UI terminology for calculated validities

arne renkema-padmos arne at secuso.org
Sun Apr 27 15:14:16 CEST 2014

> On 23 apr. 2014, at 05:23, Peter Lebbing <peter at digitalbrains.com> wrote:
> But I don't see why we need to drop the term ownertrust for that. Sometimes you
> need to pick a descriptive identifier for something and then define what it
> exactly means; it happens all the time in science.

Let's take an example from statistics: take the term "significance". It has a well defined meaning for statisticians. When they talk about higher and lower significance they are not talking about increases in effect size. However, in common English the two are often confused. Defining a term precisely in science can help a community of peers communicate more succinctly and clearly, if a sufficient proportion subscribes to the same notions of what the words mean.

Of course you can start defining new terms, and they might be helpful when discussing things with more expert users. However, for novice users it might cause more confusion than clarification. To find out you'll need to go and test this with novices.

Either way, as already mentioned in previous messages in the thread, often there is a trade-off between security and usability. If the goal is attracting more users, then a focus on an insecure but still more secure alternative than plaintext email may be the way to go, e.g. Opportunistic encryption. As users grow more expert they might want to transition to more secure alternatives.

It might very well be that GPG is not the place to do these things, and that they could happen at the higher-level tools that rely on GPG. However, standardisation will be problematic in that case. Instead of trying to find terminology to magically clarify a very complex model to end-users (that are concerned mostly with just wanting to send an email) what about defining GPG-lite that provides good-enough-privacy. This could be tested for "intuitiveness" (familiarity) through user studies.


Arne Renkema-Padmos
PhD student, TU Darmstadt
arne at secuso.org, @hcisec

More information about the Gnupg-users mailing list