[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[freehaven-cvs] clean up the outline so we can show it to others

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] clean up the outline so we can show it to others
From: arma@seul.org (Roger Dingledine)
Date: Wed, 29 Sep 2004 03:58:09 -0400 (EDT)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Wed, 29 Sep 2004 03:58:31 -0400
Reply-to: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net

Update of /home/freehaven/cvsroot/doc/wupss04
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/wupss04

Modified Files:
	outline 
Log Message:
clean up the outline so we can show it to others


Index: outline
===================================================================
RCS file: /home/freehaven/cvsroot/doc/wupss04/outline,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- outline	24 Sep 2004 08:06:51 -0000	1.1
+++ outline	29 Sep 2004 07:58:07 -0000	1.2
@@ -16,7 +16,8 @@
 Piece two:
 What else is quite like anonymity? Encryption? How careful people are
 in certifying other GPG keys? Internet host security to prevent DDoS
-and spam against others?
+and spam against others? They all seem to share some qualities, but
+none of them match up exactly.
 
 Piece three:
 Let's give you an overview of what we're trying to tell you here, so
@@ -28,25 +29,42 @@
 
 Piece five:
 Observations, Recommendations, Open research questions.
-- Users' safety relies on them behaving like others. How do they predict?
-  What if they need to behave their certain way? How do they compute the
-  tradeoff and risks?
-- Don't try to get the user to answer questions you can't answer yourself.
+- Talk about protections you can get from more users with a high-latency
+  system, and about in what ways that degrades as you move to low-latency.
+  Standard Econ Graph: increased anonymity as we slow things down,
+  but decreased user base (and thus decreased anonymity) as we slow
+  things down.
+
 - The importance of choosing good defaults: since most people will use
   the defaults, you've made the decision for everybody.
+- Don't try to get the user to answer questions you can't answer yourself.
 - Especially messy because even the researchers don't know the answers,
   and don't understand the tradeoffs. E.g., who is the adversary really,
   and what can they do?
-- The importance of smart users / educating your users. Public perception
-  as a security parameter. Good marketing as a security parameter?
+
+- Users' safety relies on them behaving like other users. How do they
+  predict the behavior of other users? What if they need to behave their
+  certain (different) way -- how do they compute the tradeoff and risks?
+- The importance of smart users / educating your users, so they know what
+  they're getting into, so they can compare systems better, so people will
+  be willing to use the better systems. Public perception as a security
+  parameter. Good marketing as a security parameter? (Since most people
+  will believe it, and therefore you need to take it into account even if
+  you know better.)
+
 - Not just about numbers and blending, also about reputability. A network
-  used only by criminals is not the one you want.
+  used only by criminals is not the one you want. People have an
+  incentive for the network to be used for "more reputable" activities
+  than their own.
+
 - The importance of a GUI. Users evaluate the quality of a product by the
-  quality of its GUI. Cf Tor's choice not to have a gui so far. They also
-  judge quality based on feature-lists, which is unsafe.
+  quality of its GUI. Cf Tor's choice not to have a gui so far, and
+  problems with that. They also judge quality based on feature-lists;
+  yet in our context extra features are unsafe.
+
 - Bootstrapping. How do we get any users?  High-needs users are never
-  first joiners.  Low-needs users won't join if it meets the high-needs
-  users' needs.
+  first joiners.  Low-needs users won't join if it's secure enough (read:
+  slow enough) that it meets the high-needs users' needs.
 
 
 
@@ -161,7 +179,7 @@
 
   - PGP/GPG for pseudonymity
 
-  - Low-latency versus high-latency: who knows?
+  - Low-latency versus high-latency
 
 - On low-latency vs high-latency: If your attacker can beat LL, you should
   go with HL always and hope that others do.  But if your attacker can't
@@ -217,13 +235,16 @@
 - Users make security decisions based on pretty blinkenlights and long
   feature lists.  But long feature lists are a bad bad idea.  Fear.
 
-- How are *we* supposed to know what the adversaries are??
+- How are *we* supposed to know what the adversaries are?? And if not
+  us, who?
 
-- Not everything is as good as encryption; adding more bits for overkill
-  doesn't seem to work anywhere else.
+- Not everything in the security realm is as amazingly secure as
+  encryption; adding more bits for overkill doesn't seem to work
+  anywhere else.
 
-- Roger wants a Standard Econ Graph.  ("Look! Crossing curves! Econ is a
-  science, Dammit!")
+- Roger wants a Standard Econ Graph: increasing anonymity as we slow
+  things down, but decreasing user base (and thus decreasing anonymity)
+  as we slow things down.
 
 Other stuff to say:
 

***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/

Prev by Author: [freehaven-cvs] preliminary notes and outline for usability chapter
Previous by thread: [freehaven-cvs] Commit analysis tweaks used in pynchon gate paper
Index(es):
- Author
- Thread