[Freedombox-discuss] "Why Johnny Still, Still Can’t Encrypt: Evaluating the Usability of a Modern PGP Client"

Jonathan Wilkes jancsika at yahoo.com
Tue Nov 10 07:42:13 UTC 2015

This is fascinating.  From the article:"Finally,  one  participant  eventually  exported  his  private  key
and sent it along with his keyring password to his friend so
that his friend could decrypt the message he had received. In
this case, even though the participants had transmitted the re-
quired information, they were informed that they needed to
try some more and accomplish the task without sending the
private key."

It's difficult to describe just how broken an encryption application is 
when this can be an actual result in the field.  But I'll try-- imagine 
reading this on a test of an audio playback application:

"Finally,  one  participant  eventually succeeded in playing back
an audio file but set fire to his laptop by clicking the buttons in 
the wrong order. In this case, even though the participant had 
played back the required audio file, they were informed that they 
needed to try some more and accomplish the task without melting 
the hardware."

     On Monday, November 9, 2015 5:58 PM, Ben Finney <ben+debian at benfinney.id.au> wrote:

 fauno <fauno at kiwwwi.com.ar> writes:

> Petter Reinholdtsen <pere at hungry.com> writes:
> > I find this user testing report by Scott Ruoti, Jeff Andersen, Daniel
> > Zappala and Kent Seamons very interesting.  Check out
> > <URL: http://arxiv.org/pdf/1510.08555.pdf >.
> so... individual persons without a community helping them are unable to
> use X?, shocking :D

That's a broadly worded statement, with no specific predictions, so is
of virtually no use for guiding specific action. Just about any result
could be made to fit such a vague statement, so no, when you state it
like that, it's no shock.

It is very easy to say “yes, that seems obvious” about the results of
any study. Such a glib statement is of no value, and does not discount
the value of the study. The opposite outcome would also be met with
“yes, that seems obvious” by some people, so merely encountering such a
sentiment tells us nothing.

The point is not to simply assert such claims and act as though they're
true, because other people can assert contradictory claims and act as
though *those* are true. Assertion without hard scientific evidence
leads to conflicting policies with nothing but ideology to resolve them.

The hard work is to refine such claims so that they make specific
predictions, and then *test* those predictions against real people's
real behaviour, in a clinically-controlled trial, and discover whether
observations of actual people's actual behaviour matches the claim.

If we actually knew the result beyond any doubt before conducting the
experiment, there would be no point and your dismissal would have merit.
In the absence of such trial results, though, we *don't* know, and the
trial is worthwhile and its reporting has great value.

> http://www.dmytri.info/hackers-cant-solve-surveillance/

Another interesting article, thank you.

 \          “Pity the meek, for they shall inherit the earth.” —Donald |
  `\                                              Robert Perry Marquis |
_o__)                                                                  |
Ben Finney

Freedombox-discuss mailing list
Freedombox-discuss at lists.alioth.debian.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20151110/66b65242/attachment-0001.html>

More information about the Freedombox-discuss mailing list