[Freedombox-discuss] "Why Johnny Still, Still Can’t Encrypt: Evaluating the Usability of a Modern PGP Client"

Leen Besselink freedombox at consolejunkie.net
Tue Nov 10 12:53:06 UTC 2015

On Tue, Nov 10, 2015 at 09:33:07AM -0300, fauno wrote:
> Ben Finney <ben+debian at benfinney.id.au> writes:
> > The hard work is to refine such claims so that they make specific
> > predictions, and then *test* those predictions against real people's
> > real behaviour, in a clinically-controlled trial, and discover whether
> > observations of actual people's actual behaviour matches the claim.
> what i meant is that clinically-controlled trials don't reflect people's
> actual behaviour because they take them as individuals without a
> community supporting them.
> this is called methodological individualism is you want to give it a
> search :)
> in my experience, people getting together with some handy hackers can
> learn how to use gpg in their email with no special difficulty, without
> becoming experts but being able to send encrypted email after all.  i
> don't say it's a magic process, but at least it's not assumed that most
> people learn by themselves in an empty room.
> that was the intention of linking kleiner's article.
> -- 
> http://partidopirata.com.ar

Would it be possible to create standard like FIDO U2F ?:


So vendors can create devices which people can use to encrypt their data without leaking their keys.

Sounds like a device like that has to at least support 3 actions:
- encrypt data
- decrypt data
- provide public key information

Or does such a device already exist ?

Maybe it's possible to use existing HSM standards ?

More information about the Freedombox-discuss mailing list