SoylentNews is people
SoylentNews
Arthur T Knackerbracket has found the following story from Bruce Schneier's blog:
Every few years, a researcher replicates a security study by littering USB sticks around an organization's grounds and waiting to see how many people pick them up and plug them in, causing the autorun function to install innocuous malware on their computers. These studies are great for making security professionals feel superior. The researchers get to demonstrate their security expertise and use the results as "teachable moments" for others. "If only everyone was more security aware and had more security training," they say, "the Internet would be a much safer place."
Enough of that. The problem isn't the users: it's that we've designed our computer systems' security so badly that we demand the user do all of these counterintuitive things. Why can't users choose easy-to-remember passwords? Why can't they click on links in emails with wild abandon? Why can't they plug a USB stick into a computer without facing a myriad of viruses? Why are we trying to fix the user instead of solving the underlying security problem?
Traditionally, we've thought about security and usability as a trade-off: a more secure system is less functional and more annoying, and a more capable, flexible, and powerful system is less secure. This "either/or" thinking results in systems that are neither usable nor secure.
[...] We must stop trying to fix the user to achieve security. We'll never get there, and research toward those goals just obscures the real problems. Usable security does not mean "getting people to do what we want." It means creating security that works, given (or despite) what people do. It means security solutions that deliver on users' security goals without -- as the 19th-century Dutch cryptographer Auguste Kerckhoffs aptly put it -- "stress of mind, or knowledge of a long series of rules."
[...] "Blame the victim" thinking is older than the Internet, of course. But that doesn't make it right. We owe it to our users to make the Information Age a safe place for everyone -- not just those with "security awareness."
(Score: 2) by meustrus on Wednesday October 05 2016, @04:41AM
That looks like a great analogy to me, and unfortunately things can't be the same on the internet. Because people have always been able to do terrible things to you. The only difference is that now it's super cheap to send 10,000 copies of junk mail without having to pay the post office. You know it sure would have been different if the email system was designed to allow individual network operators to charge some micropayment for the privilege of forwarding that mail. I suppose the main reason they couldn't, besides ideological reasons, is that microtransactions over the fledgling internet were simply uneconomical. You would need Bitcoin as a prerequisite to bring the transaction fees low enough, which obviously the designers of email couldn't have had. So it will be forever free to send email, lowering the bar to entry for every shady business practice, with no profit incentive for cleaning up the bottomfeeders.
And you know what? That's a good thing. We needed something as useful as email to make any progress on the internet, and its freedom has led to a lot of the success. Not that nobody pays for email. And it's a shame that it's not really possible to maintain a secure email server without the resources of a Google or a Yahoo. But wouldn't it be nice if the user of somebody with those resources was actually getting a fair experience? Without violating their privacy? With some semblance of market competition for the user's attention, not for the advertisers who are the real customers of the internet? If we can somehow eliminate advertising and the need for it, perhaps by making a more crowd-sourced information distribution system (like say SoylentNews or Reddit, or even more distributed like Diaspora), we could make the world a much safer place.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?