

UX Problems Holding Back Crypto And Anti-Wiretapping Technology - zoowar
http://falkvinge.net/2013/06/08/4-ux-problems-holding-back-crypto-and-anti-wiretapping-technology/

======
bhauer
Good points by the OP.

I've railed about similar things. Most notably, VPNs are a UX disaster. And
that is a shame because the fundamental technology behind VPNs would be a
prerequisite to a model that I describe as "PAO" [1] wherein I host my own
omnipresent applications and data. The failure of VPNs to deliver a user
experience that casual users can manage is one of the many contributors to the
rise of the traditional cloud. I contend that regular people would be
perfectly fine buying and replacing hard drives in a home disk array if the
experience were straight-forward (it's anything but). Similarly, regular
people would be fine buying Internet connectivity with high upload speed if
this was part of ensuring secure, (nearly) everywhere access to their data.
Regular people would be fine joining a federated backup cartel with friends
and family if it were easy to set up.

The savvy can do many of these things with today's mediocre UX, but the
tremendous amount of money to be made by solving the problem using proprietary
centralized servers explains why R&D has been directed toward the cloud as
opposed to self-hosted application servers.

Diving into minutia for a moment, in light of this week's news, I also
recently ranted that it's a real shame that GPG suffers from one of the worst
user experiences across all modern software. PGP from 10 to 15 years ago was a
better user experience than GPG in 2013. The Thunderbird+GPG interface is
absolutely horrific and even when I know I should encrypt a particular
communication, when faced with the reality of getting my recipient configured
with GPG, I flinch at the certain pain and suffering. I concede, "well, it's
probably not needed anyway--who is likely to be listening?"

[1] [http://tiamat.tsotech.com/pao](http://tiamat.tsotech.com/pao)

~~~
nknighthb
The GPG UI is ultimately a relatively minor issue when it comes to mass
adoption. There have been several PGP-like products with decent UIs and good
mail integration, none has enjoyed mass-market success. Creating another one
wrapping an existing crypto library would be no epic undertaking.

The real problem is key management. Any system which depends on users to think
about keys, protect their keys, back up their keys, is doomed.

The fix is going to have to involve cheap, idiot-proof hardware. When crypto
key management is the same as house key management, people will start to use
it, hopefully in a semi-correct manner.

~~~
sneak
> There have been several PGP-like products with decent UIs and good mail
> integration, none has enjoyed mass-market success.

iMessage comes to mind. It is the most popular realtime messaging system in
the world behind SMS, and is end-to-end encrypted with per-device keys.

Of course, it's centralized, as is the key management, so Apple can subvert it
at the behest of the government. Crypto isn't always 100% of the answer.

~~~
nknighthb
iMessage is not PGP-like. Its centralized and Apple-device-specific nature is
practically PGP's antithesis. It also fails several key feature checks, like
the ability to encrypt or sign arbitrary files.

------
gcr
See also "Why Johnny Can't Encrypt: A Usability Study of PGP 5.0", Whitten et
al
[http://www.gaudior.net/alma/johnny.pdf](http://www.gaudior.net/alma/johnny.pdf)

and its followup, "Why Johnny Still Can't Encrypt: Evaluating the Usability of
Email Encryption Software", Sheng et al
[http://cups.cs.cmu.edu/soups/2006/posters/sheng-
poster_abstr...](http://cups.cs.cmu.edu/soups/2006/posters/sheng-
poster_abstract.pdf)

------
MeanderingCode
We developers, especially those of us who consider ourselves activists, have
been too slow to move this stuff forward. I’m fairly certain that is because
most of us are “savvy enough” to use the tools that exist, etc. The movement
has been growing to evolve these tools to catch up with the needs (well...) of
modern users, but that evolution is really just beginning.

One among many such projects, I am a developer at LEAP (
[https://leap.se](https://leap.se) ). We are working on this very problem.
We’re getting ready for public beta of our Encrypted Internet Proxy ( VPN for
now, Tor and more features to come) and will be rolling out truly end-to-end
secure email, IM, SMS, and voice. Also calendar, contacts, and possibly
password management. All client encrypted. All syncing across your devices.
All in an Open Source, Trust No One, user friendly way.

There are many tools and services out there already, but the ones that the
technology un-savvy can use happily mostly run in a centralized fashion,
requiring that you trust your service provider. No different, except in
mission statement, than what people use today with big mail or chat providers
and social networks. Would it were not so, but we live in an era where that
trust is a vulnerability that we are seeing exploited.

------
krakensden
Another thing: p2p is totally broken. You can work around it with central
servers, but then [ _cough_ skype ] you have a dependence on a big server farm
that costs a bunch of money. In the long run, they won't keep you safe.

As an addendum, at least with home connections the technically inclined could
badger their routers into allowing incoming connections. Given that computers
(that can run long-running background services) and land lines are going to be
the exclusive domain of the rich or the programmers in a few years, there is
essentially no hope at all of fixing this.

~~~
gizmo686
>Given that computers (that can run long-running background services) and land
lines are going to be the exclusive domain of the rich or the programmers in a
few years, there is essentially no hope at all of fixing this.

Not nessasarilly. I suspect that in home wifi will continue to be common,
which means that homes would continue to have a wired connection to the
internet. If a company develops and markets a product to be a 'personal
cloud', then a typical consumer should be able to use it. The requirements for
such a server (for a typicall user) are pretty low, and computers continue to
become cheaper, so the price shouldn't be prohibitive for a large market. Even
the UI for the server itself seems relativly simple. Essentially all you need
is a good package management system, and for the individual p2p 'apps' to have
easy to use configuration. Once IPv6 takes off, it would be trivial to these
machines globally routable, then it is either a matter of allowing consumers
to easilly get a DNS to their server, or creating some easy way to tell
devices where to look (this is probably the hardest part).

The main problem in getting this adopted, I suspect, would be that it does not
provide enough additional value over the centralized servers for mass
adoption. Combine this with the network effects of lock-in, and you would need
serious value add for this to work.

~~~
krakensden
> Not nessasarilly. I suspect that in home wifi will continue to be common

Home WiFi has been widespread for at least a decade, and the UX for bypassing
NAT is worse than ever. UPnP still comes disabled or broken, if at all.

You could build a better experience, but you will never, ever get Microsoft,
Apple, Google, Cisco, or Belkin to cooperate, so we're still DOA- the curious
need to learn a shitload of scary tech or buy new equipment.

~~~
tmzt
You could build a fairly universal application for flashing DD-WRT or a
similar firmware on an available router, and supply updates for new routers or
flashing mechanisms through a web service.

Another concern is standalone routers becoming less and less common as ISPs
supply routers.

~~~
ef4
> You could build a fairly universal application for flashing DD-WRT

That is definitely not the way to get mass adoption. Way too much friction.

It's the difference between installing Ubuntu from DVD and buying an Android
device: you need to sell it preinstalled for mass adoption.

------
greglindahl
Good article, but I'd like to disagree with the notion that what Google and
bing are doing with long-term tracking is necessary to have good search
results. blekko has its own crawl and index, doesn't do any per-user tracking,
and doesn't even save unconnected and anonymized clicks if you have DNT set.
We don't use super-long personal session data to pick whether we show you Fox
News or the NYT article on Prism. Our results could certainly be improved, but
having a bigger crawl and more unconnected and anonymous clicks is how we'd
improve them, not by making a huge database which could easily be used to
reconstruct our users' lives going back years.

------
noerps
It is so easy to blame software, is it?

1\. If you are not able to manage your keys, which includes a simple
unencrypted key-backup, you are doomed, even with a pretty interface.

2\. If you insist on other people to take away the responsibility from you, no
service, hard- or software will provide security or privacy for you.

3\. You don't need a cloud, when decentralized or local services crater you
much better and faster.

4\. Sharing data isn't really a problem, it's the lack of transparency of the
data collecting entity that creates the problem.

The conclusion is, to protect your security/privacy and to successfully
utilize any crypto-toolchain you have to accept that responsibility isn't
comfy, and delegation will lead to compromise.

Did you really believe that any government, or parts thereof, in the world
would not tap the vast resources that packet-switched networks, centralized
services would offer them?

Zacqary knows nothing about security, secure procedures or even cryprography.

If you delegate your private, unsecured communications to an entity for a
comfortable user experience, you did not want either security and privacy.

Sorry, to tell you so.

~~~
ef4
> If you are not able to manage your keys, which includes a simple unencrypted
> key-backup, you are doomed, even with a pretty interface.

Too many hackers equate "good user experience" with "pretty interface". It's a
mistake.

A good user experience really _would_ abstract the complexity out of key
management, without compromising security. This is one of the most important
outstanding problems you could solve: find a way to leverage people's existing
meatspace notions of trust in a _concrete_ way to build a robust PKI.

If you can make the whole process by the side-effect of a game, so much the
better.

And give them keys that are physical things -- they know how to protect
valuable physical things, and they know who they can trust with a backup copy.

None of this is easy, but it's vitally important.

------
ronnix
Check out what my friends at CozyCloud are working on:
[https://www.cozycloud.cc/](https://www.cozycloud.cc/)

They want to be your user-friendly personal cloud. Easy as an an App Store.
Open source. Host it wherever you want. Your data and your apps are yours.

~~~
minimize_me
"Host it wherever you want" \- unless it's physically self-hosted, it's not
truly "yours" is it?

~~~
gelnior
You can host it on your own machine. Even if you host it via an hosting
provider, you can export all your data and your apps to any new servers like
an home server for example!

------
terry24712
Space Monkey? [http://spacemonkey.com](http://spacemonkey.com)

