[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] Tweak a few sentences, add conclusion. I still want ...
Update of /home/freehaven/cvsroot/doc/wupss04
In directory moria.mit.edu:/tmp/cvs-serv11577
Modified Files:
usability.tex
Log Message:
Tweak a few sentences, add conclusion. I still want to change the last JAP sentence; it makes no sense to me.
Index: usability.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/wupss04/usability.tex,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- usability.tex 1 Nov 2004 11:14:39 -0000 1.11
+++ usability.tex 1 Nov 2004 22:42:37 -0000 1.12
@@ -20,17 +20,17 @@
\thispagestyle{empty}
Other chapters in this book have talked about how usability impacts
-security. One class of security software is anonymizing networks --
-overlay networks on the Internet that let users transact (for
+security. One class of security software is anonymizing networks---overlay
+networks on the Internet that let users transact (for
example, fetch a web page or send an email) without revealing their
communication partners.
In this chapter we're going to focus on the \emph{network effects} of
-usability: usability is a factor as before, but the size of the user
+usability on security: usability is a factor as before, but the size of the user
base also becomes a factor. Further, in anonymizing systems, even if you
-were smart enough and had enough time to use every conceivable system
+were smart enough and had enough time to use every system
perfectly, you would \emph{nevertheless} be right to choose your system
-based in part on its usability.
+based in part on its usability by other users.
\section{Usability for others impacts your security}
@@ -45,7 +45,7 @@
should you choose?
You might decide to use HeavyCrypto, since it protects your secrets better.
-But if you do this, it's likelier that when your friends send you
+But if you do, it's likelier that when your friends send you
confidential email, they'll make a mistake and encrypt it badly or not at
all. With LightCrypto, you can at least be more certain that all your
friends' correspondence with you will get a minimum of protection.
@@ -57,7 +57,7 @@
usable option, you've made it likelier that they'll shoot themselves in the
foot.
-The key insight here is that, in email encryption, the cooperation of
+The crucial insight here is that in email encryption, the cooperation of
multiple people is needed to keep you secure, because both the sender and the
receiver of a secret email want to protect its confidentiality. Thus, in
order to protect your own security, you need to make sure that the system you
@@ -98,7 +98,6 @@
dozens to hundreds of CAs configured in your browser that they are the
named website, or who was able to compromise the named website later
on. Unless your computer has been compromised already.''}
-
\end{tightlist}
% - Confusion about what's really happening.
@@ -106,7 +105,7 @@
\section{Usability is even more a security parameter when it comes to privacy}
-Usability is an important parameter in systems that aim to protect data
+Usability affects security in systems that aim to protect data
confidentiality. But when the goal is {\it privacy}, it can become even
more important. A large category of {\it anonymizing networks}, such as
Tor, JAP, Mixminion, and Mixmaster, aim to hide not only what is being
@@ -392,7 +391,7 @@
and to bundle Tor with the support tools that it needs, rather than
relying on users to find and configure them on their own.
-plus tor-and-its-logs. socks extensions? but compatibility.
+% plus tor-and-its-logs. socks extensions? but compatibility.
\section{Case study: JAP and its anonym-o-meter}
@@ -406,7 +405,9 @@
The JAP client includes a GUI (screenshot in Figure 1).
Screenshot:
-\begin{verbatim} http://anon.inf.tu-dresden.de/img/screen_en.jpg \end{verbatim}
+\begin{verbatim}
+http://anon.inf.tu-dresden.de/img/screen_en.jpg
+\end{verbatim}
Notice the `anonymity meter' giving the user an impression of the level
of protection for his current traffic.
@@ -418,10 +419,13 @@
is, an attacker who can watch both ends of the cascade won't actually
be distracted by the other users \cite{danezis-pet2004}. The JAP
team has plans to implement full-scale padding from every user (sending
-packets all the time even when they have nothing to send), but ---
-for usability reasons --- they haven't gone forward with these plans.
-They're stuck in limbo with a design that needs padding to be secure,
-but can't afford padding because it would make the system unusable.
+packets all the time even when they have nothing to send), but---for
+usability reasons---they haven't gone forward with these plans.
+%They're stuck in limbo with a design that needs padding to be secure,
+%but can't afford padding because it would make the system unusable.
+As the system is now, anonymity sets don't provide an real measure of
+security, since any attacker who can watch both ends of the cascade wins, and
+the number of users on the network is no obstacle to this attack.
But even though the anonymity set is probably not the right measure for
assessing a JAP user's safety, the anonym-o-meter still seems like a
@@ -538,9 +542,14 @@
In any case, choosing not to figure out a good solution means leaving most
users to a less secure network or no anonymizing network at all. Cancer
survivors and abuse victims are going to continue communications and
-research over the Internet, risking social or employment problems; human
+research over the Internet, risking social or employment problems; and human
rights workers in oppressive countries are going to continue publishing
-their stories; witty finishing clause here.
+their stories.
+
+The temptation to focus on designing a perfectly usable system before
+building it can be self-defeating, since obstacles to usability are often
+unforeseen. Because of this, we believe that we need to focus on continuing
+experimental deployment.
\bibliographystyle{plain}
\bibliography{usability}
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/