[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] add notes on other sections we might include
Update of /home2/freehaven/cvsroot/doc/wupss04
In directory moria.mit.edu:/tmp/cvs-serv7699
Modified Files:
usability.tex
Log Message:
add notes on other sections we might include
nick, feel free to mess with any of these
Index: usability.tex
===================================================================
RCS file: /home2/freehaven/cvsroot/doc/wupss04/usability.tex,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- usability.tex 27 Oct 2004 00:40:19 -0000 1.5
+++ usability.tex 27 Oct 2004 07:06:29 -0000 1.6
@@ -19,7 +19,21 @@
\maketitle
\thispagestyle{empty}
-This chapter discusses ...
+Other chapters in this book have talked about how usability impacts
+security. One class of security software is anonymity networks. these
+are useful for ordinary citizens civil liberties but also enterprise
+and government...
+ Distinguish real anonymity from accidental anonymity.
+ (Accidental security is what you have when your host has not in fact
+ been hacked yet.)
+Usability impacts security for anonymity systems too, but in our case
+the size of the user base also impacts our security.
+Further, in anonymity systems, even if you were smart enough and
+had enough time to use every conceivable system perfectly, you would
+*nevertheless* be right to choose your system based in part on its
+usability.
+
+\section{Usability for others impacts your security}
While security software is the product of developers, the operation of
software is a collaboration between developers and users. It's not enough
@@ -56,8 +70,6 @@
can't or won't use it correctly, its ideal security properties are
irrelevant.
-\section{How bad usability can thwart security}
-
As we read in chapter [Angela's chapter],
hard-to-use programs and protocols can hurt security in many ways:
\begin{tightlist}
@@ -169,6 +181,10 @@
low-latency system can give us enough protection against at least {\it some}
adversaries.
+- Especially messy because even the researchers don't know the answers,
+ and don't understand the tradeoffs. E.g., who is the adversary really,
+ and what can they do?
+
\section{Case study: against options}
Too often, designers faced with a security decision bow out, and instead
@@ -250,6 +266,42 @@
with higher latency is worth the decreased anonymity that comes from
splitting away from the bulk of the user base.
+\section{Case study: Tor and its GUI}
+
+- The importance of a GUI. Users evaluate the quality of a product by the
+ quality of its GUI. Cf Tor's choice not to have a gui so far, and
+ problems with that. They also judge quality based on feature-lists;
+ yet in our context extra features are unsafe.
+
+plus tor-and-its-logs. socks extensions? but compatibility.
+
+\section{Case study: JAP and its anonymity slider}
+
+we should get a screen shot or something. and talk about how communicating
+the protection you're getting is great. though in the case of jap we think
+it lies, since end-to-end timing correlation works so anonymity set is not
+the right measure.
+
+\section{Case study: Mixminion and mime}
+
+we try to make users all look the same, but we also want to let them use
+their normal software. but mime is different each time. and writing a mime
+normalizer would really hurt, and still probably not work.
+
+by letting people use the software they want to use, we get more users
+and thus have better security than we would if we did mime right but
+nobody wanted to use our own client.
+
+\section{Reputability}
+
+- Not just about numbers and blending, also about reputability. A network
+ used only by criminals is not the one you want. People have an
+ incentive for the network to be used for "more reputable" activities
+ than their own.
+
+I wonder if this section fits in this chapter. It's neat stuff to talk about,
+and it relates to users, which relates to security. Hm.
+
\section{Privacy, bootstrapping, and confidence}
Another area where human factors are critical in privacy is in bootstrapping
@@ -279,5 +331,22 @@
if the hype attracts more users---a badly promoted anonymity network provides
little anonymity.
+\section{Other anonymity problems that compound this}
+
+- Why it's so hard to estimate anonymity
+ - Sybil attack
+ - freeloaders and why you can't easily detect them
+
+\section{Bringing it all together}
+
+% we need to pick a take-away message. "this is hard"? "this is neat"?
+% "we're on our way to solving this"?
+
+This is tricky stuff.
+Users' safety relies on them behaving like other users. How do they
+predict the behavior of other users? What if they need to behave their
+certain (different) way -- how do they compute the tradeoff and risks?
+
\end{document}
+
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/