Web of Trust itself is the problem

Mark H. Wood mwood at IUPUI.Edu
Tue Jan 12 15:48:52 CET 2010

On Sun, Jan 10, 2010 at 11:37:12PM -0500, Robert J. Hansen wrote:
> A few years ago a fellow grad student of mine, Peter Likarish, developed
> a really cool anti-phishing technology.

[but test subjects didn't react to the warning]

> Peter's hypothesis was that Flash ads are to blame.  Users have become
> conditioned to having Flash ads appear on the screen, take over real
> estate, and so on.  Therefore, users were subconsciously filtering out
> this big red alert bar and it was never percolating up to the conscious
> level where users could make an informed decision about the risks.

Yes indeedy.  Those ad.s appear at the top of the page (and elsewhere,
but there's *always* one at the top).  We're rigorously trained every
day to ignore stuff at the top of the page that doesn't look like what
we expected.  Maybe he should try a bar across the *middle* of the
window, or a diagonal, or alpha-blend a red overcast onto the entire

Still, it's another technology-intractable problem.  If people cared,
they would train themselves to look for trouble indicators, like
scanning the dashboard from time to time for problems with speed,
fuel, temperature, etc.  We're trained to operate motor vehicles, but
not to operate browsers or MUAs.  ("It's intuitive!"  Not.)  And
meanwhile the world is training us that it is vitally important to our
sanity and the defense of our time to learn to detect and ignore
things that we don't care about.

I think that technology can't help this as much as would knowing why
we want some technology.  People who feel a need will look for tools
to deal with it; people who feel no need will ignore the finest tools.

Mark H. Wood, Lead System Programmer   mwood at IUPUI.Edu
Friends don't let friends publish revisable-form documents.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: </pipermail/attachments/20100112/3d0406d9/attachment.pgp>

More information about the Gnupg-users mailing list