"Usable security and privacy" is exactly what it sounds like; designing and developing systems that are secure and/or private without compromising usability. The most applicable example is that we could design the best successor ever to TrueCrypt, with all the code source and compilation/building accountability, FOSS licensing, reliable and trusted encryption algorithms and everything...but if we, those on the project, are the only people who can use it and contribute to it, then what good is it? Usable security and privacy basically bridges human-computer interaction methodologies and understanding of users' workflows, mental models, and so on, and adapts and applies them in the security and privacy context, because like any application feature, if it's not usable, it's basically useless. Alain -----Original Message----- From: ciphershed-bounce@xxxxxxxxxxxxx [mailto:ciphershed-bounce@xxxxxxxxxxxxx] On Behalf Of Stephen R Guglielmo Sent: Tuesday, June 10, 2014 11:00 To: ciphershed@xxxxxxxxxxxxx Subject: [ciphershed] Re: Introduction On Tue, Jun 10, 2014 at 10:46 AM, Alain Forget <aforget@xxxxxxx> wrote: > Hi all, > > I may as well introduce myself as well. I am currently a usable security and > privacy researcher at Carnegie Mellon University. I haven't done much work in > cryptography, but I and many in my field trust and strongly value TrueCrypt, > so there is personal and professional interest in seeing TrueCrypt continue > and be secure, reliable, and usable. > > While I can't promise I'll have many cycles in the short-term for tangible > contributions, I can be at your disposal for a usable security and privacy > perspective on whatever aspects of the project. If TrueCrypt (or whatever it > ultimately becomes) is to be widely-adopted by the public, it needs to be > usable by them. While TrueCrypt is/was by far the most usable encryption > solution I've known of, I still think it needs more work to be easily > understandable to and usable by typical end-users. > > In the future, I may have more resources to devote to this endeavour, > including code contributions, usability analyses and studies, and (hopefully) > research publications, which would increase awareness of (and potentially > buy-in and additional contributions to) this project to the research > community (which includes academics, professionals, and government parties). > > Alain Carnegie Mellon! Oh, how I wish I could afford you! Haha :-) I'm just down the road (well, a few hours). It's very reassuring to have support from a university! I'm curious as to what consists of "usable security and privacy." We have a few crypto guys right now, but no one to do usability studies or any type of researching backing the algorithms used. This will be very useful down the line! Thank you for the introduction and welcome!