[Enigmail] New 1.8 toolbar on the composition window

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Mar 18 22:34:19 CET 2015


On Wed 2015-03-18 15:24:50 -0400, Doug Barton wrote:
> I've done what you've done in the past, sit down with a room full of 
> people and explain to them how PGP works, the barest of fundamentals 
> they need to know in order to get started, and walked through some demo 
> e-mails. I've done this with groups, and I've done it with individuals. 
> I have a near-zero uptake percentage on these presentations. When I ask 
> people later why they aren't using the tools, they give a variety of 
> reasons ... Too hard, Confusing, Weird, No one else I know uses it, etc.

We're currently trying to address the "Too hard, Confusing, Weird"
aspects by making the tool easier to use for novices.  If it's easier,
some of the folks who rejected it on these grounds might use it.  If
more people use it, this will in turn start to address the "No one else
I know uses it" aspect.

> I could make a very persuasive argument that social engineering isn't 
> enigmail's job. We've already committed to social engineering for the 
> transition to GnuPG 2.x, and now we're doing more social engineering to 
> try and attract new users? This is a very disturbing trend.

If by "social engineering" you mean "trying to change something about
how society works for the better", then i agree that enigmail is trying
to do this, but i don't find it disturbing at all.

As tool developers and distributors, we do have an influence on what's
possible and what's easy for people to do.  i think it's only
responsible to try to use that influence for good.

> Yes, more of them know, AND THEY STILL DON'T CARE. I saw a report on 
> post-snowden user behavior the other day that said that among people who 
> were knowledgeable about what Snowden is revealing that less than 10% 
> had previously done anything to secure their communication, and less 
> then 30% were doing *anything* new, and the steps they were taking were 
> weak. I apparently didn't even bookmark the page, which I vaguely recall 
> thinking wasn't necessary because it just demonstrated stuff I already 
> knew.

yes, it's pretty sad, and i've seen the same results.

  http://www.pewinternet.org/2015/03/16/Americans-Privacy-Strategies-Post-Snowden/

i'm not sure i reach the same conclusion that you do from it, though:

> You are making the typical security nerd mistake of thinking that IF 
> PEOPLE ONLY KNEW that their communication was insecure that they would 
> do something about it. But studies and experience have shown over and 
> over again that this is not true at all. People either know that their 
> communication is insecure, and don't care; or they don't know, and don't 
> care after it's pointed out to them.
>
> No amount of making tools easier is going to change that.

I'm not just a security nerd -- i'm a transit infrastructure nerd!

I think life is better for more people when more people bike or use mass
transit instead of driving private automobiles.  When biking or mass
transit is clunky, difficult, slow, ugly, dangerous, or expensive,
people tend to avoid these modes of transit.  That's why i am involved
with groups that try to improve the experience for bikers and mass
transit riders in the city where i live.  It makes life better for
everyone!

And it's not that people near me don't know that mass transit is
probably better for public health than individual automobiles, or even
that they don't care at all (though i admit they probably don't care as
much as i wish they would).  It's that they're busy, distracted, and
they have other priorities.  So any hurdle (however small) that makes
biking/transit worse is enough to turn off some set of people who decide
"meh, i can't be bothered".

Increasing the frequency of trains, keeping them clean, lowering the
fares, providing indicators so we know when the bus will arrive, having
bike lanes, etc -- all these things make using bikes or transit nicer,
so more people (even people who aren't transit activists) will
participate.

Why should this approach not translate into secure communications tools?

Regards,

    --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <https://lists.enigmail.net/pipermail/enigmail-users_enigmail.net/attachments/20150318/212e86b5/attachment.sig>


More information about the enigmail-users mailing list