[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[freehaven-cvs] Tweak a few sentences, add conclusion. I still want ...

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] Tweak a few sentences, add conclusion. I still want ...
From: nickm@seul.org (Nick Mathewson)
Date: Mon, 1 Nov 2004 17:42:40 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Mon, 01 Nov 2004 17:43:15 -0500
Reply-to: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net

Update of /home/freehaven/cvsroot/doc/wupss04
In directory moria.mit.edu:/tmp/cvs-serv11577

Modified Files:
	usability.tex 
Log Message:
Tweak a few sentences, add conclusion. I still want to change the last JAP sentence; it makes no sense to me.

Index: usability.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/wupss04/usability.tex,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- usability.tex	1 Nov 2004 11:14:39 -0000	1.11
+++ usability.tex	1 Nov 2004 22:42:37 -0000	1.12
@@ -20,17 +20,17 @@
 \thispagestyle{empty}
 
 Other chapters in this book have talked about how usability impacts
-security. One class of security software is anonymizing networks --
-overlay networks on the Internet that let users transact (for
+security. One class of security software is anonymizing networks---overlay
+networks on the Internet that let users transact (for
 example, fetch a web page or send an email) without revealing their
 communication partners.
 
 In this chapter we're going to focus on the \emph{network effects} of
-usability: usability is a factor as before, but the size of the user
+usability on security: usability is a factor as before, but the size of the user
 base also becomes a factor.  Further, in anonymizing systems, even if you
-were smart enough and had enough time to use every conceivable system
+were smart enough and had enough time to use every system
 perfectly, you would \emph{nevertheless} be right to choose your system
-based in part on its usability.
+based in part on its usability by other users.
 
 \section{Usability for others impacts your security}
 
@@ -45,7 +45,7 @@
 should you choose?
 
 You might decide to use HeavyCrypto, since it protects your secrets better.
-But if you do this, it's likelier that when your friends send you
+But if you do, it's likelier that when your friends send you
 confidential email, they'll make a mistake and encrypt it badly or not at
 all.  With LightCrypto, you can at least be more certain that all your
 friends' correspondence with you will get a minimum of protection.
@@ -57,7 +57,7 @@
 usable option, you've made it likelier that they'll shoot themselves in the
 foot.
 
-The key insight here is that, in email encryption, the cooperation of
+The crucial insight here is that in email encryption, the cooperation of
 multiple people is needed to keep you secure, because both the sender and the
 receiver of a secret email want to protect its confidentiality.  Thus, in
 order to protect your own security, you need to make sure that the system you
@@ -98,7 +98,6 @@
     dozens to hundreds of CAs configured in your browser that they are the
     named website, or who was able to compromise the named website later
     on.  Unless your computer has been compromised already.''}
-
 \end{tightlist}
 
 %  - Confusion about what's really happening.
@@ -106,7 +105,7 @@
 
 \section{Usability is even more a security parameter when it comes to privacy}
 
-Usability is an important parameter in systems that aim to protect data
+Usability affects security in systems that aim to protect data
 confidentiality.  But when the goal is {\it privacy}, it can become even
 more important.  A large category of {\it anonymizing networks}, such as
 Tor, JAP, Mixminion, and Mixmaster, aim to hide not only what is being
@@ -392,7 +391,7 @@
 and to bundle Tor with the support tools that it needs, rather than
 relying on users to find and configure them on their own.
 
-plus tor-and-its-logs. socks extensions? but compatibility.
+% plus tor-and-its-logs. socks extensions? but compatibility.
 
 \section{Case study: JAP and its anonym-o-meter}
 
@@ -406,7 +405,9 @@
 
 The JAP client includes a GUI (screenshot in Figure 1).
 Screenshot:
-\begin{verbatim} http://anon.inf.tu-dresden.de/img/screen_en.jpg \end{verbatim}
+\begin{verbatim}
+http://anon.inf.tu-dresden.de/img/screen_en.jpg
+\end{verbatim}
 Notice the `anonymity meter' giving the user an impression of the level
 of protection for his current traffic.
 
@@ -418,10 +419,13 @@
 is, an attacker who can watch both ends of the cascade won't actually
 be distracted by the other users \cite{danezis-pet2004}. The JAP
 team has plans to implement full-scale padding from every user (sending
-packets all the time even when they have nothing to send), but ---
-for usability reasons --- they haven't gone forward with these plans.
-They're stuck in limbo with a design that needs padding to be secure,
-but can't afford padding because it would make the system unusable.
+packets all the time even when they have nothing to send), but---for
+usability reasons---they haven't gone forward with these plans.
+%They're stuck in limbo with a design that needs padding to be secure,
+%but can't afford padding because it would make the system unusable.
+As the system is now, anonymity sets don't provide an real measure of
+security, since any attacker who can watch both ends of the cascade wins, and
+the number of users on the network is no obstacle to this attack.
 
 But even though the anonymity set is probably not the right measure for
 assessing a JAP user's safety, the anonym-o-meter still seems like a
@@ -538,9 +542,14 @@
 In any case, choosing not to figure out a good solution means leaving most
 users to a less secure network or no anonymizing network at all. Cancer
 survivors and abuse victims are going to continue communications and
-research over the Internet, risking social or employment problems; human
+research over the Internet, risking social or employment problems; and human
 rights workers in oppressive countries are going to continue publishing
-their stories; witty finishing clause here.
+their stories.
+
+The temptation to focus on designing a perfectly usable system before
+building it can be self-defeating, since obstacles to usability are often
+unforeseen. Because of this, we believe that we need to focus on continuing
+experimental deployment.
 
 \bibliographystyle{plain}
 \bibliography{usability}

***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/

Next by Author: [freehaven-cvs] flesh out second half of chapter.
Previous by thread: [freehaven-cvs] last patches for now. sleeping shortly.
Next by thread: [freehaven-cvs] final tweaks: this is now Draft One
Index(es):
- Author
- Thread