There may be support for this statement, but I've never been able to find its scientific basis, in cryptography, user design, nor in economics. In particular, the last 10 years of experience only bear it out to the extent that users were denied the chance to make a choice. So it may well be that the reason they are not in a position to correctly judge relative levels of risk is because they are not permitted to do so.
Let's try and find an analogy. Users choose banks to deal with. One criteria they could potentially use in choosing a bank is what percentage of customers lose money through some sort of fraud (in a situation where the bank disclaims responsibility).
Now a user could try and find and collect statistics on which banks tend to disclaim responsibility in fraud cases, and which didn't, and on which banks tended to be targets of fraud, and which don't. But they don't do that. They choose a bank account based on the free Walkman and pen.
Gerv _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
