[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:11.38,0:00:17.70,Default,,0000,0000,0000,,{\i1}Applause{\i0}
Dialogue: 0,0:00:17.70,0:00:20.06,Default,,0000,0000,0000,,So, good morning everyone
Dialogue: 0,0:00:20.06,0:00:23.53,Default,,0000,0000,0000,,my name is Arne and today
Dialogue: 0,0:00:23.53,0:00:25.53,Default,,0000,0000,0000,,I'll be hoping to entertain you
Dialogue: 0,0:00:25.53,0:00:32.19,Default,,0000,0000,0000,,a bit with some GPG usability issues.
Dialogue: 0,0:00:32.19,0:00:33.98,Default,,0000,0000,0000,,thanks for being here this early in the morning.
Dialogue: 0,0:00:33.98,0:00:36.75,Default,,0000,0000,0000,,I know, some of you have had a short night
Dialogue: 0,0:00:36.75,0:00:43.21,Default,,0000,0000,0000,,In short for the impatient ones:
Dialogue: 0,0:00:43.21,0:00:46.66,Default,,0000,0000,0000,,Why is GnuPG damn near unusable?
Dialogue: 0,0:00:46.66,0:00:51.69,Default,,0000,0000,0000,,Well, actually, I don’t know
Dialogue: 0,0:00:51.69,0:00:52.70,Default,,0000,0000,0000,,{\i1}Laughter{\i0}
Dialogue: 0,0:00:52.70,0:00:57.94,Default,,0000,0000,0000,,So more research is needed … as always.
Dialogue: 0,0:00:57.94,0:00:59.97,Default,,0000,0000,0000,,Because it's not like using a thermometer.
Dialogue: 0,0:00:59.97,0:01:03.70,Default,,0000,0000,0000,,We're doing something between social science and security
Dialogue: 0,0:01:03.70,0:01:10.70,Default,,0000,0000,0000,,But I will present some interesting perspectives
Dialogue: 0,0:01:11.73,0:01:16.72,Default,,0000,0000,0000,,or at least what I hope you'll find interesting perspectives.
Dialogue: 0,0:01:16.72,0:01:20.34,Default,,0000,0000,0000,,This talk is about some possible explanations
Dialogue: 0,0:01:20.34,0:01:25.00,Default,,0000,0000,0000,,that usable security research can offer to the question
Dialogue: 0,0:01:25.00,0:01:27.34,Default,,0000,0000,0000,,Now some context, something about myself,
Dialogue: 0,0:01:27.34,0:01:34.02,Default,,0000,0000,0000,,so you have a bit of an idea where I'm coming from
Dialogue: 0,0:01:34.02,0:01:39.20,Default,,0000,0000,0000,,and what coloured glassed I have on.
Dialogue: 0,0:01:39.20,0:01:44.03,Default,,0000,0000,0000,,So pretty much my background is in Mathematics,
Dialogue: 0,0:01:44.03,0:01:48.50,Default,,0000,0000,0000,,Computer science, and—strangely enough—International relations
Dialogue: 0,0:01:48.50,0:01:51.86,Default,,0000,0000,0000,,My professional background is that I've been doing
Dialogue: 0,0:01:51.86,0:01:57.32,Default,,0000,0000,0000,,embedded system security evaluations and training
Dialogue: 0,0:01:57.32,0:02:02.89,Default,,0000,0000,0000,,and I've also been a PhD student, studying the usability of security.
Dialogue: 0,0:02:02.89,0:02:07.73,Default,,0000,0000,0000,,Currently, I teach the new generation,
Dialogue: 0,0:02:07.73,0:02:14.73,Default,,0000,0000,0000,,hoping to bring some new blood into the security world.
Dialogue: 0,0:02:15.03,0:02:17.91,Default,,0000,0000,0000,,I want to do some expectation setting
Dialogue: 0,0:02:17.91,0:02:21.32,Default,,0000,0000,0000,,I want to say, what this talk is not about.
Dialogue: 0,0:02:21.32,0:02:23.66,Default,,0000,0000,0000,,I will also give some helpful pointers for
Dialogue: 0,0:02:23.66,0:02:29.51,Default,,0000,0000,0000,,those of you that are interested in these other areas.
Dialogue: 0,0:02:29.51,0:02:34.27,Default,,0000,0000,0000,,I will not go into too much detail about the issue of truth
Dialogue: 0,0:02:34.27,0:02:37.51,Default,,0000,0000,0000,,in security science.
Dialogue: 0,0:02:37.51,0:02:40.47,Default,,0000,0000,0000,,Here are some links to some interesting papers that cover this
Dialogue: 0,0:02:40.47,0:02:42.93,Default,,0000,0000,0000,,in a lot of detail.
Dialogue: 0,0:02:42.93,0:02:45.65,Default,,0000,0000,0000,,Neither will I be giving a security primer.
Dialogue: 0,0:02:45.65,0:02:50.22,Default,,0000,0000,0000,,There are some nice links to books on the slide.
Dialogue: 0,0:02:50.22,0:02:55.34,Default,,0000,0000,0000,,I'll also not be giving a cryptography primer or a history lesson.
Dialogue: 0,0:02:55.34,0:02:57.82,Default,,0000,0000,0000,,Neither will I be giving an introduction to PGP
Dialogue: 0,0:02:57.82,0:03:02.75,Default,,0000,0000,0000,,And, interestingly enough, even though the talk is titled
Dialogue: 0,0:03:02.75,0:03:06.58,Default,,0000,0000,0000,,“why is GPG damn near unusable”, I will
Dialogue: 0,0:03:06.58,0:03:10.16,Default,,0000,0000,0000,,not really be doing much PGP bashing
Dialogue: 0,0:03:10.16,0:03:15.29,Default,,0000,0000,0000,,I think it's quite, actually, a wonderful effort and other people
Dialogue: 0,0:03:15.29,0:03:20.74,Default,,0000,0000,0000,,have pretty much done the PGP/GnuPG bashing for me.
Dialogue: 0,0:03:20.74,0:03:25.56,Default,,0000,0000,0000,,And, as I've already mentioned, I will not be giving any definite answers
Dialogue: 0,0:03:25.56,0:03:29.33,Default,,0000,0000,0000,,and a lot of “it depends.”
Dialogue: 0,0:03:29.33,0:03:33.74,Default,,0000,0000,0000,,But then you might ask “well, it depends. What does it depend on?”
Dialogue: 0,0:03:33.74,0:03:37.32,Default,,0000,0000,0000,,Well, for one: What users you’re looking at
Dialogue: 0,0:03:37.32,0:03:39.69,Default,,0000,0000,0000,,which goals they have in mind and
Dialogue: 0,0:03:39.69,0:03:43.61,Default,,0000,0000,0000,,in what context, what environment they’re doing these things.
Dialogue: 0,0:03:43.61,0:03:47.82,Default,,0000,0000,0000,,So, instead I want to kindle your inspiration
Dialogue: 0,0:03:47.82,0:03:54.49,Default,,0000,0000,0000,,I want to offer you a new view on the security environment
Dialogue: 0,0:03:54.49,0:03:59.70,Default,,0000,0000,0000,,and I'll also give you some concrete exercises that you can try out
Dialogue: 0,0:03:59.70,0:04:01.86,Default,,0000,0000,0000,,at home or at the office.
Dialogue: 0,0:04:01.86,0:04:07.74,Default,,0000,0000,0000,,Some “do’s” and “don’t’s” and pointers for further exploration:
Dialogue: 0,0:04:07.74,0:04:10.25,Default,,0000,0000,0000,,This is a short overview of the talk
Dialogue: 0,0:04:10.25,0:04:16.25,Default,,0000,0000,0000,,I'll start with the background story to why I’m giving this talk
Dialogue: 0,0:04:16.25,0:04:21.30,Default,,0000,0000,0000,,then an overview over usable security research area,
Dialogue: 0,0:04:21.30,0:04:24.63,Default,,0000,0000,0000,,some principles and methods for usablity,
Dialogue: 0,0:04:24.63,0:04:28.59,Default,,0000,0000,0000,,some case studies, then some open questions remain
Dialogue: 0,0:04:28.59,0:04:35.59,Default,,0000,0000,0000,,So, the story. Well. It all started with this book.
Dialogue: 0,0:04:36.81,0:04:41.26,Default,,0000,0000,0000,,When I was reading about the Snowden revelations,
Dialogue: 0,0:04:41.26,0:04:46.69,Default,,0000,0000,0000,,I read, how Snowden tried to contact Glenn Greenwald.
Dialogue: 0,0:04:46.69,0:04:53.27,Default,,0000,0000,0000,,On December, 1st, he sent an email, saying, well, writing to Glenn:
Dialogue: 0,0:04:53.27,0:05:00.12,Default,,0000,0000,0000,,“If you don’t use PGP, some people will never be able to contact you.”
Dialogue: 0,0:05:00.12,0:05:05.32,Default,,0000,0000,0000,,“Please install this helpful tool and if you need any help,
Dialogue: 0,0:05:05.32,0:05:08.20,Default,,0000,0000,0000,,please request so.”
Dialogue: 0,0:05:08.20,0:05:11.85,Default,,0000,0000,0000,,Three days later, Glenn Greenwald says: “Sorry, I don’t
Dialogue: 0,0:05:11.85,0:05:16.97,Default,,0000,0000,0000,,know how to do that, but I’ll look into it.”
Dialogue: 0,0:05:16.97,0:05:21.91,Default,,0000,0000,0000,,and Snowden writes back: “Okay, well, sure. And again:
Dialogue: 0,0:05:21.91,0:05:23.98,Default,,0000,0000,0000,,If you need any help, I can facilitate contact.”
Dialogue: 0,0:05:23.98,0:05:28.72,Default,,0000,0000,0000,,Now, a mere seven weeks later,
Dialogue: 0,0:05:28.72,0:05:30.05,Default,,0000,0000,0000,,{\i1}Laughter{\i0}
Dialogue: 0,0:05:30.05,0:05:37.05,Default,,0000,0000,0000,,Glenn is like “okay, well, I’ll do it within the next days or so.”
Dialogue: 0,0:05:37.32,0:05:38.29,Default,,0000,0000,0000,,Okay, sure …
Dialogue: 0,0:05:38.29,0:05:42.78,Default,,0000,0000,0000,,Snowden’s like “my sincerest thanks”.
Dialogue: 0,0:05:42.78,0:05:46.44,Default,,0000,0000,0000,,But actually in the meantime, Snowden was growing a bit impatient
Dialogue: 0,0:05:46.44,0:05:51.08,Default,,0000,0000,0000,,’cause, okay, “why are you not encrypting?”
Dialogue: 0,0:05:51.08,0:05:55.05,Default,,0000,0000,0000,,So he sent an email to Micah Lee, saying, “okay, well, hello,
Dialogue: 0,0:05:55.05,0:06:01.82,Default,,0000,0000,0000,,I’m a friend, can you help me getting contact with Laura Poitras?”
Dialogue: 0,0:06:01.82,0:06:06.26,Default,,0000,0000,0000,,In addition to that, he made a ten-minute video for Glenn Greenwald
Dialogue: 0,0:06:06.26,0:06:09.27,Default,,0000,0000,0000,,{\i1}Laughter{\i0}
Dialogue: 0,0:06:09.27,0:06:11.34,Default,,0000,0000,0000,,… describing how to use GPG.
Dialogue: 0,0:06:11.34,0:06:17.25,Default,,0000,0000,0000,,And actually I have quite a lot of screenshots of that video
Dialogue: 0,0:06:17.25,0:06:19.88,Default,,0000,0000,0000,,and it's quite entertaining.
Dialogue: 0,0:06:19.88,0:06:24.16,Default,,0000,0000,0000,,’cause, of course, Snowden was getting increasingly
Dialogue: 0,0:06:24.16,0:06:27.55,Default,,0000,0000,0000,,bothered by the whole situation.
Dialogue: 0,0:06:27.55,0:06:33.09,Default,,0000,0000,0000,,Now, this is the video that Snowden made
Dialogue: 0,0:06:33.09,0:06:40.09,Default,,0000,0000,0000,,“GPG for Journalists. For Windows.”
Dialogue: 0,0:06:40.99,0:06:46.86,Default,,0000,0000,0000,,{\i1}Laughter{\i0}
Dialogue: 0,0:06:48.80,0:06:51.34,Default,,0000,0000,0000,,I’ll just click through it, because I think,
Dialogue: 0,0:06:51.34,0:06:53.96,Default,,0000,0000,0000,,the slides speak for themselves.
Dialogue: 0,0:06:53.96,0:07:00.96,Default,,0000,0000,0000,,Take notes of all the usability issues you can identify.
Dialogue: 0,0:07:01.86,0:07:06.03,Default,,0000,0000,0000,,So just click through the wizard, generate a new key,
Dialogue: 0,0:07:06.03,0:07:11.71,Default,,0000,0000,0000,,enable “expert settings”, ’cause we want 3000-bit keys
Dialogue: 0,0:07:11.71,0:07:15.96,Default,,0000,0000,0000,,We want a very long password, etc.
Dialogue: 0,0:07:15.96,0:07:19.26,Default,,0000,0000,0000,,And now, of course, we also wanna go and find keys
Dialogue: 0,0:07:19.26,0:07:21.84,Default,,0000,0000,0000,,on the keyserver.
Dialogue: 0,0:07:21.84,0:07:24.79,Default,,0000,0000,0000,,And we need to make sure that we shouldn’t
Dialogue: 0,0:07:24.79,0:07:28.67,Default,,0000,0000,0000,,write our draft messages in GMail
Dialogue: 0,0:07:28.67,0:07:31.74,Default,,0000,0000,0000,,or Thunderbird and enigmail, for that matter.
Dialogue: 0,0:07:31.74,0:07:37.34,Default,,0000,0000,0000,,Although that issue has been solved.
Dialogue: 0,0:07:39.58,0:07:42.23,Default,,0000,0000,0000,,So, I think you can start seeing
Dialogue: 0,0:07:42.23,0:07:45.38,Default,,0000,0000,0000,,why Glenn Greenwald\N—even if he did open this video—
Dialogue: 0,0:07:45.38,0:07:52.85,Default,,0000,0000,0000,,was like\N“okay, well, I’m not gonna bother.”
Dialogue: 0,0:07:52.85,0:07:56.82,Default,,0000,0000,0000,,And Snowden is so kind to say, after 12 minutes,
Dialogue: 0,0:07:56.82,0:08:01.58,Default,,0000,0000,0000,,“if you have any remaining questions, please contact me.”
Dialogue: 0,0:08:01.58,0:08:05.87,Default,,0000,0000,0000,,At this year’s HOPE conference,
Dialogue: 0,0:08:05.87,0:08:12.39,Default,,0000,0000,0000,,Snowden actually did a call for arms and he said
Dialogue: 0,0:08:12.39,0:08:16.74,Default,,0000,0000,0000,,“Okay, we need people to evaluate our security systems.
Dialogue: 0,0:08:16.74,0:08:23.74,Default,,0000,0000,0000,,we need people to go and do red team. But in addition to that,
Dialogue: 0,0:08:25.53,0:08:30.97,Default,,0000,0000,0000,,we also need to look at the user experience issue.”
Dialogue: 0,0:08:30.97,0:08:37.09,Default,,0000,0000,0000,,So this is a transcript of his kind of manifesto
Dialogue: 0,0:08:37.09,0:08:42.19,Default,,0000,0000,0000,,and he says: “GPG is really damn near unusable”
Dialogue: 0,0:08:42.19,0:08:46.81,Default,,0000,0000,0000,,because, well, of course, you might know command line
Dialogue: 0,0:08:46.81,0:08:49.91,Default,,0000,0000,0000,,and then, okay, you might be okay
Dialogue: 0,0:08:49.91,0:08:53.47,Default,,0000,0000,0000,,but “Gam Gam at the home”, she is never going to be able
Dialogue: 0,0:08:53.47,0:08:59.49,Default,,0000,0000,0000,,to use GnuPG.
Dialogue: 0,0:08:59.49,0:09:09.13,Default,,0000,0000,0000,,And he also notes that, okay, we were part of a technical elite
Dialogue: 0,0:09:09.13,0:09:15.75,Default,,0000,0000,0000,,and he calls on us to work on the technical literacy of people
Dialogue: 0,0:09:15.75,0:09:18.34,Default,,0000,0000,0000,,because what he explicitly warns against is
Dialogue: 0,0:09:18.34,0:09:22.68,Default,,0000,0000,0000,,a high priesthood of technology.
Dialogue: 0,0:09:22.68,0:09:27.85,Default,,0000,0000,0000,,Okay, that’s a nice call to arms
Dialogue: 0,0:09:27.85,0:09:32.95,Default,,0000,0000,0000,,but are we actually up for a new dawn?
Dialogue: 0,0:09:32.95,0:09:40.49,Default,,0000,0000,0000,,Well, I wanna go into the background of usable security
Dialogue: 0,0:09:40.49,0:09:44.96,Default,,0000,0000,0000,,and I wanna show you that we’ve actually been
Dialogue: 0,0:09:44.96,0:09:48.01,Default,,0000,0000,0000,,in a pretty dark time.
Dialogue: 0,0:09:48.01,0:09:55.100,Default,,0000,0000,0000,,So, back in 1999, there was this paper:\N“Why Johnny can’t encrypt”
Dialogue: 0,0:09:56.00,0:10:01.22,Default,,0000,0000,0000,,which described mostly the same broken interface
Dialogue: 0,0:10:01.22,0:10:09.100,Default,,0000,0000,0000,,so if you remember, if you go back to the video of which
Dialogue: 0,0:10:09.100,0:10:15.37,Default,,0000,0000,0000,,I showed some screenshots, then, well, if you look at
Dialogue: 0,0:10:15.37,0:10:21.90,Default,,0000,0000,0000,,these screenshots from 1999, well,\Nis there a lot of difference?
Dialogue: 0,0:10:21.90,0:10:24.47,Default,,0000,0000,0000,,Not really! Nothing much has changed.
Dialogue: 0,0:10:24.47,0:10:25.80,Default,,0000,0000,0000,,There are still the same
Dialogue: 0,0:10:25.80,0:10:31.76,Default,,0000,0000,0000,,conceptual barriers,\Nand same crappy defaults.
Dialogue: 0,0:10:31.76,0:10:35.98,Default,,0000,0000,0000,,And most astonishingly, in the paper there
Dialogue: 0,0:10:35.98,0:10:39.46,Default,,0000,0000,0000,,is a description of a user study where
Dialogue: 0,0:10:39.46,0:10:44.83,Default,,0000,0000,0000,,users were given 90 minutes to encrypt an email
Dialogue: 0,0:10:44.83,0:10:49.86,Default,,0000,0000,0000,,and most were unable to do so.
Dialogue: 0,0:10:49.86,0:10:55.38,Default,,0000,0000,0000,,I think, that pretty much describes “damn near unusable.”
Dialogue: 0,0:10:55.38,0:11:02.55,Default,,0000,0000,0000,,A timeline from, well, before 1999 to now
Dialogue: 0,0:11:02.55,0:11:06.10,Default,,0000,0000,0000,,of the usable security research.
Dialogue: 0,0:11:06.10,0:11:09.92,Default,,0000,0000,0000,,So, quite a lot has happened
Dialogue: 0,0:11:09.92,0:11:15.18,Default,,0000,0000,0000,,although it is still a growing field.
Dialogue: 0,0:11:15.18,0:11:20.95,Default,,0000,0000,0000,,It started—the idea of usable security,\Nit was explicitly defined first—
Dialogue: 0,0:11:20.95,0:11:29.76,Default,,0000,0000,0000,,in 1975, but it was only until\N… only in … 1989 that
Dialogue: 0,0:11:29.76,0:11:33.38,Default,,0000,0000,0000,,the first usability tests were carried out.
Dialogue: 0,0:11:33.38,0:11:38.43,Default,,0000,0000,0000,,And only in 1996 that
Dialogue: 0,0:11:38.43,0:11:44.66,Default,,0000,0000,0000,,the concept of “user-centered security”\Nwas described.
Dialogue: 0,0:11:44.66,0:11:49.27,Default,,0000,0000,0000,,An interesting paper, also from 1999, shows how
Dialogue: 0,0:11:49.27,0:11:55.24,Default,,0000,0000,0000,,contary to the general description of users as lazy
Dialogue: 0,0:11:55.24,0:12:00.83,Default,,0000,0000,0000,,and basically as the weakest chain in security
Dialogue: 0,0:12:00.83,0:12:06.01,Default,,0000,0000,0000,,this paper describes users as pretty rational beings
Dialogue: 0,0:12:06.01,0:12:09.66,Default,,0000,0000,0000,,who see security as an overhead and …\Nwhere they don't
Dialogue: 0,0:12:09.66,0:12:16.59,Default,,0000,0000,0000,,understand the usefulness of what they’re doing.
Dialogue: 0,0:12:16.59,0:12:21.31,Default,,0000,0000,0000,,The study of PGP 5.0, I’ve talked about that already,
Dialogue: 0,0:12:21.31,0:12:27.55,Default,,0000,0000,0000,,and there was also a study of the\NKazaa network in 2002.
Dialogue: 0,0:12:27.55,0:12:29.55,Default,,0000,0000,0000,,And it was found out that a lot of users were
Dialogue: 0,0:12:29.55,0:12:35.34,Default,,0000,0000,0000,,accidentally sharing files from personal pictures,
Dialogue: 0,0:12:35.34,0:12:41.75,Default,,0000,0000,0000,,who knows, maybe credit-card details,\Nyou never know, right?
Dialogue: 0,0:12:41.75,0:12:48.21,Default,,0000,0000,0000,,In 2002, a lot of the knowledge of usable security design
Dialogue: 0,0:12:48.21,0:12:51.18,Default,,0000,0000,0000,,was concretised in ten key principles
Dialogue: 0,0:12:51.18,0:12:54.47,Default,,0000,0000,0000,,and if you’re interested,
Dialogue: 0,0:12:54.47,0:13:03.100,Default,,0000,0000,0000,,I do recommend you to look at the paper.
Dialogue: 0,0:13:03.100,0:13:09.94,Default,,0000,0000,0000,,A solution to the PGP problem was proposed in
Dialogue: 0,0:13:09.94,0:13:11.68,Default,,0000,0000,0000,,2004, well, actually,
Dialogue: 0,0:13:11.68,0:13:15.05,Default,,0000,0000,0000,,it was proposed earlier \Nbut it was tested in 2005.
Dialogue: 0,0:13:15.05,0:13:19.53,Default,,0000,0000,0000,,And it was found that actually\Nif we automate encryption
Dialogue: 0,0:13:19.53,0:13:23.87,Default,,0000,0000,0000,,and if we automate key exchange then, well,
Dialogue: 0,0:13:23.87,0:13:26.06,Default,,0000,0000,0000,,things are pretty workable, except that
Dialogue: 0,0:13:26.06,0:13:30.29,Default,,0000,0000,0000,,users still fall for\Nphishing attacks, of course.
Dialogue: 0,0:13:30.29,0:13:38.40,Default,,0000,0000,0000,,But last year, another research\Nidentified that, well,
Dialogue: 0,0:13:38.40,0:13:41.84,Default,,0000,0000,0000,,making security transparent is all nice and well
Dialogue: 0,0:13:41.84,0:13:46.31,Default,,0000,0000,0000,,but it's also dangerous because users no longer
Dialogue: 0,0:13:46.31,0:13:49.88,Default,,0000,0000,0000,,are less likely to trust the system and
Dialogue: 0,0:13:49.88,0:13:54.26,Default,,0000,0000,0000,,are less likely to really understand\Nwhat’s really happening.
Dialogue: 0,0:13:54.26,0:13:59.49,Default,,0000,0000,0000,,So a paper this year also identified another issue:
Dialogue: 0,0:13:59.49,0:14:04.21,Default,,0000,0000,0000,,Users generally have very bad understanding
Dialogue: 0,0:14:04.21,0:14:05.98,Default,,0000,0000,0000,,of the email architecture.
Dialogue: 0,0:14:05.98,0:14:08.58,Default,,0000,0000,0000,,An email goes from point A to point B.
Dialogue: 0,0:14:08.58,0:14:15.63,Default,,0000,0000,0000,,And what happens in-between is unknown.
Dialogue: 0,0:14:15.63,0:14:22.57,Default,,0000,0000,0000,,So, before I go on to general usability principles
Dialogue: 0,0:14:22.57,0:14:27.55,Default,,0000,0000,0000,,from the founding pillar of the usable security field
Dialogue: 0,0:14:27.55,0:14:33.67,Default,,0000,0000,0000,,I wanna give some exaples of usability failures.
Dialogue: 0,0:14:33.67,0:14:37.47,Default,,0000,0000,0000,,You might be familiar with project VENONA.
Dialogue: 0,0:14:37.47,0:14:41.65,Default,,0000,0000,0000,,This was an effort by the US intelligence agencies
Dialogue: 0,0:14:41.65,0:14:45.29,Default,,0000,0000,0000,,to try and decrypt soviet communication.
Dialogue: 0,0:14:45.29,0:14:49.39,Default,,0000,0000,0000,,And they actually were pretty successful.
Dialogue: 0,0:14:49.39,0:14:53.98,Default,,0000,0000,0000,,They encovered a lot of spying and, well,
Dialogue: 0,0:14:53.98,0:14:56.19,Default,,0000,0000,0000,,how did they do this?
Dialogue: 0,0:14:56.19,0:14:59.87,Default,,0000,0000,0000,,The soviets were using one-time pads and,
Dialogue: 0,0:14:59.87,0:15:02.62,Default,,0000,0000,0000,,well, if you reuse a one-time pad,
Dialogue: 0,0:15:02.62,0:15:08.07,Default,,0000,0000,0000,,then you leak a lot of information about plain-text.
Dialogue: 0,0:15:08.07,0:15:10.27,Default,,0000,0000,0000,,Well, what we also see happening a lot is
Dialogue: 0,0:15:10.27,0:15:12.60,Default,,0000,0000,0000,,low password entropy.
Dialogue: 0,0:15:12.60,0:15:19.44,Default,,0000,0000,0000,,We have people choosing password “123456”, etc.
Dialogue: 0,0:15:19.44,0:15:25.48,Default,,0000,0000,0000,,And what I just described, the study looking into
Dialogue: 0,0:15:25.48,0:15:29.25,Default,,0000,0000,0000,,the mental models of users,
Dialogue: 0,0:15:29.25,0:15:32.30,Default,,0000,0000,0000,,of the email architecture and how it works
Dialogue: 0,0:15:32.30,0:15:34.82,Default,,0000,0000,0000,,well, at the top you have
Dialogue: 0,0:15:34.82,0:15:37.88,Default,,0000,0000,0000,,still a pretty simplified description of how things work
Dialogue: 0,0:15:37.88,0:15:40.52,Default,,0000,0000,0000,,and at the bottom we have an actual drawing
Dialogue: 0,0:15:40.52,0:15:43.30,Default,,0000,0000,0000,,of a research participant when asked:
Dialogue: 0,0:15:43.30,0:15:49.78,Default,,0000,0000,0000,,“Can you draw how an email\Ngoes from point A to point B?”
Dialogue: 0,0:15:49.78,0:15:53.78,Default,,0000,0000,0000,,And it’s like:\N“Well, it goes from one place to the other.”
Dialogue: 0,0:15:53.78,0:15:58.83,Default,,0000,0000,0000,,Okay …
Dialogue: 0,0:15:58.83,0:16:01.04,Default,,0000,0000,0000,,{\i1}clicking sounds{\i0}
Dialogue: 0,0:16:01.04,0:16:03.67,Default,,0000,0000,0000,,Okay, so this died.
Dialogue: 0,0:16:12.57,0:16:18.69,Default,,0000,0000,0000,,So, these are two screenshots of enigmail
Dialogue: 0,0:16:18.69,0:16:21.94,Default,,0000,0000,0000,,Well, if I wouldn’t have marked them
Dialogue: 0,0:16:21.94,0:16:27.20,Default,,0000,0000,0000,,as the plaintext and encrypted email that would be sent
Dialogue: 0,0:16:27.20,0:16:30.90,Default,,0000,0000,0000,,you probably wouldn’t have spotted which was which
Dialogue: 0,0:16:30.90,0:16:34.61,Default,,0000,0000,0000,,this is a pretty big failure in
Dialogue: 0,0:16:34.61,0:16:39.84,Default,,0000,0000,0000,,the visibility of the system.
Dialogue: 0,0:16:39.84,0:16:44.68,Default,,0000,0000,0000,,You don’t see anything? Ah.
Dialogue: 0,0:16:44.68,0:16:47.51,Default,,0000,0000,0000,,Audience: “That’s the point!”\NThat's the point, yes!
Dialogue: 0,0:16:47.51,0:16:58.11,Default,,0000,0000,0000,,{\i1}laughter{\i0}\N{\i1}applause{\i0}
Dialogue: 0,0:16:58.11,0:17:02.21,Default,,0000,0000,0000,,On the left we have a screenshot of GPG and
Dialogue: 0,0:17:02.21,0:17:04.30,Default,,0000,0000,0000,,as I’ve already described,
Dialogue: 0,0:17:04.30,0:17:08.53,Default,,0000,0000,0000,,command line people, we like command lines
Dialogue: 0,0:17:08.53,0:17:11.30,Default,,0000,0000,0000,,but normal people don’t.
Dialogue: 0,0:17:11.30,0:17:13.72,Default,,0000,0000,0000,,And what we also see is a lot of the jargon that is
Dialogue: 0,0:17:13.72,0:17:17.03,Default,,0000,0000,0000,,currently being used even in GUI applications
Dialogue: 0,0:17:17.03,0:17:23.41,Default,,0000,0000,0000,,so on the right there is PGP 10.0.
Dialogue: 0,0:17:23.41,0:17:25.98,Default,,0000,0000,0000,,Now I wanna close these examples with
Dialogue: 0,0:17:25.98,0:17:28.53,Default,,0000,0000,0000,,well, you might be wondering: “what is this?”
Dialogue: 0,0:17:28.53,0:17:32.59,Default,,0000,0000,0000,,This is actually an example of a security device
Dialogue: 0,0:17:32.59,0:17:36.65,Default,,0000,0000,0000,,from, I think it’s around 4000 years ago.
Dialogue: 0,0:17:36.65,0:17:38.36,Default,,0000,0000,0000,,Like, People could use this.
Dialogue: 0,0:17:38.36,0:17:42.87,Default,,0000,0000,0000,,Why can’t we get it right today?
Dialogue: 0,0:17:42.87,0:17:46.36,Default,,0000,0000,0000,,Something that you should,
Dialogue: 0,0:17:46.36,0:17:48.87,Default,,0000,0000,0000,,this is a little homework exercise,
Dialogue: 0,0:17:48.87,0:17:52.42,Default,,0000,0000,0000,,take a laptop to your grandma, show her PGP,
Dialogue: 0,0:17:52.42,0:17:55.11,Default,,0000,0000,0000,,can she use it—yes or no?
Dialogue: 0,0:17:55.11,0:18:02.44,Default,,0000,0000,0000,,Probably not, but who knows?
Dialogue: 0,0:18:02.45,0:18:03.74,Default,,0000,0000,0000,,Now I wanna go into
Dialogue: 0,0:18:03.74,0:18:09.84,Default,,0000,0000,0000,,the usability cornerstones of usable security.
Dialogue: 0,0:18:09.84,0:18:13.05,Default,,0000,0000,0000,,I wanna start with heuristics
Dialogue: 0,0:18:13.05,0:18:15.52,Default,,0000,0000,0000,,some people call them “rules of thumb,” other people
Dialogue: 0,0:18:15.52,0:18:19.06,Default,,0000,0000,0000,,call them “the ten holy commandments”
Dialogue: 0,0:18:19.06,0:18:23.30,Default,,0000,0000,0000,,For example, the ten commandments of Dieter Rams,
Dialogue: 0,0:18:23.30,0:18:27.06,Default,,0000,0000,0000,,there is ten commandments of Jakob Nielsen,
Dialogue: 0,0:18:27.06,0:18:28.25,Default,,0000,0000,0000,,of Don Norman
Dialogue: 0,0:18:28.25,0:18:35.11,Default,,0000,0000,0000,,and it really depends on who you believe in, etc.
Dialogue: 0,0:18:35.11,0:18:37.38,Default,,0000,0000,0000,,But at the cornerstone of all of these is that
Dialogue: 0,0:18:37.38,0:18:40.27,Default,,0000,0000,0000,,design is made for people.
Dialogue: 0,0:18:40.27,0:18:45.80,Default,,0000,0000,0000,,And, well, actually, Google says it quite well
Dialogue: 0,0:18:45.80,0:18:48.56,Default,,0000,0000,0000,,in their guiding mission:
Dialogue: 0,0:18:48.56,0:18:52.74,Default,,0000,0000,0000,,“Focus on the user and all else will follow.”
Dialogue: 0,0:18:52.74,0:18:54.81,Default,,0000,0000,0000,,Or, as a usability maxim:
Dialogue: 0,0:18:54.81,0:18:57.35,Default,,0000,0000,0000,,“thou shalt test with thy user”
Dialogue: 0,0:18:57.35,0:19:01.21,Default,,0000,0000,0000,,Don’t just give them the thing.
Dialogue: 0,0:19:01.21,0:19:03.20,Default,,0000,0000,0000,,But there is one problem with these heuristics
Dialogue: 0,0:19:03.20,0:19:06.51,Default,,0000,0000,0000,,and with this advice going just with your user.
Dialogue: 0,0:19:06.51,0:19:10.89,Default,,0000,0000,0000,,Because it’s a pretty abstract advice.
Dialogue: 0,0:19:10.89,0:19:12.09,Default,,0000,0000,0000,,What do you do?
Dialogue: 0,0:19:12.09,0:19:13.94,Default,,0000,0000,0000,,You go out into the world to get practice.
Dialogue: 0,0:19:13.94,0:19:17.87,Default,,0000,0000,0000,,You start observing people.
Dialogue: 0,0:19:17.87,0:19:20.17,Default,,0000,0000,0000,,One nice exercise to try is:
Dialogue: 0,0:19:20.17,0:19:21.29,Default,,0000,0000,0000,,go to the vending machine,
Dialogue: 0,0:19:21.29,0:19:24.54,Default,,0000,0000,0000,,for example the ones at the S-Bahn.
Dialogue: 0,0:19:24.54,0:19:26.05,Default,,0000,0000,0000,,Just stand next to it
Dialogue: 0,0:19:26.05,0:19:28.27,Default,,0000,0000,0000,,and observe people buying tickets.
Dialogue: 0,0:19:28.27,0:19:30.86,Default,,0000,0000,0000,,It’s quite entertaining, actually.
Dialogue: 0,0:19:30.86,0:19:33.50,Default,,0000,0000,0000,,{\i1}Laughter{\i0}
Dialogue: 0,0:19:33.50,0:19:36.01,Default,,0000,0000,0000,,And something you can also do is
Dialogue: 0,0:19:36.01,0:19:37.89,Default,,0000,0000,0000,,search for usability failures.
Dialogue: 0,0:19:37.89,0:19:39.75,Default,,0000,0000,0000,,This is what you already do when
Dialogue: 0,0:19:39.75,0:19:41.27,Default,,0000,0000,0000,,you’re observing people.
Dialogue: 0,0:19:41.27,0:19:45.32,Default,,0000,0000,0000,,But even just google for “usability failure”,
Dialogue: 0,0:19:45.32,0:19:47.87,Default,,0000,0000,0000,,“GUI fail”, etc., and you will find
Dialogue: 0,0:19:47.87,0:19:53.40,Default,,0000,0000,0000,,lots of entertaining stuff.
Dialogue: 0,0:19:53.40,0:19:54.95,Default,,0000,0000,0000,,Those were some heuristics
Dialogue: 0,0:19:54.95,0:19:56.25,Default,,0000,0000,0000,,but what about the princpiles
Dialogue: 0,0:19:56.25,0:20:01.74,Default,,0000,0000,0000,,that lie behind those?
Dialogue: 0,0:20:01.74,0:20:05.80,Default,,0000,0000,0000,,Usability or interaction design
Dialogue: 0,0:20:05.80,0:20:09.30,Default,,0000,0000,0000,,is a cycle between the user and the system.
Dialogue: 0,0:20:09.30,0:20:10.47,Default,,0000,0000,0000,,The user and the world.
Dialogue: 0,0:20:10.47,0:20:12.09,Default,,0000,0000,0000,,The user acts on the world
Dialogue: 0,0:20:12.09,0:20:13.59,Default,,0000,0000,0000,,and gets feedback.
Dialogue: 0,0:20:13.59,0:20:17.00,Default,,0000,0000,0000,,They interpret that.
Dialogue: 0,0:20:17.00,0:20:18.48,Default,,0000,0000,0000,,One important concept is
Dialogue: 0,0:20:18.48,0:20:20.07,Default,,0000,0000,0000,,for things to be visible.
Dialogue: 0,0:20:20.07,0:20:21.11,Default,,0000,0000,0000,,For the underlying system state
Dialogue: 0,0:20:21.11,0:20:22.32,Default,,0000,0000,0000,,to be visible and
Dialogue: 0,0:20:22.32,0:20:23.76,Default,,0000,0000,0000,,you get appropriate feedback
Dialogue: 0,0:20:23.76,0:20:26.17,Default,,0000,0000,0000,,from the system.
Dialogue: 0,0:20:26.17,0:20:31.23,Default,,0000,0000,0000,,So these are Don Norman’s gulfs\Nof execution and evaluation
Dialogue: 0,0:20:31.23,0:20:34.94,Default,,0000,0000,0000,,sort of yin and yang.
Dialogue: 0,0:20:34.94,0:20:38.55,Default,,0000,0000,0000,,And there is two concrete problems
Dialogue: 0,0:20:38.55,0:20:39.83,Default,,0000,0000,0000,,to illustrate.
Dialogue: 0,0:20:39.83,0:20:41.85,Default,,0000,0000,0000,,For example, the button problem
Dialogue: 0,0:20:41.85,0:20:45.84,Default,,0000,0000,0000,,that “how do you know what happens\Nwhen you push the button?”
Dialogue: 0,0:20:45.84,0:20:50.62,Default,,0000,0000,0000,,and “how do you know how to push it?”
Dialogue: 0,0:20:50.62,0:20:52.75,Default,,0000,0000,0000,,I unforunately don’t have a picture of it
Dialogue: 0,0:20:52.75,0:20:58.36,Default,,0000,0000,0000,,but at Oxford station, the tabs in the bathrooms
Dialogue: 0,0:20:58.36,0:21:01.55,Default,,0000,0000,0000,,they say “push” and you need to turn.
Dialogue: 0,0:21:01.55,0:21:05.44,Default,,0000,0000,0000,,{\i1}Laughter{\i0}
Dialogue: 0,0:21:05.44,0:21:08.51,Default,,0000,0000,0000,,Then there is the toilet door problem.
Dialogue: 0,0:21:08.51,0:21:11.74,Default,,0000,0000,0000,,The problem of “how do you know\Nwhat state a system is in”.
Dialogue: 0,0:21:11.74,0:21:15.73,Default,,0000,0000,0000,,How do you know whether an email will be encrypted?
Dialogue: 0,0:21:15.73,0:21:20.27,Default,,0000,0000,0000,,This is a picture …
Dialogue: 0,0:21:20.27,0:21:21.98,Default,,0000,0000,0000,,basically there is two locks.
Dialogue: 0,0:21:21.98,0:21:26.12,Default,,0000,0000,0000,,One is actually broken and it’s …\Nwhen pushing the button that's on the
Dialogue: 0,0:21:26.12,0:21:29.05,Default,,0000,0000,0000,,door handle, you usually lock the door.
Dialogue: 0,0:21:29.05,0:21:31.62,Default,,0000,0000,0000,,But … well … it broke. So that must have been
Dialogue: 0,0:21:31.62,0:21:36.20,Default,,0000,0000,0000,,an entertaining accident.
Dialogue: 0,0:21:36.20,0:21:39.08,Default,,0000,0000,0000,,Another, as I’ve already described,
Dialogue: 0,0:21:39.08,0:21:44.34,Default,,0000,0000,0000,,another important concept is that of mental models.
Dialogue: 0,0:21:44.34,0:21:47.86,Default,,0000,0000,0000,,It’s a question of what idea does the user have
Dialogue: 0,0:21:47.86,0:21:52.59,Default,,0000,0000,0000,,of the system by interacting with it?
Dialogue: 0,0:21:52.59,0:21:55.88,Default,,0000,0000,0000,,How do they acquire knowledge?
Dialogue: 0,0:21:55.88,0:21:59.25,Default,,0000,0000,0000,,For example, how to achieve discoverability
Dialogue: 0,0:21:59.25,0:22:00.77,Default,,0000,0000,0000,,of the system?
Dialogue: 0,0:22:00.77,0:22:05.71,Default,,0000,0000,0000,,And how to ensure that while\Na user is discovering the system
Dialogue: 0,0:22:05.71,0:22:09.48,Default,,0000,0000,0000,,that they are less likely to make mistakes?
Dialogue: 0,0:22:09.48,0:22:13.88,Default,,0000,0000,0000,,So this is the concept of poka-yoke
Dialogue: 0,0:22:13.88,0:22:18.43,Default,,0000,0000,0000,,and it’s … here is an example\Nyou also see with floppy disks,
Dialogue: 0,0:22:18.43,0:22:22.09,Default,,0000,0000,0000,,with USB sticks, etc.
Dialogue: 0,0:22:22.09,0:22:24.31,Default,,0000,0000,0000,,It’s engineered such that users are
Dialogue: 0,0:22:24.31,0:22:27.02,Default,,0000,0000,0000,,less likely to make a mistake.
Dialogue: 0,0:22:27.02,0:22:30.72,Default,,0000,0000,0000,,Then there’s also the idea\Nof enabling knowledge transfer
Dialogue: 0,0:22:30.72,0:22:33.34,Default,,0000,0000,0000,,So how can we do this?
Dialogue: 0,0:22:33.34,0:22:35.48,Default,,0000,0000,0000,,One thing is metaphors.
Dialogue: 0,0:22:35.48,0:22:39.92,Default,,0000,0000,0000,,And I’m not sure how many of you recognise this,
Dialogue: 0,0:22:39.92,0:22:44.03,Default,,0000,0000,0000,,this is Microsoft BOB.
Dialogue: 0,0:22:44.03,0:22:46.40,Default,,0000,0000,0000,,Traditionally, PC systems have been built
Dialogue: 0,0:22:46.40,0:22:51.91,Default,,0000,0000,0000,,on the desktop metaphor.
Dialogue: 0,0:22:51.91,0:22:58.17,Default,,0000,0000,0000,,{\i1}Laughter{\i0}\NMicrosoft BOB had a little too much.
Dialogue: 0,0:22:58.17,0:23:04.51,Default,,0000,0000,0000,,To enable knowledge transfer,\Nyou can also standardise systems.
Dialogue: 0,0:23:04.51,0:23:08.52,Default,,0000,0000,0000,,And one important tool for this is design languages
Dialogue: 0,0:23:08.52,0:23:12.16,Default,,0000,0000,0000,,so if you’re designing for iOS, go look at
Dialogue: 0,0:23:12.16,0:23:15.97,Default,,0000,0000,0000,,the design language, the Human\NInterface Guidelines of iOS.
Dialogue: 0,0:23:15.97,0:23:19.69,Default,,0000,0000,0000,,The same for Windows – go look\Nat the Metro Design Guidelines.
Dialogue: 0,0:23:19.69,0:23:26.16,Default,,0000,0000,0000,,As for Android, look at Material Design.
Dialogue: 0,0:23:26.16,0:23:30.41,Default,,0000,0000,0000,,Because, another interesting exercise\Nto try out
Dialogue: 0,0:23:30.41,0:23:33.23,Default,,0000,0000,0000,,relating to design languages
Dialogue: 0,0:23:33.23,0:23:38.25,Default,,0000,0000,0000,,and also to get familiar with how designers try to
Dialogue: 0,0:23:38.25,0:23:40.52,Default,,0000,0000,0000,,communicate with users is to
Dialogue: 0,0:23:40.52,0:23:44.64,Default,,0000,0000,0000,,look at an interface and trying to decode
Dialogue: 0,0:23:44.64,0:23:48.60,Default,,0000,0000,0000,,what the designer is trying to say to the user.
Dialogue: 0,0:23:48.60,0:23:53.67,Default,,0000,0000,0000,,And another interesting exercise is to look at
Dialogue: 0,0:23:53.67,0:23:58.84,Default,,0000,0000,0000,,not usability but UNusability.
Dialogue: 0,0:23:58.84,0:24:00.91,Default,,0000,0000,0000,,So there is this pretty interesting book
Dialogue: 0,0:24:00.91,0:24:04.94,Default,,0000,0000,0000,,called “evil by design” and it goes into
Dialogue: 0,0:24:04.94,0:24:08.45,Default,,0000,0000,0000,,all the various techniques that designers use
Dialogue: 0,0:24:08.45,0:24:16.76,Default,,0000,0000,0000,,to fool users, to get them to buy an extra hotel, car, etc.
Dialogue: 0,0:24:16.76,0:24:21.75,Default,,0000,0000,0000,,and, well, RyanAir is pretty much the worst offender
Dialogue: 0,0:24:21.75,0:24:24.97,Default,,0000,0000,0000,,so a good example to study.
Dialogue: 0,0:24:24.97,0:24:30.52,Default,,0000,0000,0000,,{\i1}Applause{\i0}
Dialogue: 0,0:24:30.52,0:24:34.48,Default,,0000,0000,0000,,So, what if you wanna go out into the world
Dialogue: 0,0:24:34.48,0:24:40.22,Default,,0000,0000,0000,,and are gonna apply these princpiles, these heuristics?
Dialogue: 0,0:24:40.22,0:24:42.35,Default,,0000,0000,0000,,The first thing to know is that
Dialogue: 0,0:24:42.35,0:24:45.22,Default,,0000,0000,0000,,design has to be a process
Dialogue: 0,0:24:45.22,0:24:50.74,Default,,0000,0000,0000,,whereby, first part is actually defining your problem.
Dialogue: 0,0:24:50.74,0:24:53.73,Default,,0000,0000,0000,,You first brain-storm
Dialogue: 0,0:24:53.73,0:24:58.23,Default,,0000,0000,0000,,then you try to narrow down to concrete requirements
Dialogue: 0,0:24:58.23,0:25:02.87,Default,,0000,0000,0000,,after which you go and try out\Nthe various approaches
Dialogue: 0,0:25:02.87,0:25:05.85,Default,,0000,0000,0000,,and test these.
Dialogue: 0,0:25:05.85,0:25:09.28,Default,,0000,0000,0000,,What materials do usability experts actually use?
Dialogue: 0,0:25:09.28,0:25:15.63,Default,,0000,0000,0000,,Well, of course there’s expensive tools, Axure, etc.
Dialogue: 0,0:25:15.63,0:25:19.22,Default,,0000,0000,0000,,but I think one of the most used materials
Dialogue: 0,0:25:19.22,0:25:25.49,Default,,0000,0000,0000,,is still the post-it note. Just paper and pens.
Dialogue: 0,0:25:25.49,0:25:28.98,Default,,0000,0000,0000,,And, okay, where do you wanna go and test?
Dialogue: 0,0:25:28.98,0:25:32.09,Default,,0000,0000,0000,,Well, actually, go out into the field.
Dialogue: 0,0:25:32.09,0:25:35.95,Default,,0000,0000,0000,,Go to the ticket machine of the S-Bahn.
Dialogue: 0,0:25:35.95,0:25:39.02,Default,,0000,0000,0000,,But also go and test in the lab, so that you have
Dialogue: 0,0:25:39.02,0:25:42.18,Default,,0000,0000,0000,,a controlled environment.
Dialogue: 0,0:25:42.18,0:25:45.31,Default,,0000,0000,0000,,And then you ask “okay, how do I test?”
Dialogue: 0,0:25:45.31,0:25:49.92,Default,,0000,0000,0000,,Well, first thing is: Go and get some real people.
Dialogue: 0,0:25:49.92,0:25:54.63,Default,,0000,0000,0000,,Of course, it’s … it can be difficult to actually
Dialogue: 0,0:25:54.63,0:26:00.62,Default,,0000,0000,0000,,get people into the lab but it’s not impossible.
Dialogue: 0,0:26:00.62,0:26:02.43,Default,,0000,0000,0000,,So once you have people in the lab,
Dialogue: 0,0:26:02.43,0:26:05.02,Default,,0000,0000,0000,,here are some methods.
Dialogue: 0,0:26:05.02,0:26:07.28,Default,,0000,0000,0000,,There are so many usability evaluation methods
Dialogue: 0,0:26:07.28,0:26:09.41,Default,,0000,0000,0000,,that I’m not gonna list them all and
Dialogue: 0,0:26:09.41,0:26:13.20,Default,,0000,0000,0000,,I encourage you to go and look them up yourself
Dialogue: 0,0:26:13.20,0:26:15.36,Default,,0000,0000,0000,,’cause it’s also very personal what works for you
Dialogue: 0,0:26:15.36,0:26:20.50,Default,,0000,0000,0000,,and what works in your situation.
Dialogue: 0,0:26:20.50,0:26:23.05,Default,,0000,0000,0000,,When using these methods you wanna
Dialogue: 0,0:26:23.05,0:26:25.78,Default,,0000,0000,0000,,evaluate how well a solution works
Dialogue: 0,0:26:25.78,0:26:29.81,Default,,0000,0000,0000,,So you’re gonna look at some matrix
Dialogue: 0,0:26:29.81,0:26:31.41,Default,,0000,0000,0000,,so that at the end of your evaluation
Dialogue: 0,0:26:31.41,0:26:35.10,Default,,0000,0000,0000,,you can say “okay, we’ve done a good job”,
Dialogue: 0,0:26:35.10,0:26:40.10,Default,,0000,0000,0000,,“this can go better”,\N“Okay, maybe we can move that”, …
Dialogue: 0,0:26:40.10,0:26:44.07,Default,,0000,0000,0000,,So these are the standardised ones, so
Dialogue: 0,0:26:44.07,0:26:47.69,Default,,0000,0000,0000,,how effective are people, or etc.
Dialogue: 0,0:26:47.69,0:26:52.91,Default,,0000,0000,0000,,You can read …
Dialogue: 0,0:26:52.91,0:26:55.76,Default,,0000,0000,0000,,For a quick start guide on how to
Dialogue: 0,0:26:55.76,0:26:59.16,Default,,0000,0000,0000,,perform usability studies, this is quite a nice one.
Dialogue: 0,0:26:59.16,0:27:00.48,Default,,0000,0000,0000,,And the most important thing to remember
Dialogue: 0,0:27:00.48,0:27:04.53,Default,,0000,0000,0000,,is that preparation is half the work.
Dialogue: 0,0:27:04.53,0:27:08.12,Default,,0000,0000,0000,,First thing to check that everything is working,
Dialogue: 0,0:27:08.12,0:27:17.18,Default,,0000,0000,0000,,make sure that you have everyone\Nyou need in the room, etc.
Dialogue: 0,0:27:17.18,0:27:23.25,Default,,0000,0000,0000,,And maybe most importantly,\Nusability and usable security,
Dialogue: 0,0:27:23.25,0:27:26.38,Default,,0000,0000,0000,,well, usable security is still a growing field, but
Dialogue: 0,0:27:26.38,0:27:30.63,Default,,0000,0000,0000,,usability is a very large field and most likely
Dialogue: 0,0:27:30.63,0:27:34.72,Default,,0000,0000,0000,,all the problems that you are going to face
Dialogue: 0,0:27:34.72,0:27:36.97,Default,,0000,0000,0000,,or at least a large percentage, other people
Dialogue: 0,0:27:36.97,0:27:39.08,Default,,0000,0000,0000,,have faced before.
Dialogue: 0,0:27:39.08,0:27:43.53,Default,,0000,0000,0000,,So this book is, well, it describes a lot of the stories
Dialogue: 0,0:27:43.53,0:27:47.53,Default,,0000,0000,0000,,of user experience professionals and the things
Dialogue: 0,0:27:47.53,0:27:52.04,Default,,0000,0000,0000,,that they’ve come up against.
Dialogue: 0,0:27:52.04,0:27:56.19,Default,,0000,0000,0000,,A homework exerciese if you feel like it
Dialogue: 0,0:27:56.19,0:28:00.99,Default,,0000,0000,0000,,is looking at basically analysing who is your user
Dialogue: 0,0:28:00.99,0:28:06.76,Default,,0000,0000,0000,,and where they’re going to use the application.
Dialogue: 0,0:28:06.76,0:28:10.41,Default,,0000,0000,0000,,And also something to think about is
Dialogue: 0,0:28:10.41,0:28:12.65,Default,,0000,0000,0000,,how might you involve your user?
Dialogue: 0,0:28:12.65,0:28:16.89,Default,,0000,0000,0000,,Not just during the usability testing,
Dialogue: 0,0:28:16.89,0:28:21.07,Default,,0000,0000,0000,,but also afterwards.
Dialogue: 0,0:28:21.07,0:28:28.45,Default,,0000,0000,0000,,Now I wanna go into some case\Nstudies of encryption systems.
Dialogue: 0,0:28:28.45,0:28:30.23,Default,,0000,0000,0000,,Now there’s quite a lot, and these are not all,
Dialogue: 0,0:28:30.23,0:28:34.77,Default,,0000,0000,0000,,it’s just a small selection but I wanna focus on three.
Dialogue: 0,0:28:34.77,0:28:40.23,Default,,0000,0000,0000,,I wanna focus at the OpenPGP standard,\NCryptocat and TextSecure.
Dialogue: 0,0:28:40.23,0:28:42.77,Default,,0000,0000,0000,,So, OpenPGP, well …
Dialogue: 0,0:28:42.77,0:28:46.23,Default,,0000,0000,0000,,email is now almost 50 years old,
Dialogue: 0,0:28:46.23,0:28:52.19,Default,,0000,0000,0000,,we have an encryption standard—S/MIME,\Nit is widely used
Dialogue: 0,0:28:52.19,0:28:56.04,Default,,0000,0000,0000,,well, it’s widely usable but it’s not widely used …
Dialogue: 0,0:28:56.04,0:29:03.68,Default,,0000,0000,0000,,and GnuPG is used widely but is not installed by default
Dialogue: 0,0:29:03.68,0:29:09.94,Default,,0000,0000,0000,,and when usability teaches us one thing
Dialogue: 0,0:29:09.94,0:29:14.13,Default,,0000,0000,0000,,it’s that defaults rule.
Dialogue: 0,0:29:14.13,0:29:18.19,Default,,0000,0000,0000,,Because users don’t change defaults.
Dialogue: 0,0:29:18.19,0:29:23.36,Default,,0000,0000,0000,,Now you might ask “Okay,\NPGP is not installed by default,
Dialogue: 0,0:29:23.36,0:29:26.56,Default,,0000,0000,0000,,so is there actually still a future for OpenPGP?”
Dialogue: 0,0:29:26.56,0:29:30.18,Default,,0000,0000,0000,,Well, I’d argue: Yes.\NWe have browser plug-ins
Dialogue: 0,0:29:30.18,0:29:33.06,Default,,0000,0000,0000,,which make it easier for users
Dialogue: 0,0:29:33.06,0:29:37.85,Default,,0000,0000,0000,,JavaScript crypto … I’ll come back to that later …
Dialogue: 0,0:29:37.85,0:29:43.42,Default,,0000,0000,0000,,But when we look at Mailvelope, we see, well,
Dialogue: 0,0:29:43.42,0:29:48.04,Default,,0000,0000,0000,,the EFF scorecard, it has a pretty decent rating
Dialogue: 0,0:29:48.04,0:29:55.79,Default,,0000,0000,0000,,at least compared to that of native PGP implementations.
Dialogue: 0,0:29:55.79,0:29:58.63,Default,,0000,0000,0000,,And also Google has announced and has been working
Dialogue: 0,0:29:58.63,0:30:01.41,Default,,0000,0000,0000,,for quite some time on their own plug-in for
Dialogue: 0,0:30:01.41,0:30:03.38,Default,,0000,0000,0000,,end-to-end encryption.
Dialogue: 0,0:30:03.38,0:30:07.95,Default,,0000,0000,0000,,And Yahoo! is also involved in that.
Dialogue: 0,0:30:07.95,0:30:11.39,Default,,0000,0000,0000,,And after the Snowden revelations there has been
Dialogue: 0,0:30:11.39,0:30:15.01,Default,,0000,0000,0000,,a widespread search in the interest
Dialogue: 0,0:30:15.01,0:30:18.46,Default,,0000,0000,0000,,in encrypted communications
Dialogue: 0,0:30:18.46,0:30:23.32,Default,,0000,0000,0000,,and this is one website where a lot of these are listed.
Dialogue: 0,0:30:23.32,0:30:27.89,Default,,0000,0000,0000,,And one project that I’d especially like to emphasise
Dialogue: 0,0:30:27.89,0:30:31.91,Default,,0000,0000,0000,,is mailpile because I think it looks
Dialogue: 0,0:30:31.91,0:30:35.30,Default,,0000,0000,0000,,like a very interesting approach
Dialogue: 0,0:30:35.30,0:30:37.82,Default,,0000,0000,0000,,whereby the question is:
Dialogue: 0,0:30:37.82,0:30:41.08,Default,,0000,0000,0000,,Can we use OpenPGP as a stepping stone?
Dialogue: 0,0:30:41.08,0:30:46.62,Default,,0000,0000,0000,,OpenPGP is not perfect, meta-data is not protected,
Dialogue: 0,0:30:46.62,0:30:48.30,Default,,0000,0000,0000,,header is not protected, etc.
Dialogue: 0,0:30:48.30,0:30:51.87,Default,,0000,0000,0000,,But maybe when we get people into the ecosystem,
Dialogue: 0,0:30:51.87,0:30:56.17,Default,,0000,0000,0000,,we can try and gradually move\Nthem to more secure options.
Dialogue: 0,0:30:56.17,0:30:58.90,Default,,0000,0000,0000,,Now, what about Cryptocat?
Dialogue: 0,0:30:58.90,0:31:04.07,Default,,0000,0000,0000,,So, Cryptocat’s online chat platform
Dialogue: 0,0:31:04.07,0:31:06.90,Default,,0000,0000,0000,,that … yes … uses JavaScript.
Dialogue: 0,0:31:06.90,0:31:10.91,Default,,0000,0000,0000,,And of course, JavaScript crypto is bad
Dialogue: 0,0:31:10.91,0:31:14.62,Default,,0000,0000,0000,,but it can be made better.
Dialogue: 0,0:31:14.62,0:31:20.16,Default,,0000,0000,0000,,And I think JavaScript crypto is not the worst problem.
Dialogue: 0,0:31:20.16,0:31:22.86,Default,,0000,0000,0000,,Cryptocat had a pretty disastrous problem
Dialogue: 0,0:31:22.86,0:31:26.81,Default,,0000,0000,0000,,whereby all messages that were sent
Dialogue: 0,0:31:26.81,0:31:30.61,Default,,0000,0000,0000,,were pretty easily decryptable.
Dialogue: 0,0:31:30.61,0:31:33.17,Default,,0000,0000,0000,,But actually, this is just history repeating itself
Dialogue: 0,0:31:33.17,0:31:39.09,Default,,0000,0000,0000,,’cause PGP 1.0 used something called BassOmatic,
Dialogue: 0,0:31:39.09,0:31:44.62,Default,,0000,0000,0000,,the BassOmatic cypher which is also pretty weak.
Dialogue: 0,0:31:44.62,0:31:49.51,Default,,0000,0000,0000,,And Cryptocat is improving, which is the important thing.
Dialogue: 0,0:31:49.51,0:31:51.18,Default,,0000,0000,0000,,There is now a browser plug-in and
Dialogue: 0,0:31:51.18,0:31:53.89,Default,,0000,0000,0000,,of course, there’s an app for that and
Dialogue: 0,0:31:53.89,0:31:56.57,Default,,0000,0000,0000,,actually, Cryptocat is doing really, really well
Dialogue: 0,0:31:56.57,0:31:59.28,Default,,0000,0000,0000,,in the EFF benchmarks.
Dialogue: 0,0:31:59.28,0:32:04.54,Default,,0000,0000,0000,,And Cryptocat is asking the one question that a lot
Dialogue: 0,0:32:04.54,0:32:06.66,Default,,0000,0000,0000,,of other applications are not asking, which is:
Dialogue: 0,0:32:06.66,0:32:09.46,Default,,0000,0000,0000,,“How can we actually make crypto fun?”
Dialogue: 0,0:32:09.46,0:32:12.43,Default,,0000,0000,0000,,When you start Cryptocat, there’s noises
Dialogue: 0,0:32:12.43,0:32:15.34,Default,,0000,0000,0000,,and there’s interesting facts about cats
Dialogue: 0,0:32:15.34,0:32:18.76,Default,,0000,0000,0000,,{\i1}Laughter{\i0}
Dialogue: 0,0:32:18.76,0:32:21.25,Default,,0000,0000,0000,,… depends on whether you like cats, but still!
Dialogue: 0,0:32:21.25,0:32:23.45,Default,,0000,0000,0000,,Keeps you busy!
Dialogue: 0,0:32:23.45,0:32:28.99,Default,,0000,0000,0000,,Now, the last case: TextSecure\Nalso has pretty good markings
Dialogue: 0,0:32:28.99,0:32:32.30,Default,,0000,0000,0000,,and actually just like CryptoCat,
Dialogue: 0,0:32:32.30,0:32:35.86,Default,,0000,0000,0000,,the App store distribution model is something that
Dialogue: 0,0:32:35.86,0:32:38.82,Default,,0000,0000,0000,,I think is a valuable one for usability.
Dialogue: 0,0:32:38.82,0:32:41.91,Default,,0000,0000,0000,,It makes it easy to install.
Dialogue: 0,0:32:41.91,0:32:46.05,Default,,0000,0000,0000,,And something that TextSecure is also looking at is
Dialogue: 0,0:32:46.05,0:32:52.18,Default,,0000,0000,0000,,synchronisation options for your address book.
Dialogue: 0,0:32:52.18,0:32:56.98,Default,,0000,0000,0000,,And I think the most interesting development is
Dialogue: 0,0:32:56.98,0:33:00.49,Default,,0000,0000,0000,,on the one side, the CyanogenMod integration,
Dialogue: 0,0:33:00.49,0:33:05.03,Default,,0000,0000,0000,,so that people will have encryption enabled by default.
Dialogue: 0,0:33:05.03,0:33:09.88,Default,,0000,0000,0000,,’Cause as I mentioned: People don’t change defaults.
Dialogue: 0,0:33:09.88,0:33:14.71,Default,,0000,0000,0000,,And this one is a bit more contoversial, but
Dialogue: 0,0:33:14.71,0:33:18.18,Default,,0000,0000,0000,,there’s also the WhatsApp partnership.
Dialogue: 0,0:33:18.18,0:33:21.13,Default,,0000,0000,0000,,And of course people will say “it’s not secure”,
Dialogue: 0,0:33:21.13,0:33:22.96,Default,,0000,0000,0000,,we know, we know,
Dialogue: 0,0:33:22.96,0:33:24.39,Default,,0000,0000,0000,,EFF knows!
Dialogue: 0,0:33:24.39,0:33:28.74,Default,,0000,0000,0000,,But at least, it’s more secure than nothing at all.
Dialogue: 0,0:33:28.74,0:33:31.33,Default,,0000,0000,0000,,Because: Doesn’t every little bit help?
Dialogue: 0,0:33:31.33,0:33:32.68,Default,,0000,0000,0000,,Well, I’d say: yes.
Dialogue: 0,0:33:32.68,0:33:35.59,Default,,0000,0000,0000,,And at least, it’s one stepping stone.
Dialogue: 0,0:33:35.59,0:33:40.11,Default,,0000,0000,0000,,And, well, all of these are open-source,
Dialogue: 0,0:33:40.11,0:33:41.64,Default,,0000,0000,0000,,so you can think for yourself:
Dialogue: 0,0:33:41.64,0:33:45.12,Default,,0000,0000,0000,,How can I improve these?
Dialogue: 0,0:33:45.12,0:33:50.45,Default,,0000,0000,0000,,Now, there’s still some open questions remaining
Dialogue: 0,0:33:50.45,0:33:52.62,Default,,0000,0000,0000,,in the usable security field and in the
Dialogue: 0,0:33:52.62,0:33:56.32,Default,,0000,0000,0000,,wider security field as well.
Dialogue: 0,0:33:56.32,0:33:58.86,Default,,0000,0000,0000,,I won’t go into all of these,
Dialogue: 0,0:33:58.86,0:34:03.21,Default,,0000,0000,0000,,I wanna focus on the issues that developers have,
Dialogue: 0,0:34:03.21,0:34:05.73,Default,,0000,0000,0000,,issues of end user understanding
Dialogue: 0,0:34:05.73,0:34:09.46,Default,,0000,0000,0000,,and of identitiy management.
Dialogue: 0,0:34:09.46,0:34:14.06,Default,,0000,0000,0000,,Because the development environment
Dialogue: 0,0:34:14.06,0:34:18.18,Default,,0000,0000,0000,,there’s the crypto-plumbing problem, some people call it.
Dialogue: 0,0:34:18.18,0:34:20.82,Default,,0000,0000,0000,,How do we standardise on a cryptographic algorithm?
Dialogue: 0,0:34:20.82,0:34:25.25,Default,,0000,0000,0000,,How do we make everyone use the same system?
Dialogue: 0,0:34:25.25,0:34:29.18,Default,,0000,0000,0000,,Because, again, it’s history repeating itself.
Dialogue: 0,0:34:29.18,0:34:35.67,Default,,0000,0000,0000,,With PGP, we had RSA, changed for\NDSA because of patent issues
Dialogue: 0,0:34:35.67,0:34:39.54,Default,,0000,0000,0000,,IDEA changed for CAST5 because of patent issues
Dialogue: 0,0:34:39.54,0:34:41.73,Default,,0000,0000,0000,,and now we have something similar:
Dialogue: 0,0:34:41.73,0:34:43.60,Default,,0000,0000,0000,,’cause for PGP the question is:
Dialogue: 0,0:34:43.60,0:34:45.62,Default,,0000,0000,0000,,Which curve do we choose?
Dialogue: 0,0:34:45.62,0:34:51.09,Default,,0000,0000,0000,,’cause this is from Bernstein, who has got a whole list
Dialogue: 0,0:34:51.09,0:34:56.23,Default,,0000,0000,0000,,of, well not all the curves,\Nbut a large selection of them
Dialogue: 0,0:34:56.23,0:34:57.92,Default,,0000,0000,0000,,analysing the security
Dialogue: 0,0:34:57.92,0:35:01.21,Default,,0000,0000,0000,,but how do you make, well, pretty much
Dialogue: 0,0:35:01.21,0:35:06.46,Default,,0000,0000,0000,,the whole world agree on a single standard?
Dialogue: 0,0:35:06.46,0:35:11.11,Default,,0000,0000,0000,,And also, can we move toward safer languages?
Dialogue: 0,0:35:11.11,0:35:18.27,Default,,0000,0000,0000,,And I’ve been talking about the\Nusability of encryption systems
Dialogue: 0,0:35:18.27,0:35:21.77,Default,,0000,0000,0000,,for users, but what about for developers?
Dialogue: 0,0:35:21.77,0:35:25.77,Default,,0000,0000,0000,,So, API usability, and as I’ve mentioned:
Dialogue: 0,0:35:25.77,0:35:28.00,Default,,0000,0000,0000,,Language usability.
Dialogue: 0,0:35:28.00,0:35:31.64,Default,,0000,0000,0000,,And on top of that, it is not just a technical issue,
Dialogue: 0,0:35:31.64,0:35:34.96,Default,,0000,0000,0000,,because, of course, we secure microchips,
Dialogue: 0,0:35:34.96,0:35:41.56,Default,,0000,0000,0000,,but we also wanna secure social systems.
Dialogue: 0,0:35:41.56,0:35:45.00,Default,,0000,0000,0000,,Because, in principal, we live in an open system,
Dialogue: 0,0:35:45.00,0:35:51.23,Default,,0000,0000,0000,,in an open society and a system cannot audit itself.
Dialogue: 0,0:35:51.23,0:35:55.71,Default,,0000,0000,0000,,So, okay, what do we do, right?\NI don’t know.
Dialogue: 0,0:35:55.71,0:35:58.49,Default,,0000,0000,0000,,I mean, that’s why it’s an open question!
Dialogue: 0,0:35:58.49,0:36:00.97,Default,,0000,0000,0000,,’Cause how de we ensure the authenticity of,
Dialogue: 0,0:36:00.97,0:36:06.30,Default,,0000,0000,0000,,I don’t know, my Intel processor in my lapotp?
Dialogue: 0,0:36:06.30,0:36:07.00,Default,,0000,0000,0000,,How do I know that the
Dialogue: 0,0:36:07.00,0:36:09.09,Default,,0000,0000,0000,,random number generator isn’t bogus?
Dialogue: 0,0:36:09.09,0:36:13.59,Default,,0000,0000,0000,,Well, I know it is, but …\N{\i1}laughter{\i0}
Dialogue: 0,0:36:13.59,0:36:17.14,Default,,0000,0000,0000,,Then, there’s the issue of identity management
Dialogue: 0,0:36:17.14,0:36:19.31,Default,,0000,0000,0000,,related to key management, like
Dialogue: 0,0:36:19.31,0:36:25.33,Default,,0000,0000,0000,,who has the keys to the kingdom?
Dialogue: 0,0:36:25.33,0:36:27.16,Default,,0000,0000,0000,,One approach, as I’ve already mentioned, is
Dialogue: 0,0:36:27.16,0:36:28.76,Default,,0000,0000,0000,,key continuity management.
Dialogue: 0,0:36:28.76,0:36:32.40,Default,,0000,0000,0000,,Whereby we automate both key exchange and
Dialogue: 0,0:36:32.40,0:36:35.52,Default,,0000,0000,0000,,whereby we automate encryption.
Dialogue: 0,0:36:35.52,0:36:38.29,Default,,0000,0000,0000,,So one principle is trust on first use,
Dialogue: 0,0:36:38.29,0:36:43.57,Default,,0000,0000,0000,,whereby, well, one approach will be to attach your key
Dialogue: 0,0:36:43.57,0:36:46.01,Default,,0000,0000,0000,,to any email you send out and anyone who receives
Dialogue: 0,0:36:46.01,0:36:50.02,Default,,0000,0000,0000,,this email just assumes it’s the proper key.
Dialogue: 0,0:36:50.02,0:36:52.82,Default,,0000,0000,0000,,Of course, it’s not fully secure,
Dialogue: 0,0:36:52.82,0:36:56.32,Default,,0000,0000,0000,,but at least, it’s something.
Dialogue: 0,0:36:56.32,0:36:59.11,Default,,0000,0000,0000,,And this is really, I think, the major question
Dialogue: 0,0:36:59.11,0:37:00.81,Default,,0000,0000,0000,,in interoperability:
Dialogue: 0,0:37:00.81,0:37:05.21,Default,,0000,0000,0000,,How do you ensure that you can access your email
Dialogue: 0,0:37:05.21,0:37:08.69,Default,,0000,0000,0000,,from multiple devices?
Dialogue: 0,0:37:08.69,0:37:10.88,Default,,0000,0000,0000,,Now, of course, there is meta-data leakage,
Dialogue: 0,0:37:10.88,0:37:14.23,Default,,0000,0000,0000,,PGP doesn’t protect meta-data,
Dialogue: 0,0:37:14.23,0:37:16.89,Default,,0000,0000,0000,,and, you know, your friendly security agency knows
Dialogue: 0,0:37:16.89,0:37:18.32,Default,,0000,0000,0000,,where you went last summer …
Dialogue: 0,0:37:18.32,0:37:19.30,Default,,0000,0000,0000,,So, what do we do?
Dialogue: 0,0:37:19.30,0:37:23.65,Default,,0000,0000,0000,,We do anonymous routing, we send over tor, but
Dialogue: 0,0:37:23.65,0:37:26.15,Default,,0000,0000,0000,,I mean, how do we roll that out?
Dialogue: 0,0:37:26.15,0:37:27.50,Default,,0000,0000,0000,,I think the approach that
Dialogue: 0,0:37:27.50,0:37:30.24,Default,,0000,0000,0000,,mailpile is trying to do is interesting
Dialogue: 0,0:37:30.24,0:37:33.00,Default,,0000,0000,0000,,and, of course still an open question, but
Dialogue: 0,0:37:33.00,0:37:36.80,Default,,0000,0000,0000,,interesting research nonetheless.
Dialogue: 0,0:37:36.80,0:37:39.05,Default,,0000,0000,0000,,Then there’s the introduction problem of
Dialogue: 0,0:37:39.05,0:37:43.73,Default,,0000,0000,0000,,okay, how, I meet someone here, after the talk,
Dialogue: 0,0:37:43.73,0:37:45.99,Default,,0000,0000,0000,,they tell me who they are,
Dialogue: 0,0:37:45.99,0:37:49.83,Default,,0000,0000,0000,,but either I get their card—which is nice—or
Dialogue: 0,0:37:49.83,0:37:52.26,Default,,0000,0000,0000,,they say what their name is.
Dialogue: 0,0:37:52.26,0:37:55.87,Default,,0000,0000,0000,,But they’re not gonna tell me, they’re not gonna spell out
Dialogue: 0,0:37:55.87,0:37:57.82,Default,,0000,0000,0000,,their fingerprint.
Dialogue: 0,0:37:57.82,0:38:02.40,Default,,0000,0000,0000,,So the idea of Zooko’s triangle is that identifiers
Dialogue: 0,0:38:02.40,0:38:07.63,Default,,0000,0000,0000,,are either human-meaningful,\Nsecure or decentralised.
Dialogue: 0,0:38:07.63,0:38:09.27,Default,,0000,0000,0000,,Pick two.
Dialogue: 0,0:38:09.27,0:38:13.14,Default,,0000,0000,0000,,So here’s some examples of identifiers,
Dialogue: 0,0:38:13.14,0:38:16.27,Default,,0000,0000,0000,,so for Bitcoin: Lots of random garbage.
Dialogue: 0,0:38:16.27,0:38:19.01,Default,,0000,0000,0000,,For OpenPGP: Lots of random garbage
Dialogue: 0,0:38:19.01,0:38:22.33,Default,,0000,0000,0000,,For miniLock: Lots of random garbage
Dialogue: 0,0:38:22.33,0:38:26.39,Default,,0000,0000,0000,,So, I think an interesting research problem is:
Dialogue: 0,0:38:26.39,0:38:29.72,Default,,0000,0000,0000,,Can we actually make these things memorable?
Dialogue: 0,0:38:29.72,0:38:32.20,Default,,0000,0000,0000,,You know, I can memorise email addresses,
Dialogue: 0,0:38:32.20,0:38:34.36,Default,,0000,0000,0000,,I can memorise phone numbers,
Dialogue: 0,0:38:34.36,0:38:39.84,Default,,0000,0000,0000,,I can not memorise these. I can try, but …
Dialogue: 0,0:38:39.84,0:38:45.39,Default,,0000,0000,0000,,Then, the last open question I wanna focus on
Dialogue: 0,0:38:45.39,0:38:48.78,Default,,0000,0000,0000,,is that of end-user understanding.
Dialogue: 0,0:38:48.78,0:38:53.60,Default,,0000,0000,0000,,So of course, we’ll know that all devices are monitored.
Dialogue: 0,0:38:53.60,0:39:00.42,Default,,0000,0000,0000,,But does the average user?
Dialogue: 0,0:39:00.42,0:39:04.75,Default,,0000,0000,0000,,Do they know what worms can do?
Dialogue: 0,0:39:04.75,0:39:09.28,Default,,0000,0000,0000,,Have they read these books?
Dialogue: 0,0:39:09.28,0:39:15.09,Default,,0000,0000,0000,,Do they know where GCHQ is?
Dialogue: 0,0:39:15.09,0:39:20.97,Default,,0000,0000,0000,,Do they know that Cupertino has\Npretty much the same powers?
Dialogue: 0,0:39:20.97,0:39:23.88,Default,,0000,0000,0000,,{\i1}Laughter{\i0}
Dialogue: 0,0:39:23.88,0:39:28.98,Default,,0000,0000,0000,,Do they know they’re living in a panopticon to come?
Dialogue: 0,0:39:28.98,0:39:32.16,Default,,0000,0000,0000,,{\i1}Laughter{\i0}
Dialogue: 0,0:39:32.16,0:39:37.80,Default,,0000,0000,0000,,Do they know that people are\Nkilled based on meta-data?
Dialogue: 0,0:39:37.80,0:39:40.83,Default,,0000,0000,0000,,Well, I think not.
Dialogue: 0,0:39:40.83,0:39:45.55,Default,,0000,0000,0000,,And actually this is a poster from the university
Dialogue: 0,0:39:45.55,0:39:47.07,Default,,0000,0000,0000,,where I did my Master’s
Dialogue: 0,0:39:47.07,0:39:50.94,Default,,0000,0000,0000,,and interestingly enough, it was founded by a guy
Dialogue: 0,0:39:50.94,0:39:56.28,Default,,0000,0000,0000,,who made a fortune selling sugar pills.
Dialogue: 0,0:39:56.28,0:40:02.65,Default,,0000,0000,0000,,You know, snake oil, we also have this in crypto.
Dialogue: 0,0:40:02.65,0:40:06.08,Default,,0000,0000,0000,,And how is the user to know
Dialogue: 0,0:40:06.08,0:40:08.13,Default,,0000,0000,0000,,whether something is secure or not?
Dialogue: 0,0:40:08.13,0:40:10.61,Default,,0000,0000,0000,,Of course, we have the secure messaging scorecard
Dialogue: 0,0:40:10.61,0:40:15.21,Default,,0000,0000,0000,,but can users find these?
Dialogue: 0,0:40:15.21,0:40:21.19,Default,,0000,0000,0000,,Well, I think, there’s three aspects\Nto end-user understanding
Dialogue: 0,0:40:21.19,0:40:24.25,Default,,0000,0000,0000,,which is knowledge acquisition,\Nknowledge transfer,
Dialogue: 0,0:40:24.25,0:40:27.22,Default,,0000,0000,0000,,and the verification updating of this knowledge.
Dialogue: 0,0:40:27.22,0:40:30.95,Default,,0000,0000,0000,,So, as I’ve already mentioned,\Nwe can do dummy-proofing
Dialogue: 0,0:40:30.95,0:40:38.11,Default,,0000,0000,0000,,and we can create transparent systems.
Dialogue: 0,0:40:38.11,0:40:41.16,Default,,0000,0000,0000,,For knowledge transfer, we can
Dialogue: 0,0:40:41.16,0:40:44.40,Default,,0000,0000,0000,,look at appropriate metaphors and design languages.
Dialogue: 0,0:40:44.40,0:40:46.83,Default,,0000,0000,0000,,And for verification we can
Dialogue: 0,0:40:46.83,0:40:50.59,Default,,0000,0000,0000,,try an approach: Choose an advertising.
Dialogue: 0,0:40:50.59,0:40:56.50,Default,,0000,0000,0000,,And, last but not least, we can do user-testing.
Dialogue: 0,0:40:56.50,0:41:02.77,Default,,0000,0000,0000,,Because all these open questions that I’ve described
Dialogue: 0,0:41:02.77,0:41:05.55,Default,,0000,0000,0000,,and all this research that has been done,
Dialogue: 0,0:41:05.55,0:41:11.09,Default,,0000,0000,0000,,I think it’s missing one key issue, which is that
Dialogue: 0,0:41:11.09,0:41:13.64,Default,,0000,0000,0000,,the usability people and the security people
Dialogue: 0,0:41:13.64,0:41:17.48,Default,,0000,0000,0000,,tend not to really talk to one another.
Dialogue: 0,0:41:17.48,0:41:21.44,Default,,0000,0000,0000,,The open-source developers and the users:
Dialogue: 0,0:41:21.44,0:41:23.49,Default,,0000,0000,0000,,Are they talking enough?
Dialogue: 0,0:41:23.49,0:41:26.76,Default,,0000,0000,0000,,I think that’s something, if we want a new dawn,
Dialogue: 0,0:41:26.76,0:41:30.97,Default,,0000,0000,0000,,that’s something that I think we should approach.
Dialogue: 0,0:41:30.97,0:41:35.11,Default,,0000,0000,0000,,Yeah, so, from my side, that’s it.
Dialogue: 0,0:41:35.11,0:41:37.49,Default,,0000,0000,0000,,I’m open for any questions.
Dialogue: 0,0:41:37.49,0:41:49.32,Default,,0000,0000,0000,,{\i1}Applause{\i0}
Dialogue: 0,0:41:49.32,0:41:52.27,Default,,0000,0000,0000,,Herald: Arne, thank you very much for your brilliant talk
Dialogue: 0,0:41:52.27,0:41:55.03,Default,,0000,0000,0000,,Now, if you have any questions to ask, would you please
Dialogue: 0,0:41:55.03,0:41:57.92,Default,,0000,0000,0000,,line up at the microphones in the aisles?!
Dialogue: 0,0:41:57.92,0:42:00.47,Default,,0000,0000,0000,,The others who’d like to leave now,
Dialogue: 0,0:42:00.47,0:42:04.24,Default,,0000,0000,0000,,I’d ask you kindly to please leave very quietly
Dialogue: 0,0:42:04.24,0:42:09.27,Default,,0000,0000,0000,,so we can hear what the people\Nasking questions will tell us.
Dialogue: 0,0:42:09.27,0:42:14.28,Default,,0000,0000,0000,,And those at the microphones,\Nif you could talk slowly,
Dialogue: 0,0:42:14.28,0:42:19.10,Default,,0000,0000,0000,,then those translating have no problems in translating
Dialogue: 0,0:42:19.10,0:42:21.49,Default,,0000,0000,0000,,what is being asked. Thank you very much.
Dialogue: 0,0:42:21.49,0:42:27.46,Default,,0000,0000,0000,,And I think we’ll start with mic #4 on the left-hand side.
Dialogue: 0,0:42:27.46,0:42:32.00,Default,,0000,0000,0000,,Mic#4: Yes, so, if you’ve been to any successful
Dialogue: 0,0:42:32.00,0:42:36.50,Default,,0000,0000,0000,,crypto party, you know that crypto parties very quickly
Dialogue: 0,0:42:36.50,0:42:41.43,Default,,0000,0000,0000,,turn into not about discussing software,\Nhow to use software,
Dialogue: 0,0:42:41.43,0:42:43.78,Default,,0000,0000,0000,,but into threat model discussions.
Dialogue: 0,0:42:43.78,0:42:46.93,Default,,0000,0000,0000,,And to actually get users\Nto think about what they’re
Dialogue: 0,0:42:46.93,0:42:49.42,Default,,0000,0000,0000,,trying to protect themselves for and if a certain
Dialogue: 0,0:42:49.42,0:42:52.71,Default,,0000,0000,0000,,messaging app is secure, that still means nothing.
Dialogue: 0,0:42:52.71,0:42:55.81,Default,,0000,0000,0000,,’Cause there is lots of other stuff that’s going on.
Dialogue: 0,0:42:55.81,0:42:57.24,Default,,0000,0000,0000,,Can you talk a little bit about that and
Dialogue: 0,0:42:57.24,0:43:00.13,Default,,0000,0000,0000,,how that runs into this model about, you know,
Dialogue: 0,0:43:00.13,0:43:02.26,Default,,0000,0000,0000,,how we need to educate users and, while we’re at it,
Dialogue: 0,0:43:02.26,0:43:03.64,Default,,0000,0000,0000,,what we want to educated about.
Dialogue: 0,0:43:03.64,0:43:05.93,Default,,0000,0000,0000,,And what they actually need to be using.
Dialogue: 0,0:43:05.93,0:43:09.64,Default,,0000,0000,0000,,Arne: Well, I think that’s an interesting point
Dialogue: 0,0:43:09.64,0:43:14.21,Default,,0000,0000,0000,,and I think, one issue, one big issue is:
Dialogue: 0,0:43:14.21,0:43:17.18,Default,,0000,0000,0000,,okay, we can throw lots of crypto parties
Dialogue: 0,0:43:17.18,0:43:20.81,Default,,0000,0000,0000,,but we’re never gonna be able to throw enough parties.
Dialogue: 0,0:43:20.81,0:43:22.97,Default,,0000,0000,0000,,I … with one party you’re very lucky
Dialogue: 0,0:43:22.97,0:43:24.61,Default,,0000,0000,0000,,you’re gonna educate 100 people.
Dialogue: 0,0:43:24.61,0:43:28.95,Default,,0000,0000,0000,,I mean, just imagine how many parties\Nyou’d need to throw. Right?
Dialogue: 0,0:43:28.95,0:43:32.98,Default,,0000,0000,0000,,I mean, it’s gonna be a heck of party, but … yeah.
Dialogue: 0,0:43:32.98,0:43:38.73,Default,,0000,0000,0000,,And I think, secondly, the question of threat modeling,
Dialogue: 0,0:43:38.73,0:43:43.00,Default,,0000,0000,0000,,I think, sure, that’s helpful to do, but
Dialogue: 0,0:43:43.00,0:43:47.76,Default,,0000,0000,0000,,I think, users do first need an understanding of,
Dialogue: 0,0:43:47.76,0:43:49.29,Default,,0000,0000,0000,,for example, the email architecture.
Dialogue: 0,0:43:49.29,0:43:51.52,Default,,0000,0000,0000,,Cause, how can they do threat\Nmodeling when they think
Dialogue: 0,0:43:51.52,0:43:55.26,Default,,0000,0000,0000,,that an email magically pops\Nfrom one computer to the next?
Dialogue: 0,0:43:55.26,0:43:59.25,Default,,0000,0000,0000,,I think, that is pretty much impossible.
Dialogue: 0,0:43:59.25,0:44:01.25,Default,,0000,0000,0000,,I hope that …
Dialogue: 0,0:44:01.25,0:44:04.89,Default,,0000,0000,0000,,Herald: Thank you very much, so …\NMicrophone #3, please.
Dialogue: 0,0:44:04.89,0:44:07.44,Default,,0000,0000,0000,,Mic#3: Arne, thank you very much for your talk.
Dialogue: 0,0:44:07.44,0:44:10.43,Default,,0000,0000,0000,,There’s one aspect that I didn’t see in your slides.
Dialogue: 0,0:44:10.43,0:44:13.05,Default,,0000,0000,0000,,And that is the aspect of the language that we use
Dialogue: 0,0:44:13.05,0:44:16.94,Default,,0000,0000,0000,,to describe concepts in PGP—and GPG, for that matter.
Dialogue: 0,0:44:16.94,0:44:19.51,Default,,0000,0000,0000,,And I know that there was a paper last year
Dialogue: 0,0:44:19.51,0:44:21.89,Default,,0000,0000,0000,,about why King George can’t encrypt and
Dialogue: 0,0:44:21.89,0:44:23.96,Default,,0000,0000,0000,,they were trying to propose a new language.
Dialogue: 0,0:44:23.96,0:44:26.11,Default,,0000,0000,0000,,Do you think that such initiatives are worthwile
Dialogue: 0,0:44:26.11,0:44:28.65,Default,,0000,0000,0000,,or are we stuck with this language and should we make
Dialogue: 0,0:44:28.65,0:44:31.72,Default,,0000,0000,0000,,as good use of it as we can?
Dialogue: 0,0:44:31.72,0:44:37.85,Default,,0000,0000,0000,,Arne: I think that’s a good point\Nand actually the question
Dialogue: 0,0:44:37.85,0:44:44.65,Default,,0000,0000,0000,,of “okay, what metaphors do you wanna use?” … I think
Dialogue: 0,0:44:44.65,0:44:46.80,Default,,0000,0000,0000,,we’re pretty much stuck with the language
Dialogue: 0,0:44:46.80,0:44:49.71,Default,,0000,0000,0000,,that we’re using for the moment but
Dialogue: 0,0:44:49.71,0:44:54.13,Default,,0000,0000,0000,,I think it does make sense\Nto go and look into the future
Dialogue: 0,0:44:54.13,0:44:58.29,Default,,0000,0000,0000,,at alternatives models.
Dialogue: 0,0:44:58.29,0:45:00.99,Default,,0000,0000,0000,,Yeah, so I actually wrote a paper that also
Dialogue: 0,0:45:00.99,0:45:04.97,Default,,0000,0000,0000,,goes into that a bit, looking at
Dialogue: 0,0:45:04.97,0:45:08.63,Default,,0000,0000,0000,,the metaphor of handshakes to exchange keys.
Dialogue: 0,0:45:08.63,0:45:09.79,Default,,0000,0000,0000,,So, for example, you could have
Dialogue: 0,0:45:09.79,0:45:15.52,Default,,0000,0000,0000,,an embedded device as a ring or wristband,
Dialogue: 0,0:45:15.52,0:45:19.00,Default,,0000,0000,0000,,it could even be a smartwatch, for that matter.
Dialogue: 0,0:45:19.00,0:45:21.57,Default,,0000,0000,0000,,Could you use that shaking of hands to
Dialogue: 0,0:45:21.57,0:45:24.47,Default,,0000,0000,0000,,build trust-relationships?
Dialogue: 0,0:45:24.47,0:45:29.74,Default,,0000,0000,0000,,And that might be a better\Nmetaphor than key-signing,
Dialogue: 0,0:45:29.74,0:45:31.47,Default,,0000,0000,0000,,webs of trust, etc.
Dialogue: 0,0:45:31.47,0:45:34.56,Default,,0000,0000,0000,,’Cause I think, that is horribly broken
Dialogue: 0,0:45:34.56,0:45:39.99,Default,,0000,0000,0000,,for I mean the concept, trying\Nto explain that to users.
Dialogue: 0,0:45:39.99,0:45:43.43,Default,,0000,0000,0000,,Herald: Thank you. And … at the back in the middle.
Dialogue: 0,0:45:43.43,0:45:44.98,Default,,0000,0000,0000,,Signal angel: Thanks. A question from the internet:
Dialogue: 0,0:45:44.98,0:45:47.00,Default,,0000,0000,0000,,[username?] from the Internet wants to know if you’re
Dialogue: 0,0:45:47.00,0:45:51.84,Default,,0000,0000,0000,,aware of the PEP project, the “pretty easy privacy”
Dialogue: 0,0:45:51.84,0:45:53.06,Default,,0000,0000,0000,,and your opinions on that.
Dialogue: 0,0:45:53.06,0:45:54.71,Default,,0000,0000,0000,,And another question is:
Dialogue: 0,0:45:54.71,0:46:01.52,Default,,0000,0000,0000,,How important is the trust level of the crypto to you?
Dialogue: 0,0:46:01.52,0:46:04.42,Default,,0000,0000,0000,,Arne: Well, yes, actually, there’s this screenshot
Dialogue: 0,0:46:04.42,0:46:09.73,Default,,0000,0000,0000,,of the PEP project in the slides
Dialogue: 0,0:46:09.73,0:46:15.15,Default,,0000,0000,0000,,… in the why WhatsApp is horribly insecure and
Dialogue: 0,0:46:15.15,0:46:18.72,Default,,0000,0000,0000,,of course, I agree, and yeah.
Dialogue: 0,0:46:18.72,0:46:21.68,Default,,0000,0000,0000,,I’ve looked into the PEP project for a bit
Dialogue: 0,0:46:21.68,0:46:24.55,Default,,0000,0000,0000,,and I think, yeah, I think it’s an interesting
Dialogue: 0,0:46:24.55,0:46:28.48,Default,,0000,0000,0000,,approach but I still have to read up on it a bit more.
Dialogue: 0,0:46:28.48,0:46:31.37,Default,,0000,0000,0000,,Then, for the second question,
Dialogue: 0,0:46:31.37,0:46:38.04,Default,,0000,0000,0000,,“how important is the rust in the crypto?”:
Dialogue: 0,0:46:38.04,0:46:41.75,Default,,0000,0000,0000,,I think that’s an important one.
Dialogue: 0,0:46:41.75,0:46:43.22,Default,,0000,0000,0000,,Especially the question of
Dialogue: 0,0:46:43.22,0:46:52.78,Default,,0000,0000,0000,,“how do we build social systems\Nto ensure reliable cryptography?”
Dialogue: 0,0:46:52.78,0:46:56.83,Default,,0000,0000,0000,,So one example is the Advanced\NEncryption Standard competition.
Dialogue: 0,0:46:56.83,0:46:59.56,Default,,0000,0000,0000,,Everyone was free to send in entries,
Dialogue: 0,0:46:59.56,0:47:01.99,Default,,0000,0000,0000,,their design princpiles were open
Dialogue: 0,0:47:01.99,0:47:06.22,Default,,0000,0000,0000,,and this is in complete contrast\Nto the Data Encryption Standard
Dialogue: 0,0:47:06.22,0:47:11.92,Default,,0000,0000,0000,,which, I think, the design princpiles are still Top Secret.
Dialogue: 0,0:47:11.92,0:47:16.29,Default,,0000,0000,0000,,So yeah, I think, the crypto is\Nsomething we need to build on
Dialogue: 0,0:47:16.29,0:47:22.06,Default,,0000,0000,0000,,but, well, actually, the crypto is\Nagain built on other systems
Dialogue: 0,0:47:22.06,0:47:28.04,Default,,0000,0000,0000,,where the trust in these systems\Nis even more important.
Dialogue: 0,0:47:28.04,0:47:30.72,Default,,0000,0000,0000,,Herald: Okay, thank you, microphone #2, please.
Dialogue: 0,0:47:30.72,0:47:34.27,Default,,0000,0000,0000,,Mic#2: Yes, Arne, thank you very\Nmuch for your excellent talk.
Dialogue: 0,0:47:34.27,0:47:37.71,Default,,0000,0000,0000,,I wonder how about what to do with feedback
Dialogue: 0,0:47:37.71,0:47:40.90,Default,,0000,0000,0000,,on usability in open-source software.
Dialogue: 0,0:47:40.90,0:47:42.33,Default,,0000,0000,0000,,So, you publish something on GitHub
Dialogue: 0,0:47:42.33,0:47:44.05,Default,,0000,0000,0000,,and you’re with a group of people
Dialogue: 0,0:47:44.05,0:47:45.45,Default,,0000,0000,0000,,who don’t know each other and
Dialogue: 0,0:47:45.45,0:47:48.09,Default,,0000,0000,0000,,one publishes something,\Nthe other publishes something,
Dialogue: 0,0:47:48.09,0:47:51.35,Default,,0000,0000,0000,,and then: How do we know\Nthis software is usable?
Dialogue: 0,0:47:51.35,0:47:53.66,Default,,0000,0000,0000,,In commercial software, there’s all kind of hooks
Dialogue: 0,0:47:53.66,0:47:55.78,Default,,0000,0000,0000,,on the website, on the app,
Dialogue: 0,0:47:55.78,0:47:59.06,Default,,0000,0000,0000,,to send feedback to the commercial vendor.
Dialogue: 0,0:47:59.06,0:48:02.27,Default,,0000,0000,0000,,But in open-source software,\Nhow do you gather this information?
Dialogue: 0,0:48:02.27,0:48:04.63,Default,,0000,0000,0000,,How do you use it, is there any way to do this
Dialogue: 0,0:48:04.63,0:48:05.89,Default,,0000,0000,0000,,in an anonymised way?
Dialogue: 0,0:48:05.89,0:48:08.59,Default,,0000,0000,0000,,I haven’t seen anything related to this.
Dialogue: 0,0:48:08.59,0:48:11.48,Default,,0000,0000,0000,,Is this one of the reasons why\Nopen-source software is maybe
Dialogue: 0,0:48:11.48,0:48:15.25,Default,,0000,0000,0000,,less usable than commercial software?
Dialogue: 0,0:48:15.25,0:48:19.89,Default,,0000,0000,0000,,Arne: It might be. It might be.
Dialogue: 0,0:48:19.89,0:48:22.60,Default,,0000,0000,0000,,But regarding your question, like, how do you know
Dialogue: 0,0:48:22.60,0:48:29.56,Default,,0000,0000,0000,,whether a commercial software is usable, well,
Dialogue: 0,0:48:29.56,0:48:32.28,Default,,0000,0000,0000,,you … one way is looking at:
Dialogue: 0,0:48:32.28,0:48:34.84,Default,,0000,0000,0000,,Okay, what kind of statistics do you get back?
Dialogue: 0,0:48:34.84,0:48:37.72,Default,,0000,0000,0000,,But if you push out something totally unusable
Dialogue: 0,0:48:37.72,0:48:39.92,Default,,0000,0000,0000,,and then, I mean, you’re going to expect
Dialogue: 0,0:48:39.92,0:48:44.60,Default,,0000,0000,0000,,that the statistics come back looking like shit.
Dialogue: 0,0:48:44.60,0:48:49.83,Default,,0000,0000,0000,,So, the best approach is to\Ndesign usability in from the start.
Dialogue: 0,0:48:49.83,0:48:51.23,Default,,0000,0000,0000,,The same with security.
Dialogue: 0,0:48:51.23,0:48:54.95,Default,,0000,0000,0000,,And I think, that is also …\Nso even if you have …
Dialogue: 0,0:48:54.95,0:48:58.67,Default,,0000,0000,0000,,you want privacy for end users, I think it’s still possible
Dialogue: 0,0:48:58.67,0:49:01.53,Default,,0000,0000,0000,,to get people into their lab and look at:
Dialogue: 0,0:49:01.53,0:49:03.27,Default,,0000,0000,0000,,Okay, how are they using the system?
Dialogue: 0,0:49:03.27,0:49:05.76,Default,,0000,0000,0000,,What things can we improve?
Dialogue: 0,0:49:05.76,0:49:08.29,Default,,0000,0000,0000,,And what things are working well?
Dialogue: 0,0:49:08.29,0:49:10.74,Default,,0000,0000,0000,,Mic#2: So you’re saying, you should only publish
Dialogue: 0,0:49:10.74,0:49:19.01,Default,,0000,0000,0000,,open-source software for users\Nif you also tested in a lab?
Dialogue: 0,0:49:19.01,0:49:22.60,Default,,0000,0000,0000,,Arne: Well, I think, this is a bit of a discussion of:
Dialogue: 0,0:49:22.60,0:49:25.74,Default,,0000,0000,0000,,Do we just allow people to build\Nhouses however they want to
Dialogue: 0,0:49:25.74,0:49:28.41,Default,,0000,0000,0000,,or do we have building codes?
Dialogue: 0,0:49:28.41,0:49:32.13,Default,,0000,0000,0000,,And … I think … well, actually, this proposal of holding
Dialogue: 0,0:49:32.13,0:49:35.73,Default,,0000,0000,0000,,software developers responsible for what they produce,
Dialogue: 0,0:49:35.73,0:49:40.30,Default,,0000,0000,0000,,if it’s commercial software, I mean,\Nthat proposal has been
Dialogue: 0,0:49:40.30,0:49:41.97,Default,,0000,0000,0000,,made a long time ago.
Dialogue: 0,0:49:41.97,0:49:43.13,Default,,0000,0000,0000,,And the question is:
Dialogue: 0,0:49:43.13,0:49:47.95,Default,,0000,0000,0000,,How would that work in an\Nopen-source software community?
Dialogue: 0,0:49:47.95,0:49:50.46,Default,,0000,0000,0000,,Well, actually, I don’t have an answer to that.
Dialogue: 0,0:49:50.46,0:49:52.66,Default,,0000,0000,0000,,But I think, it’s an interesting question.
Dialogue: 0,0:49:52.66,0:49:54.49,Default,,0000,0000,0000,,Mic#2: Thank you.
Dialogue: 0,0:49:54.49,0:49:57.99,Default,,0000,0000,0000,,Herald: Thank you very much. #1, please.
Dialogue: 0,0:49:57.99,0:50:01.13,Default,,0000,0000,0000,,Mic#1: You said that every little bit helps,
Dialogue: 0,0:50:01.13,0:50:04.04,Default,,0000,0000,0000,,so if we have systems that\Ndon’t provide a lot of … well …
Dialogue: 0,0:50:04.04,0:50:06.68,Default,,0000,0000,0000,,are almost insecure, they\Nprovide just a bit of security, than
Dialogue: 0,0:50:06.68,0:50:09.87,Default,,0000,0000,0000,,that is still better than no security.
Dialogue: 0,0:50:09.87,0:50:12.97,Default,,0000,0000,0000,,My question is: Isn’t that actually worse because
Dialogue: 0,0:50:12.97,0:50:15.15,Default,,0000,0000,0000,,this promotes a false sense of security and
Dialogue: 0,0:50:15.15,0:50:19.92,Default,,0000,0000,0000,,that makes people just use\Nthe insecure broken systems
Dialogue: 0,0:50:19.92,0:50:23.56,Default,,0000,0000,0000,,just to say “we have some security with us”?
Dialogue: 0,0:50:23.56,0:50:26.21,Default,,0000,0000,0000,,Arne: I completely agree but
Dialogue: 0,0:50:26.21,0:50:29.34,Default,,0000,0000,0000,,I think that currently people … I mean …
Dialogue: 0,0:50:29.34,0:50:30.92,Default,,0000,0000,0000,,when you think an email goes
Dialogue: 0,0:50:30.92,0:50:33.68,Default,,0000,0000,0000,,from one system to the other directly
Dialogue: 0,0:50:33.68,0:50:40.92,Default,,0000,0000,0000,,and I mean … from these studies\Nthat I’ve done, I’ve met
Dialogue: 0,0:50:40.92,0:50:46.06,Default,,0000,0000,0000,,quite some people who still think email is secure.
Dialogue: 0,0:50:46.06,0:50:49.59,Default,,0000,0000,0000,,So, of course, you might give\Nthem a false sense of security
Dialogue: 0,0:50:49.59,0:50:52.64,Default,,0000,0000,0000,,when you give them a\Nmore secure program but
Dialogue: 0,0:50:52.64,0:50:54.48,Default,,0000,0000,0000,,at least it’s more secure than email—right?
Dialogue: 0,0:50:54.48,0:50:56.07,Default,,0000,0000,0000,,I mean …
Dialogue: 0,0:50:56.07,0:50:57.34,Default,,0000,0000,0000,,Mic#1: Thank you.
Dialogue: 0,0:50:57.34,0:50:59.52,Default,,0000,0000,0000,,Herald: Thank you. There’s another\Nquestion on the Internet.
Dialogue: 0,0:50:59.52,0:51:02.56,Default,,0000,0000,0000,,Signal angel: Yes, thank you. Question from the Internet:
Dialogue: 0,0:51:02.56,0:51:06.20,Default,,0000,0000,0000,,What crypto would you finally\Nrecommend your grandma to use?
Dialogue: 0,0:51:06.20,0:51:10.26,Default,,0000,0000,0000,,Arne: {\i1}laughs{\i0}
Dialogue: 0,0:51:10.26,0:51:15.50,Default,,0000,0000,0000,,Well … Unfortunately, my grandma\Nhas already passed away.
Dialogue: 0,0:51:15.50,0:51:19.52,Default,,0000,0000,0000,,I mean … her secrets will be safe …
Dialogue: 0,0:51:27.42,0:51:32.03,Default,,0000,0000,0000,,Actually, I think something like where
Dialogue: 0,0:51:32.03,0:51:37.35,Default,,0000,0000,0000,,Crypto is enabled by default, say …\NiMessage, I mean
Dialogue: 0,0:51:37.35,0:51:42.06,Default,,0000,0000,0000,,of course, there’s backdoors,\Netc., but at least
Dialogue: 0,0:51:42.06,0:51:45.34,Default,,0000,0000,0000,,it is more secure than plain SMS.
Dialogue: 0,0:51:45.34,0:51:53.25,Default,,0000,0000,0000,,So I would advise my grandma\Nto use … well, to look at …
Dialogue: 0,0:51:53.25,0:51:56.29,Default,,0000,0000,0000,,actually I’d first analyse\Nwhat does she have available
Dialogue: 0,0:51:56.29,0:51:58.88,Default,,0000,0000,0000,,and then I would look at okay\Nwhich is the most secure
Dialogue: 0,0:51:58.88,0:52:03.68,Default,,0000,0000,0000,,and still usable?
Dialogue: 0,0:52:03.68,0:52:07.34,Default,,0000,0000,0000,,Herald: Thank you very much, so mic #3, please.
Dialogue: 0,0:52:07.34,0:52:10.88,Default,,0000,0000,0000,,Mic#3: So, just wondering:
Dialogue: 0,0:52:10.88,0:52:14.95,Default,,0000,0000,0000,,You told that there is\Na problem with the missing
Dialogue: 0,0:52:14.95,0:52:20.33,Default,,0000,0000,0000,,default installation of GPG\Non operating systems but
Dialogue: 0,0:52:20.33,0:52:24.89,Default,,0000,0000,0000,,I think, this is more of a\Nproblem of which OS you choose
Dialogue: 0,0:52:24.89,0:52:28.22,Default,,0000,0000,0000,,because at least I don’t\Nknow any Linux system which
Dialogue: 0,0:52:28.22,0:52:33.60,Default,,0000,0000,0000,,doesn’t have GPG installed today by default.
Dialogue: 0,0:52:33.60,0:52:39.54,Default,,0000,0000,0000,,If you use … at least I’ve used\Nthe normal workstation setup.
Dialogue: 0,0:52:39.54,0:52:42.55,Default,,0000,0000,0000,,Arne: Yes, I think you already\Nanswered your own question:
Dialogue: 0,0:52:42.55,0:52:47.23,Default,,0000,0000,0000,,Linux.\N{\i1}Laughter{\i0}
Dialogue: 0,0:52:47.23,0:52:50.69,Default,,0000,0000,0000,,Unfortunately, Linux is not yet widely default.
Dialogue: 0,0:52:50.69,0:52:53.27,Default,,0000,0000,0000,,I mean, I’d love it to be, but … yeah.
Dialogue: 0,0:52:53.27,0:52:57.73,Default,,0000,0000,0000,,Mic#3: But if I send an email to Microsoft and say:
Dialogue: 0,0:52:57.73,0:53:02.54,Default,,0000,0000,0000,,Well, install GPG by default, they’re not gonna
Dialogue: 0,0:53:02.54,0:53:04.15,Default,,0000,0000,0000,,listen to me.
Dialogue: 0,0:53:04.15,0:53:07.53,Default,,0000,0000,0000,,And I think, for all of us, we should do
Dialogue: 0,0:53:07.53,0:53:08.74,Default,,0000,0000,0000,,a lot more of that.
Dialogue: 0,0:53:08.74,0:53:13.78,Default,,0000,0000,0000,,Even if Microsoft is the devil for most of us.
Dialogue: 0,0:53:13.78,0:53:15.61,Default,,0000,0000,0000,,Thank you.
Dialogue: 0,0:53:15.61,0:53:19.60,Default,,0000,0000,0000,,Arne: Well … We should be doing more of what?
Dialogue: 0,0:53:19.60,0:53:26.43,Default,,0000,0000,0000,,Mic#3: Making more demands\Nto integrate GPG by default
Dialogue: 0,0:53:26.43,0:53:29.21,Default,,0000,0000,0000,,in Microsoft products, for example.
Dialogue: 0,0:53:29.21,0:53:31.06,Default,,0000,0000,0000,,Arne: Yes, I completely agree.
Dialogue: 0,0:53:31.06,0:53:33.87,Default,,0000,0000,0000,,Well, what you already see happening …
Dialogue: 0,0:53:33.87,0:53:36.14,Default,,0000,0000,0000,,or I mean, it’s not very high-profile yet,
Dialogue: 0,0:53:36.14,0:53:39.02,Default,,0000,0000,0000,,but for example I mean … I’ve refered to
Dialogue: 0,0:53:39.02,0:53:42.70,Default,,0000,0000,0000,,the EFF scorecard a couple of times but
Dialogue: 0,0:53:42.70,0:53:49.75,Default,,0000,0000,0000,,that is some pressure to encourage developers
Dialogue: 0,0:53:49.75,0:53:53.01,Default,,0000,0000,0000,,to include security by default.
Dialogue: 0,0:53:53.01,0:53:56.94,Default,,0000,0000,0000,,But, I think I’ve also mentioned, one of the big problems
Dialogue: 0,0:53:56.94,0:54:01.05,Default,,0000,0000,0000,,is: users at the moment … I mean …
Dialogue: 0,0:54:01.05,0:54:04.08,Default,,0000,0000,0000,,developers might say: my system is secure.
Dialogue: 0,0:54:04.08,0:54:06.55,Default,,0000,0000,0000,,I mean … what does that mean?
Dialogue: 0,0:54:06.55,0:54:09.51,Default,,0000,0000,0000,,Do we hold developers and\Ncommercial entities …
Dialogue: 0,0:54:09.51,0:54:12.34,Default,,0000,0000,0000,,do we hold them to, well,
Dialogue: 0,0:54:12.34,0:54:14.04,Default,,0000,0000,0000,,truthful advertisting standards or not?
Dialogue: 0,0:54:14.04,0:54:17.20,Default,,0000,0000,0000,,I mean, I would say: Let’s gonna look at
Dialogue: 0,0:54:17.20,0:54:21.29,Default,,0000,0000,0000,,what are companies claiming and
Dialogue: 0,0:54:21.29,0:54:22.85,Default,,0000,0000,0000,,do they actually stand up to that?
Dialogue: 0,0:54:22.85,0:54:26.08,Default,,0000,0000,0000,,And if not: Can we actually sue them?
Dialogue: 0,0:54:26.08,0:54:27.72,Default,,0000,0000,0000,,Can we make them tell the truth about
Dialogue: 0,0:54:27.72,0:54:30.76,Default,,0000,0000,0000,,what is happening and what is not?
Dialogue: 0,0:54:30.76,0:54:32.96,Default,,0000,0000,0000,,Herald: So, we’ve got about 2 more minutes left …
Dialogue: 0,0:54:32.96,0:54:37.05,Default,,0000,0000,0000,,So it’s a maximum of two more questions, #2, please.
Dialogue: 0,0:54:37.05,0:54:43.44,Default,,0000,0000,0000,,Mic#2: Yeah, so … Every security system fails.
Dialogue: 0,0:54:43.44,0:54:50.01,Default,,0000,0000,0000,,So I’m interested in what sort of work has been done on
Dialogue: 0,0:54:50.01,0:54:56.100,Default,,0000,0000,0000,,how do users recover from failure?
Dialogue: 0,0:54:56.100,0:55:00.66,Default,,0000,0000,0000,,Everything will get subverted,
Dialogue: 0,0:55:00.66,0:55:04.19,Default,,0000,0000,0000,,your best firend will sneak\Nyour key off your computer,
Dialogue: 0,0:55:04.19,0:55:06.10,Default,,0000,0000,0000,,something will go wrong with that, you know …
Dialogue: 0,0:55:06.10,0:55:09.51,Default,,0000,0000,0000,,your kids will grab it …
Dialogue: 0,0:55:09.51,0:55:13.45,Default,,0000,0000,0000,,and just, is there, in general, has somebody looked at
Dialogue: 0,0:55:13.45,0:55:17.00,Default,,0000,0000,0000,,these sorts of issues?
Dialogue: 0,0:55:17.00,0:55:18.56,Default,,0000,0000,0000,,Is there research on it?
Dialogue: 0,0:55:18.56,0:55:21.93,Default,,0000,0000,0000,,Arne: Of various aspects of the problem but
Dialogue: 0,0:55:21.93,0:55:25.64,Default,,0000,0000,0000,,as far as I’m aware not for the general issue
Dialogue: 0,0:55:25.64,0:55:30.17,Default,,0000,0000,0000,,and not any field studies specifically looking at
Dialogue: 0,0:55:30.17,0:55:34.27,Default,,0000,0000,0000,,“Okay, what happens when a key is compromised, etc.”
Dialogue: 0,0:55:34.27,0:55:37.52,Default,,0000,0000,0000,,I mean, we do have certain cases of things happening
Dialogue: 0,0:55:37.52,0:55:41.79,Default,,0000,0000,0000,,but nothing structured.
Dialogue: 0,0:55:41.79,0:55:44.72,Default,,0000,0000,0000,,No structured studies, as far as I’m aware.
Dialogue: 0,0:55:44.72,0:55:46.81,Default,,0000,0000,0000,,Herald: Thank you. #3?
Dialogue: 0,0:55:46.81,0:55:51.54,Default,,0000,0000,0000,,Mic#3: Yeah, you mentioned\Nmailpile as a stepping stone
Dialogue: 0,0:55:51.54,0:55:56.38,Default,,0000,0000,0000,,for people to start using GnuPG and stuff, but
Dialogue: 0,0:55:56.38,0:56:04.82,Default,,0000,0000,0000,,you also talked about an\Naverage user seeing mail as just
Dialogue: 0,0:56:04.82,0:56:08.79,Default,,0000,0000,0000,,coming from one place and\Nthen ending up in another place.
Dialogue: 0,0:56:08.79,0:56:12.25,Default,,0000,0000,0000,,Shouldn’t we actually talk about
Dialogue: 0,0:56:12.25,0:56:17.88,Default,,0000,0000,0000,,how to make encryption transparent for the users?
Dialogue: 0,0:56:17.88,0:56:21.43,Default,,0000,0000,0000,,Why should they actually care about these things?
Dialogue: 0,0:56:21.43,0:56:24.98,Default,,0000,0000,0000,,Shouldn’t it be embedded in the protocols?
Dialogue: 0,0:56:24.98,0:56:28.87,Default,,0000,0000,0000,,Shouldn’t we actually talk about\Nembedding them in the protocols,
Dialogue: 0,0:56:28.87,0:56:31.51,Default,,0000,0000,0000,,stop using unsecure protocols
Dialogue: 0,0:56:31.51,0:56:36.11,Default,,0000,0000,0000,,and having all of these,\Nyou talked a little bit about it,
Dialogue: 0,0:56:36.11,0:56:38.72,Default,,0000,0000,0000,,as putting it in the defaults.
Dialogue: 0,0:56:38.72,0:56:42.55,Default,,0000,0000,0000,,But shouldn’t we emphasise that a lot more?
Dialogue: 0,0:56:42.55,0:56:46.73,Default,,0000,0000,0000,,Arne: Yeah, I think we should\Ncertainly be working towards
Dialogue: 0,0:56:46.73,0:56:50.20,Default,,0000,0000,0000,,“How do we get security by default?”
Dialogue: 0,0:56:50.20,0:56:54.27,Default,,0000,0000,0000,,But I think … I’ve mentioned it shortly that
Dialogue: 0,0:56:54.27,0:56:57.52,Default,,0000,0000,0000,,making things transparent also has a danger.
Dialogue: 0,0:56:57.52,0:57:01.00,Default,,0000,0000,0000,,I mean, this whole, it’s a bit like …
Dialogue: 0,0:57:01.00,0:57:03.38,Default,,0000,0000,0000,,a system should be transparent is a bit like
Dialogue: 0,0:57:03.38,0:57:05.88,Default,,0000,0000,0000,,marketing speak, because actually
Dialogue: 0,0:57:05.88,0:57:09.14,Default,,0000,0000,0000,,we don’t want systems to be completely transparent,
Dialogue: 0,0:57:09.14,0:57:13.43,Default,,0000,0000,0000,,’cause we also wanna be able\Nto engage with the systems.
Dialogue: 0,0:57:13.43,0:57:16.41,Default,,0000,0000,0000,,Are the systems working as they should be?
Dialogue: 0,0:57:16.41,0:57:20.38,Default,,0000,0000,0000,,So, I mean, this is a difficult balance to find, but yeah …
Dialogue: 0,0:57:20.38,0:57:24.73,Default,,0000,0000,0000,,Something that you achieve through usability studies,
Dialogue: 0,0:57:24.73,0:57:29.07,Default,,0000,0000,0000,,security analysis, etc.
Dialogue: 0,0:57:29.07,0:57:31.45,Default,,0000,0000,0000,,Herald: All right, Arne,\Nthank you very much for giving
Dialogue: 0,0:57:31.45,0:57:33.64,Default,,0000,0000,0000,,us your very inspiring talk,
Dialogue: 0,0:57:33.64,0:57:36.01,Default,,0000,0000,0000,,thank you for sharing your information with us.
Dialogue: 0,0:57:36.01,0:57:38.48,Default,,0000,0000,0000,,Please give him a round of applause.
Dialogue: 0,0:57:38.48,0:57:41.32,Default,,0000,0000,0000,,Thank you very much.\N{\i1}applause{\i0}
Dialogue: 0,0:57:41.32,0:57:52.00,Default,,0000,0000,0000,,subtitles created by c3subtitles.de\NJoin, and help us!