Re: A couple of questions and concerns about Emacs network security

[Eli Zaretskii]

> Date: Sat, 7 Jul 2018 08:18:33 -0400
> From: "Perry E. Metzger" <address@hidden>
> Cc: Eli Zaretskii <address@hidden>, address@hidden, address@hidden,
>       address@hidden, address@hidden
> 
> There is ample evidence that people in such situations rarely if ever
> understand what the right thing to do is.

That doesn't necessarily mean we need to assume none of them will
understand that, if the considerations are explained in clear terms
that can be mapped to the user's environment.

> There's also another issue we've discovered: at one time, people
> believed having software provide "levels" of security made sense,but
> we now understand based on bitter experience that everyone, whether
> their greatest threat is unimportant or whether their greatest threat
> is a nation state, uses the same software and same default settings
> 99% of the time, so software needs to be built with the needs of
> people under threat in mind.

I don't see how this is relevant, since we are talking about just one
piece of software: Emacs.  For the purposes of this discussion,
whether they use the same browsers or different ones, because we are
not discussing those browsers.

And my personal experience definitely contradicts your "everyone"
claim: e.g., my home network is set up with several non-default
defenses, and so is my smartphone.  Why should we assume a significant
part of Emacs users is in the "everyone" camp?  They did choose to use
Emacs, didn't they?

> And let me repeat, there's excellent field evidence that
> people under threat generally have no technical expertise to make
> serious security decisions, and that includes people with programming
> backgrounds.

You are entitled to your opinions, but I don't agree that we should
design our defaults based on the assumption that we cannot expect our
users to make informed decisions.  I expect that much from Emacs
developers, and I'm certainly not going to behave differently when
such decisions depend on me.

> The other thing is, in spite of the constant claims, running with the
> level of security provided by Firefox or Chrome or Safari isn't the
> least bit inconvenient, so there's no obvious reason not to do at
> least _that_.

One would think that those "constant claims" might just provide such a
reason.

Besides, we don't really follow what those browsers do, so it's a moot
point to argue anyway.