A recent Pew study found that 86% of people surveyed had taken steps to protect their security online. This is great—more security is always good. However, if people are indeed working to protect themselves, why are we still seeing incidents, breaches, and confusion? In many cases these problems recur because the technology that allows people to secure their communications, content and online activity is too hard to use.
In other words, the tools for the job exist. But while many of these tools work technically, they don’t always work in ways that users expect. They introduce extra steps or are simply confusing and cumbersome. (“Is this a software bug, or am I doing something wrong?”) However elegant and intelligent the underlying technology (and much of it is truly miraculous), the results are in: if people can’t use it easily, many of them won’t.
We believe that people shouldn’t have to make a trade-off between security and ease of use. This is why we’re happy to support Simply Secure, a new organization dedicated to improving the usability and safety of open-source tools that help people secure their online lives.
Over the coming months, Simply Secure will be collaborating with open-source developers, designers, researchers, and others to take what’s there—groundbreaking work from efforts like Open Whisper Systems, The Guardian Project, Off-the-Record Messaging, and more—and work to make them easier to understand and use.
We’re excited for a future where people won’t have to choose between ease and security, and where tools that allow people to secure their communications, content, and online activity are as easy as choosing to use them.
Posted by Meredith Whittaker, Open Source Research Lead and Ben Laurie, Senior Staff Security Engineer
Posted by Meredith Whittaker, Open Source Research Lead and Ben Laurie, Senior Staff Security Engineer
Why isn't Google deploying this across its own proprietary products, then? I'm aware it went through great lengths to encrypt data *in transit* between its data centres after the NSA fiasco (kudos for that, btw). But given the chance between proper security or mining personal data to track user habits and sell ads, it seems Google will always choose the latter.
ReplyDeleteI know it's most of your revenue source and a critical part of your business model. But you know what? Everything around it is super spooky, as it is technically possible for you to retrieve my data unencrypted at your end.
This means my emails, hangouts, documents, G+ "auto-backup" personal photos, and even my location history.
So spare us your "Don't be evil" PR stunt and get your own stuff together first. If you need inspiration this is how you should implement it and communicate it: https://www.apple.com/privacy/
This could be a big boost to those defending human rights globally. Look up the efforts of Front Line Defenders. Meeting in Dublin soon.
ReplyDeletefrom a recent email they sent out:
On Monday 06 October, US computer privacy expert and "security guru" Bruce Schneier will speak at The Second Annual Front Line Defenders Lecture to be held in partnership with University College Dublin and Trinity College Dublin.
This event, entitled "Is it Possible to be Safe Online? Human Rights Defenders and the Internet", will explore the issues faced by human rights defenders on the ground (and everyday people)