[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] This" is an adjective, never a pronoun.
Update of /home/freehaven/cvsroot/doc/wupss04
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/wupss04
Modified Files:
usability.tex
Log Message:
'This' is an adjective, never a pronoun.
Index: usability.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/wupss04/usability.tex,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- usability.tex 2 Jan 2005 04:31:39 -0000 1.23
+++ usability.tex 2 Jan 2005 05:14:10 -0000 1.24
@@ -67,9 +67,9 @@
order to protect your own security, you need to make sure that the system you
use is not only usable by yourself, but by the other participants as well.
-This doesn't mean that it's always better to choose usability over security,
-of course: if a system doesn't address your threat model, no amount of
-usability
+This observation doesn't mean that it's always better to choose usability
+over security, of course: if a system doesn't address your threat model,
+no amount of usability
can make it secure. But conversely, if the people who need to use a system
can't or won't use it correctly, its ideal security properties are
irrelevant.
@@ -113,7 +113,7 @@
% - Too easy to social-engineer users into abandoning.
%\section{Security by distributed trust}
-\section{Usability is even more a security parameter for privacy}
+\section{Usability is even more important for privacy}
Usability affects security in systems that aim to protect data
confidentiality. But when the goal is {\it privacy}, it can become even
@@ -165,8 +165,9 @@
In practice, existing commercial anonymity solutions (like Anonymizer.com)
are based on a set of single-hop proxies. In these systems, each user
-connects to a single proxy, which then relays the user's traffic. This
-provides comparatively weak security, since a compromised proxy can trivially
+connects to a single proxy, which then relays the user's traffic. Single
+proxies provide comparatively weak security, since a compromised proxy
+can trivially
observe all of its users' actions, and an eavesdropper only needs to
watch a single proxy to perform timing correlation attacks against all
its users' traffic. Worse, all users need to trust the proxy company to
@@ -510,7 +511,8 @@
Another area where human factors are critical in privacy is in bootstrapping
new systems. Since new systems start out with few users, they initially
-provide only small anonymity sets. This creates a dilemma: a new system
+provide only small anonymity sets. This starting state creates a dilemma:
+a new system
with improved privacy properties will only attract users once they believe it
is popular and therefore has high anonymity sets; but a system cannot be
popular without attracting users. New systems need users for privacy, but
@@ -519,8 +521,9 @@
Low-needs users can break the deadlock. The earliest stages of an
anonymizing network's lifetime tend to involve users who
need only to resist weak attackers who can't know which users are using the
-network and thus can't learn the contents of the small anonymity set. This
-reverses the early adopter trends of many security systems: rather than
+network and thus can't learn the contents of the small anonymity set.
+This solution reverses the early adopter trends of many security systems:
+rather than
attracting first the most security-conscious users, privacy applications
must begin by attracting low-needs users and hobbyists.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxx with
unsubscribe freehaven-cvs in the body. http://freehaven.net/