[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-usability
Subject: Re: Security and usability
From: Sander Devrieze <s.devrieze () pandora ! be>
Date: 2003-08-22 23:49:24
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Op maandag 18 augustus 2003 12:41, schreef Roland Seuhs:
> Hi!
>
> I've followed the discussion about KDE3 defaults, especially the part about
> cookies and how evil they are supposed to be. To get it straight, I'm a web
> programmer and I use cookies all the time and I'm more and more angry at
> the cookie-hysteria.
<snip>
I'm only against accepting cookies always. Because blocking them always is
also bad, I think the only ethical acceptable way is to ask default the user
always what should be done. I agree that there are usability issues when
doing this via a popup like now and I also agree that it's good to improve
this "ask it" manner, but I *don't* agree like I already said that having
default the "accept cookies always" is a good thing.
> The problem is that the paradigm that "security and usability is a
> tradeoff" is repeated so often that it's seen as some universal law while
> in reality it's basically nonsense.
Others already have replied to this.
> Let me explain:
>
> In my opinion, security can only be achieved WITH usability. Any measures
> to make something more secure by reducing usability will essentially have
> the opposite effect.
>
> So what will happen if cookies in Konq will be disabled or made
> single-session by default as some people suggested? Konqueror will become
> essentially useless for many sites - some users will be pissed and turn on
> cookies, the rest will be pissed and use another browser: Security gain =
> zero.
I agree but this problems can eventually be solved by making it simple (button
e.g.) to accept cookies for that page again and reload it. But IMO asking
(not per se with popups!!) is the only ethical acceptable solution.
> The current situation in which the user is bothered with a popup when
> submitting a form or getting a cookie isn't much better. There are 2
> possibilities:
>
> - Either a user understands the popup:
> He'l say "what idiotic message, if I submit a form I know that data is
> transmitted, no need to tell me" and ignore it
>
> - Or a user doesn't understand the popup:
> He'll ask somebody who will tell him to "press yes and ignore it", then
> just press yes and ignore this and any subsequent popups.
ok, we have to change maybe the asking style (removing it is not a
solution)...do you have any ideas?
> Essentially, all the useless popups (not only in KDE, but in many other DEs
> and programs) are training the users to press yes and ignore popups.
IMO we should make a difference between privicy related popups, security
related ones and all other popups. e.g.: other icons, other dialog colors,
blinking text/dialog/screen, sound, playing Ogg file, different buttons,
different help, interactive tutorials, bigger/smaller dialogs, dialogs with
the picture of a naked woman on it (I'm just brain-storming but I think we
can get peoples' attention by this :D ), dialogs with the text turned,...
> Anybody who thinks that these popups are increasing security is just wrong:
It was about the asking (the principle): not about the popups (the practical
thing). If we can use something else than a popup which is better to ask it:
good. If you say: we should have default "always accept/always block": not
good.
<snip>
> I repeat it: If you say
> "But it's just about educating the users that the connection is not
> encrypted"
I don't know what's the connection between encrypted connections and
cookies... But I agree: it's better IMO to tell the user that you're using an
ecrypted connection by for example showing an icon of a closed lock in the
statusbar (cf: Psi icon for encrypted connections) with good tooltip and
what's this help.
<snip>
- --
Mvg, Sander Devrieze.
Jabber ID : sander@amessage.de ( www.jabber.org )
Public Key: www.keyserver.net ( 0x73470923 )
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/RsRFK+G8aHNHCSMRAk3WAJ9x/9sphUOOoWv27swdXu1AF9TamQCg124f
HK+RM0dlKqfYlg8I9Oep01s=
=HwMW
-----END PGP SIGNATURE-----
_______________________________________________
kde-usability mailing list
kde-usability@mail.kde.org
http://mail.kde.org/mailman/listinfo/kde-usability
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic