Radio Netwatcher vom 13.3.2015 – Why is GPG “damn near unusable”?

Podcast
Radio Netwatcher
  • Radio Netwatcher vom 13.3.2015 - Why is GPG "damn near unusable"?
    60:00
audio
30:46 min.
BBA Livestream-Video von Youtube weltweit gesperrt worden - jetzt spricht Georg Markus Kainz über Contentfilter und anderen Fragen
audio
1 hrs. 56:45 min.
20181025 Mitschnitt BBA Gala 2018 mit MusikAUDIO_CC by-nc 4.0 netwatcher24.tv
audio
1 hrs. 00 sec.
Radio Netwatcher vom 25.8.2017 – Hauke Löffler - Einführung in Go (GPN11) [letzte Folge Radio Netwatcher]
audio
1 hrs. 00 sec.
Radio Netwatcher vom 18.8.2017 – Fit mit Neti: New Running Music for 2017 #67
audio
1 hrs. 00 sec.
Radio Netwatcher vom 11.8.2017 – Fit mit Neti: Music for Running – New Running Music 2015 Mix #21 best running songs motivation music running music 2017 workout music
audio
1 hrs. 01 sec.
Radio Netwatcher vom 4.8.2017 – Fit mit Neti: Music for Running – Best Running Music 2017: Epic jogging top 100 music charts fitness training
audio
1 hrs. 00 sec.
Radio Netwatcher vom 28.7.2017 – Fit mit Neti: Running Workout Music #88
audio
1 hrs. 00 sec.
Radio Netwatcher vom 21.7.2017 – Pylon – Invasion der Roboter (zwischen Industrie und Kultur)
audio
1 hrs. 00 sec.
Radio Netwatcher vom 14.7.2017 – Volkszähler.org (GPN17) oder welche Schwächen Smartmeter haben
audio
1 hrs. 00 sec.
Radio Netwatcher vom 7.7.2017 – Nadja – Menstruation Matters (GPN17)

An overview of usable security research

GPG has been correctly described as “damn near unusable”. Why is this so? What does research into usable security tell us? This talk covers the history, methods, and findings of the research field, as well as proposed solutions and open questions.

With all the frustration around trying to get Glen Greenwald to use encryption [0,1], it is not surprising that Edward Snowden has described GPG as “damn near unusable” [2]. Such usability problems of end-to-end email encryption tools have been around for a long time. In 1999, a seminal study found that most participants were unable to use PGP 5.0 to encrypt an email when given 1.5 hours to do so [3]. Others have tried to solve these usability problems by automating the key exchange and encryption [4]. However, issues persist around a lack of end-user trust in the software [5], difficulties in getting encryption widely implemented, and having to deal with a general absence of understanding the email architecture [6].

Despite being almost 50 years old [7], email is still not widely encrypted on an end-to-end basis. In this year’s SOUPS keynote (the major conference on usable security), Christopher Soghoian described how we as a community are not doing nearly enough to get security into the hands of consumers: we are mostly stuck with the same broken interface as PGP 5.0 from back in 1999, people still face the same conceptual barriers, and we still have crappy defaults [8]. While there has been renewed interest in end-to-end email encryption after the Snowden revelations [9], many projects do not take usability into account.

This talk goes into some of the dos and don’ts gleaned from the usable security research field. Building on a discussion of the history, methodology, and findings of the research, the talk will cover topics including the constraints of humans, the need for clear mental models, and the usefulness of user testing. Some examples of successes and failures will be used to illustrate a range of usable security principles. Remaining pain points such as metadata protection, key management, and end-user understanding will be covered, including proposals for fixing these such as anonymous routing, more appropriate metaphors, and trust on first use. Various open questions will also be discussed, including:

– Should we patch the existing email architecture or should we move towards new protocols?
– How can the crypto community build subversion-resistant collaboration platforms?
– Is there a way to standardise our cryptoplumbing to a restricted set of secure algorithms?
– Can we provide developers with usable coding technologies to prevent nightmares like OpenSSL?
– How should we involve end-users into the development cycle of open source software?
– Can we empower end-users to take security back into their own hands?

Quelle: http://events.ccc.de/congress/2014/Fahrplan/events/6021.html

Playlist / Bonustrack:

– Auckland Law Revue – Robin Thicke – Blurred Lines [Feminist Parody] “Defined Lines”

Leave a Comment