Hacker News new | past | comments | ask | show | jobs | submit login

I think a great way to explain privacy limitations to a non-tech-savvy person is to walk them through using GPG.

Once someone understands public and private keys, and webs of trust, there really isn't much left to learn. For someone who understands keypairs, the limitations of Facebook/Twitter/etc., DRM, etc. are obvious.

It seems most of us are afraid our non-tech-savvy friends and family won't be able to wrap their heads around security, but not understanding it has gotten us into a pretty bad situation. We should really stress the importance of learning about it.

> Once someone understands public and private keys, and webs of trust

Nobody in the general public wants this.

Okay, don't assume people won't be interested in interesting things. Who is this general public, anyway? It's not an homogeneous group; it's made up of physicians, mechanics, teachers, lovers, Doomsday preppers, engineers, preachers, and all kinds of people who have special interests. The thing I see is that if you show them how it matters to them in their special role, rather than to them as members of this general public, they may well take an interest. Some of them may become very deeply interested indeed, if they needed such a thing but didn't know about it until you showed them!

It's interesting to you, not to most other people. Source: 25 years of talking to people about encryption. Most people just want stuff to work, not to know how it works.

Honestly, it's not been that interesting to me in general. It's only interesting to me for the same reason it might be interesting to the sorts of people I enumerated --- because of the ways it can be useful to me. I don't really care about how it works, in depth; I just want it to keep my stuff private. The only difference is that I have just enough technical expertise, as a programmer, that I can see its applicability without having it explained in a sympathetic manner.

An awful lot of people in the general public do.

Especially if their tech-savvy friends are confident they can learn about it - because it really isn't that complex - and if they understand that keypairs and trust are the basis for literally all digital security.

That doesn't mean they shouldn't.

I'm fairly tech savvy (ok, I'm an expert compared to my non-tech family and friends, but not compared to people here). I even had a copy of pgp on my Windows 3.1 machine shortly after Phil Zimmerman created it. I didn't understand it then, and I don't want to understand it now. The better and easier solution has been to avoid putting stuff I don't want anyone to know about me on the internet.

I'm a linux sysadmin, and GPG is horrible. Complicated, complex, with weird naming scheme, multiple programs (gpg vs gpg2), etc - but it's a brilliant example why all of this is so complicated. Other ideas about describing the trouble trust means on the internet are welcome.

> great way to explain privacy limitations to a non-tech-savvy person is to walk them through using GPG.

Have you ever actually successfully done this? More than once? And they continue to use it?

It's a usability nightmare. https://moxie.org/blog/gpg-and-me/

OK. Maybe not GPG specifically.

But keypairs. Everyone should understand keypairs. They are the basis for all of digital security, and they are really not that difficult.

Symmetric encryption is also popular and ubiquitous. I don't think this can be practically explained to most of the population of non-technical people. Encryption schemes also often use hybrids of symmetric and asymmetric encryption; they are useful for different scenarios.

Lol. Sure, and the best way to teach my grandma about computers is to install arch linux on her pc.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact