[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A couple of questions and concerns about Emacs network security

From: Perry E. Metzger
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Fri, 6 Jul 2018 14:48:13 -0400

On Fri, 6 Jul 2018 19:06:29 +0100 Jimmy Yuen Ho Wong
<address@hidden> wrote:
> I disagree that prompting for pretty much every TLS connection is a
> good idea. In security circles these days, there's such a thing
> known as "security fatigue". Overly troublesome security measure
> that don't take human psychology into account will lead to
> numbness. A side effect of that is users will simply start ignoring
> security warnings like they skip reading iTunes's EULA. This is an
> adverse unintended consequence that achieves the opposite of what
> we want to do here.

This is an incredibly important point.

Users cannot meaningfully make decision after decision after decision
without burning out and ceasing to have any real sense of what
they're doing. The published studies say people start clicking
through regardless of the warnings after a while. This is one of the
reasons that browsers like Firefox now no longer provide so many
decision points for users.

There's nothing wrong with letting users customize policies in
their .emacs file, but constantly prompting people to make decisions
based on little information is not really workable.

Perry E. Metzger                address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]