Successful experiment boosting the number of users using OpenPGP verification for file download

adrelanos adrelanos at riseup.net
Wed Jul 31 19:30:29 CEST 2013


Hi!

I hope you are interested in the results of a little experiment.

Q: How many users downloaded OpenPGP signatures with the old design of
download page? (You can see the design here: [1] [2])

A: 1 in ~30 users.

Q: How many users downloaded OpenPGP signatures after adding a colored
download table, which indicates, that http downloads without OpenPGP
verification is the least secure method, to the download page? (You can
see the design here: [3])

A: 1 in ~11 users.

Note: This is only an approximation. No experiment meeting scientific
standards. However, while the number of downloads didn't decrease, the
number of signature downloads significantly increased. Which is a good
thing, isn't it? Downloading a signature doesn't imply, the user
successfully managed to use OpenPGP verification or that the user
couldn't be tricked or just ignored an invalid signature error message.

You can get some more information and more detailed statistics here: [5] [6]

This is also a follow up to: "[liberationtech] secure download tool -
doesn't exist?!?" [4]

Cheers,
adrelanos

Footnotes:

[1] http://www.webcitation.org/6IWk5h4E9
[2] Please ignore the "Moved to https://www.whonix.org" part. That
snapshot has been forgotten and made later. Nevertheless it gives an
impression how the old download page looked like.)
[3] http://www.webcitation.org/6IWk5h4E9
[4]
https://mailman.stanford.edu/pipermail/liberationtech/2013-July/009625.html
[5] https://whonix.org/wiki/Dev/Download_Statistics
[6] http://www.webcitation.org/6IWlyqokZ



More information about the Gnupg-users mailing list