
For a cryptosystem to really, and I mean really become widespread
enough to make an impact, it needs to be designed and implemented in
such a way that a given user who wants to add that level of security
to his** email need only install at the very least some manner of
plugin to an existing client, or at most switch to an easy to use
replacement which has that functionality built in seamlessly. Key
exchange would have to be as easy as forming connections on a social
network. Heck, a crypto-social network might be the best way to
jump-start such a thing.
But let's be honest here -- I think we all are aware on some level
or another that even if one was able to develop and deploy the
easiest software imaginable (say, Apple's "iCrypt" that they'd
allowed to be vetted, even made key parts open source) and the most
robust algorithms known to man, it's not enough that it be easy to
use -- it has to become widely adopted, at least among enough of the
population that assuming easy key exchange, it would become a
non-event for someone to send or receive an encrypted message. It
would have to definitely be widespread enough that, if we also
assume pervasive surveillance -- at least on a passive "filtering"
level of some kind -- that to see cyphertext being transmitted back
and forth would be common enough that it wouldn't raise alarms or
attract attention of any sort.
Let's get real -- assuming surveillance is the new normal, isn't it
more likely that cyphertext in the datastream is -- at least as of
this day and time -- more likely to attract attention from
authorities than say, quality steganography or something like a
carefully designed and well executed book code?
Maybe the idea of pervasive surveillance and any resulting
discomfort will raise interest in easy encryption among the general
public, but given the state of the current crypto toolbox, I doubt it.
Andrew
**for those who are PC-inclined, please note I use "his" alone not
out of misogyny but for brevity and clarity.
On Jun 11, 2013, at 9:56 PM, Kate Krauss
<<mailto:[email protected]>[email protected]> wrote:
It's really easy to use these tools if you already know how to do it.
Otherwise they are often complicated and unintuitive. For some of
us, they represent an academic field or a fascinating hobby. For
others, they are the keys to survival. Hubris--and not really
caring whether they work or not for non-geeks--is an obstacle to security.
Most activists and journalists don't care how interesting these
tools are, as long as they can get them to work. If they were as
simple and stupid as AOL circa 2000, that would be great.
This is the beauty of cryptoparties--people can sit next to you and
talk you through it. Thanks, Asher Wolf. That is often all it
takes. Otherwise, tiny glitches or misunderstandings can put them out of reach.
A security workshop my group organized a couple years ago included
lots of geeks ANDS lots of on-the-ground activists (of many
stripes, including technophobes) who were teaching each other with
the help of two excellent, feminist lead teachers who are good
listeners. That also worked well and permanently evangelized
everyone about the importance of activism around this issue.
Yet this is also a capacity problem. There is the equivalent of a
fleet of bicycles building online safety tools. And well-paid
armies of spies trying to defeat them.
One way to judge the effectiveness of cryptographically (?) sound
tools is not by how cool they are in theory but by how many regular
people can figure out how to use them the first time, without help.
We can test this and rate the tools.
Another obvious answer for increasing these tools' legibility is to
convene test groups--perhaps this is already happening?-- of
regular people and non-geek activists to try them out. And watch
those people in action--see what keys they press, see where they
pause. And then iterate. Startups do it, and so can we.
There can be no security if the tools don't scale.
Katie Krauss
AIDS Policy Project
<http://www.aidspolicyproject.org/>www.AIDSPolicyProject.org
On Tue, Jun 11, 2013 at 7:54 PM, Nadim Kobeissi
<<mailto:[email protected]>[email protected]> wrote:
This story really solidifies why I believe that we need to make
privacy technologies accessible to journalists, instead of simply
focusing on the other way around.
Glenn Greenwald had to substantially delay his communications with
Edward Snowden due to how inaccessible a lot of privacy and
encryption software is to use.
Our main and primary goal at Cryptocat has been to focus on making
encrypted communications accessible, easier to use and fun and
attractive. We've always believed that accessibility is a security
feature, and this idea is at the core of our project.
<http://arstechnica.com/security/2013/06/guardian-reporter-delayed-e-mailing-nsa-source-because-crypto-is-a-pain/>http://arstechnica.com/security/2013/06/guardian-reporter-delayed-e-mailing-nsa-source-because-crypto-is-a-pain/
NK
--
Too many emails? Unsubscribe, change to digest, or change password
by emailing moderator at
<mailto:[email protected]>[email protected] or changing
your settings at
<https://mailman.stanford.edu/mailman/listinfo/liberationtech>https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Too many emails? Unsubscribe, change to digest, or change password
by emailing moderator at
<mailto:[email protected]>[email protected] or changing
your settings at
<https://mailman.stanford.edu/mailman/listinfo/liberationtech>https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Too many emails? Unsubscribe, change to digest, or change password
by emailing moderator at [email protected] or changing your
settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Sheila Parks, Ed.D.
Founder
Center for Hand-Counted Paper Ballots
Watertown, MA 02472
617 744 6020
DEMOCRACY IN OUR HANDS
www.handcountedpaperballots.org
[email protected]
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at [email protected] or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
