[Sigia-l] Tagged: Malicious Social Network

[Ziya Oz]

Livia Labate:

> It's a tough world to be in when you have to reconcile the expectations
> for being secure and safe versus minimal user effort.

At face value, this is a very sensible proposition.

But (you knew that was coming :-), there's a much bigger issue here that far
transcends technology: the social contract. As members of a community, we
have come to rely on certain conventions, rules, laws, etc. On this, we
don't unfortunately have much choice. We can't trust *and* verify at every
turn.

We expect our 'board certified' doctor to be at least semi-competent so that
every time we need even a minor prescription we don't have to shut ourselves
up in a medical library second guessing his opinion. We expect the bank we
put in our hard-earned money in to follow various financial practices
sanctioned by the government. We expect the operating system we trust with
our most valuable information, data, photos, songs, etc., to have at least a
semi-reasonable security architecture or an address book that can't be
arbitrarily accessed by random websites. (OK, the last one was a fantasy for
the better part of the last decade, but you get the point.)

So the meaning of 'minimal' above is critical. I guess as designers we get
paid to decide what it ought to be. It's impractical to demand users to
become more actively involved in online security, as rational as it sounds,
because as you well know they won't do it. (Heck, some time ago I posted an
experiment where even geeks were fooled mercilessly by various financial
scams, and many here said frankly that they too were confused.)

Many of these are the result of system-level architectural and design
decisions made long time ago and won't be eradicated by a patch-of-the-week
regime or anti-virus update chase or nuking your browser's JavaScript off,
etc.

----
Ziya

Rules without context are meant to annoy people who care.