[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[freehaven-cvs] add notes on other sections we might include

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] add notes on other sections we might include
From: arma@seul.org (Roger Dingledine)
Date: Wed, 27 Oct 2004 03:06:32 -0400 (EDT)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Wed, 27 Oct 2004 03:07:13 -0400
Reply-to: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net

Update of /home2/freehaven/cvsroot/doc/wupss04
In directory moria.mit.edu:/tmp/cvs-serv7699

Modified Files:
	usability.tex 
Log Message:
add notes on other sections we might include
nick, feel free to mess with any of these


Index: usability.tex
===================================================================
RCS file: /home2/freehaven/cvsroot/doc/wupss04/usability.tex,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- usability.tex	27 Oct 2004 00:40:19 -0000	1.5
+++ usability.tex	27 Oct 2004 07:06:29 -0000	1.6
@@ -19,7 +19,21 @@
 \maketitle
 \thispagestyle{empty}
 
-This chapter discusses ...
+Other chapters in this book have talked about how usability impacts
+security. One class of security software is anonymity networks. these
+are useful for ordinary citizens civil liberties but also enterprise
+and government...  
+  Distinguish real anonymity from accidental anonymity.
+  (Accidental security is what you have when your host has not in fact
+  been hacked yet.)
+Usability impacts security for anonymity systems too, but in our case
+the size of the user base also impacts our security.
+Further, in anonymity systems, even if you were smart enough and
+had enough time to use every conceivable system perfectly, you would
+*nevertheless* be right to choose your system based in part on its
+usability.
+
+\section{Usability for others impacts your security}
 
 While security software is the product of developers, the operation of
 software is a collaboration between developers and users.  It's not enough
@@ -56,8 +70,6 @@
 can't or won't use it correctly, its ideal security properties are
 irrelevant.
 
-\section{How bad usability can thwart security}
-
 As we read in chapter [Angela's chapter],
 hard-to-use programs and protocols can hurt security in many ways:
 \begin{tightlist}
@@ -169,6 +181,10 @@
 low-latency system can give us enough protection against at least {\it some}
 adversaries.
 
+- Especially messy because even the researchers don't know the answers,
+  and don't understand the tradeoffs. E.g., who is the adversary really,
+  and what can they do?
+
 \section{Case study: against options}
 
 Too often, designers faced with a security decision bow out, and instead
@@ -250,6 +266,42 @@
 with higher latency is worth the decreased anonymity that comes from
 splitting away from the bulk of the user base.
 
+\section{Case study: Tor and its GUI}
+
+- The importance of a GUI. Users evaluate the quality of a product by the
+  quality of its GUI. Cf Tor's choice not to have a gui so far, and
+  problems with that. They also judge quality based on feature-lists;
+  yet in our context extra features are unsafe.
+
+plus tor-and-its-logs. socks extensions? but compatibility.
+
+\section{Case study: JAP and its anonymity slider}
+
+we should get a screen shot or something. and talk about how communicating
+the protection you're getting is great. though in the case of jap we think
+it lies, since end-to-end timing correlation works so anonymity set is not
+the right measure.
+
+\section{Case study: Mixminion and mime}
+
+we try to make users all look the same, but we also want to let them use
+their normal software. but mime is different each time. and writing a mime
+normalizer would really hurt, and still probably not work.
+
+by letting people use the software they want to use, we get more users
+and thus have better security than we would if we did mime right but
+nobody wanted to use our own client.
+
+\section{Reputability}
+
+- Not just about numbers and blending, also about reputability. A network
+  used only by criminals is not the one you want. People have an
+  incentive for the network to be used for "more reputable" activities
+  than their own.
+
+I wonder if this section fits in this chapter. It's neat stuff to talk about,
+and it relates to users, which relates to security. Hm.
+
 \section{Privacy, bootstrapping, and confidence}
 
 Another area where human factors are critical in privacy is in bootstrapping
@@ -279,5 +331,22 @@
 if the hype attracts more users---a badly promoted anonymity network provides
 little anonymity.
 
+\section{Other anonymity problems that compound this}
+
+- Why it's so hard to estimate anonymity
+  - Sybil attack
+  - freeloaders and why you can't easily detect them
+
+\section{Bringing it all together}
+
+% we need to pick a take-away message. "this is hard"? "this is neat"?
+% "we're on our way to solving this"?
+
+This is tricky stuff.
+Users' safety relies on them behaving like other users. How do they
+predict the behavior of other users? What if they need to behave their
+certain (different) way -- how do they compute the tradeoff and risks?
+
 
 \end{document}
+

***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/

Prev by Author: [freehaven-cvs] minor touchups, plus point out a paragraph that"s wr...
Next by Author: [freehaven-cvs] final tweaks on slides (presented today)
Previous by thread: [freehaven-cvs] minor touchups, plus point out a paragraph that"s wr...
Next by thread: [freehaven-cvs] final tweaks on slides (presented today)
Index(es):
- Author
- Thread