On 18/03/15 00:57, Will Hill wrote: > On Monday 16 March 2015, Adam Bolte wrote: >> If you talk to people on the street, I suspect they'll all say >> something similar to what you have heard - that they care about >> privacy issues. But when you actually look at what they are doing, I >> doubt most of them are doing anything about for themselves. >> Convenience, ease and efficiency takes priority with it's an option >> for their work-flow. > > The Cory Doctorow test is to ask them if they will give you their email > address and password. You can promise you don't care what's going on in > their life, that you won't interfere with their mail delivery, etc, but no > one will give it to you. > > This proves people care but don't know how to protect themselves from > predatory monopolists.
Ahh. Interesting theory, but there is a difference. When people decide not to say No to a Facebook account (for instance), the expectation is that they are getting something useful or interesting to them in exchange for giving up their privacy. If I (especially as a stranger) were to simply ask for their e-mail credentials, there is nothing for them to gain from handing them over to me. In fact, if they really didn't care, they still wouldn't hand them over out of sheer laziness. :) > It's up to people who both care and know to do something about the problem. At my company, I have tried very hard to get everyone using GPG for e-mailing credentials or anything of value, and have implemented a basic policy around using this. Some people did everything they could to get out of installing the software, and most people only use it when strictly required by the new(-ish) policy. Come to think of it, the people who have taken the most interest in using the technology day-to-day aren't very technical. That's not to say everyone non-technical was interested mind you, and it was a very low percentage overall. Some people pushed back against the idea very hard, because it was "too hard" - without even trying or accepting my assistance, or because "I don't have 15 minutes to set it up" - apparently ever! > People want answers and they flow into them when they find them. The best > solution is for the community to provide services. Municipal networks, email > hosted by local groups like schools or clubs, and local IT people > recommending and servicing free software. If it were implemented in a natural way, that's probably true. But has I described in an earlier e-mail, trends are heading towards simplicity over security, privacy and freedom. GMail won't implement GPG natively in the web interface - it can't work that way (the End-to-End extension doesn't count), and even if it could, and it didn't conflict with Google's business model, people would still complain that GMail couldn't search through their encrypted mail. Mozilla has removed the tick-box to disable JavaScript in Firefox, despite claiming to respect user rights to privacy, again because ease of use has taken priority. I though privacy-conscious people were supposed to be a large part of Mozilla's user base? Same deal with scripts being allowed by default these days in Tor. So making software with freedom, security and privacy that users will simply discover on their own is becoming an increasingly difficult challenge. In some cases we may already be past the point where it's possible, because it looks like any solution that improves security and privacy will decrease simplicity, and hence likely won't find popularly and remain a niche. If people don't want to use GPG because it's too inconvenient not to use a GMail web interface, how are we going to convince such people to use community services? I like the idea in principle, but it's not going to achieve mainstream success without somehow addressing these issues. Perhaps the trick is to prevent people ever using these privacy-disrespecting services in the first place, so they never need to transition to something harder? Rysiek said students seems to be very privacy conscious right now. Maybe people providing community services such as e-mail accounts, free software groups, etc. should focus more towards schools? > Objections sometimes work and we are creating a culture that considers non > free software rude. Often you will be the customer and the offender is an > organization that's trying to serve you. We can, for example, get rid of > Word documents by telling people about the problems and recommending formats > that work. Oh no, you'll regret getting me started on Word documents! I ask for it exported to PDF every single time I get a Word document and explain the reasoning for it, often to the sender in person. Yet, the same people keep sending me Word documents weeks later. They just think I'm crazy. However these days I'm given most documents through a work-provided Google Docs account. This is perhaps easier to export into a format I like, but now we're forcing proprietary software to staff and sacrificing privacy in the process. It's just trading one problem for another. > My back quickly learned that relying on Excel format was a bad > idea because many people complained. The advent of cell phones has made this > easier because Microsoft does not work there. This is a battle that's been > going on for thirty years and people are tired of it. It's one of the > reasons I think they are tired of software owners, even if they don't > understand the problem completely. I've been told by some people Word is required for dealing with people outside the company, and it's impractical to use two different office suits for different people. I've also been told by other people that LibreOffice doesn't have <insert obscure feature here> and hence isn't an option. It probably does do what they want, but they just didn't want to spend any time learning a different way to do it. It's as if people are trying to find excuses to justify using Microsoft Office!
signature.asc
Description: OpenPGP digital signature
