[Freedombox-discuss] "Why Johnny Still, Still Can’t Encrypt: Evaluating the Usability of a Modern PGP Client"
Leen Besselink
freedombox at consolejunkie.net
Tue Nov 10 12:53:06 UTC 2015
On Tue, Nov 10, 2015 at 09:33:07AM -0300, fauno wrote:
> Ben Finney <ben+debian at benfinney.id.au> writes:
> > The hard work is to refine such claims so that they make specific
> > predictions, and then *test* those predictions against real people's
> > real behaviour, in a clinically-controlled trial, and discover whether
> > observations of actual people's actual behaviour matches the claim.
>
> what i meant is that clinically-controlled trials don't reflect people's
> actual behaviour because they take them as individuals without a
> community supporting them.
>
> this is called methodological individualism is you want to give it a
> search :)
>
> in my experience, people getting together with some handy hackers can
> learn how to use gpg in their email with no special difficulty, without
> becoming experts but being able to send encrypted email after all. i
> don't say it's a magic process, but at least it's not assumed that most
> people learn by themselves in an empty room.
>
> that was the intention of linking kleiner's article.
>
> --
> http://partidopirata.com.ar
Would it be possible to create standard like FIDO U2F ?:
https://www.yubico.com/applications/fido/
So vendors can create devices which people can use to encrypt their data without leaking their keys.
Sounds like a device like that has to at least support 3 actions:
- encrypt data
- decrypt data
- provide public key information
Or does such a device already exist ?
Maybe it's possible to use existing HSM standards ?
More information about the Freedombox-discuss
mailing list