[ciphershed] Re: Introduction
- From: "Alain Forget" <aforget@xxxxxxx>
- To: <ciphershed@xxxxxxxxxxxxx>
- Date: Tue, 10 Jun 2014 11:20:19 -0400
"Usable security and privacy" is exactly what it sounds like; designing and
developing systems that are secure and/or private without compromising
usability. The most applicable example is that we could design the best
successor ever to TrueCrypt, with all the code source and compilation/building
accountability, FOSS licensing, reliable and trusted encryption algorithms and
everything...but if we, those on the project, are the only people who can use
it and contribute to it, then what good is it?
Usable security and privacy basically bridges human-computer interaction
methodologies and understanding of users' workflows, mental models, and so on,
and adapts and applies them in the security and privacy context, because like
any application feature, if it's not usable, it's basically useless.
Alain
-----Original Message-----
From: ciphershed-bounce@xxxxxxxxxxxxx [mailto:ciphershed-bounce@xxxxxxxxxxxxx]
On Behalf Of Stephen R Guglielmo
Sent: Tuesday, June 10, 2014 11:00
To: ciphershed@xxxxxxxxxxxxx
Subject: [ciphershed] Re: Introduction
On Tue, Jun 10, 2014 at 10:46 AM, Alain Forget <aforget@xxxxxxx> wrote:
> Hi all,
>
> I may as well introduce myself as well. I am currently a usable security and
> privacy researcher at Carnegie Mellon University. I haven't done much work in
> cryptography, but I and many in my field trust and strongly value TrueCrypt,
> so there is personal and professional interest in seeing TrueCrypt continue
> and be secure, reliable, and usable.
>
> While I can't promise I'll have many cycles in the short-term for tangible
> contributions, I can be at your disposal for a usable security and privacy
> perspective on whatever aspects of the project. If TrueCrypt (or whatever it
> ultimately becomes) is to be widely-adopted by the public, it needs to be
> usable by them. While TrueCrypt is/was by far the most usable encryption
> solution I've known of, I still think it needs more work to be easily
> understandable to and usable by typical end-users.
>
> In the future, I may have more resources to devote to this endeavour,
> including code contributions, usability analyses and studies, and (hopefully)
> research publications, which would increase awareness of (and potentially
> buy-in and additional contributions to) this project to the research
> community (which includes academics, professionals, and government parties).
>
> Alain
Carnegie Mellon! Oh, how I wish I could afford you! Haha :-) I'm just
down the road (well, a few hours).
It's very reassuring to have support from a university! I'm curious as
to what consists of "usable security and privacy." We have a few
crypto guys right now, but no one to do usability studies or any type
of researching backing the algorithms used. This will be very useful
down the line!
Thank you for the introduction and welcome!
Other related posts:
