Katy Pearce: > they have so much ICT security training and > documentation thrown at them in a multitude of languages, yet they still > don't use it.
As someone who writes documentation (for the Whonix project and previously for torproject wiki), I suppose instructions are too long and complex. The problem is, you cannot dumb down below a certain level of complexity at documentation level without leaving out security critical points. To get simpler documentation and more usable tools some day, the underlying tools need to be simplified first. Just a small example. gpg uses key ids and fingerprints. But comparing key ids for verification isn't save, only the full fingerprint is. In comparison to OTR, there are only fingerprints, no key ids. So in that regard OTR is a little less complex than gpg. This results in instructions for gpg getting longer since this important additional information has to be covered. It also seems to me, that new tools which have recently been designed are less complex (only talking about the interface, not code) and therefore simpler to document. Systems such as pond and bitmessage are to my knowledge secure by default. There is no way to drop back to cleartext communication. Secure by default means less complexity, fewer things to explain, document. Gpg in comparison is more like an afterthought to secure e-mail. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
