Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Safer submission of content to news organizations

Michael Rogers m-- at
Thu Jan 19 04:32:44 PST 2012

Hi Okhin,

On 19/01/12 10:51, Okhin wrote:
> I totally agree with the
> fact that idiot-proof system can fail at security (see WPS), but if it
> needs a degree of computer engineering to send a document, nobody will
> uses it.

Is it better for someone to walk away from a secure system or to use an
insecure system?

I think the answer depends on whether the person understands the risks
involved. I'm not opposed to giving people an informed choice between
risk and convenience. What I'm opposed to is giving people choices that
contain hidden risks they don't understand.

Unfortunately, since the system can't tell whether the user's making an
informed or uninformed choice, there's no way to build an insecure
system without exposing technically unskilled users to risks they
haven't chosen.

> We need to educate people and journalists to uses those tool on a
> daily basis, but keeping the things out of reach of non tech-savvy
> people kind of destroy the purpose of having a WB platform.
> Tech-savvy people will always find a way to use more security than the
> minimum level, so they're not the target of such a platform I think. We
> need to think about people who does not understand how communications
> work.

Yes, I agree that we should think about those people, which is why we
shouldn't build insecure but easy-to-use systems. Those people are
exactly the ones who'd be endangered by such systems.

Of course, neither security nor usability is black and white. Perhaps
it's better to talk about levels of risk and levels of difficulty. So
when designing a system we might ask: first, what's an acceptable level
of risk for the least-informed user of the system; and second, what's
the easiest system that doesn't exceed that level of risk?

The second question is technical, but the first is really political.


More information about the liberationtech mailing list