[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] clean up the outline so we can show it to others
Update of /home/freehaven/cvsroot/doc/wupss04
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/wupss04
Modified Files:
outline
Log Message:
clean up the outline so we can show it to others
Index: outline
===================================================================
RCS file: /home/freehaven/cvsroot/doc/wupss04/outline,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- outline 24 Sep 2004 08:06:51 -0000 1.1
+++ outline 29 Sep 2004 07:58:07 -0000 1.2
@@ -16,7 +16,8 @@
Piece two:
What else is quite like anonymity? Encryption? How careful people are
in certifying other GPG keys? Internet host security to prevent DDoS
-and spam against others?
+and spam against others? They all seem to share some qualities, but
+none of them match up exactly.
Piece three:
Let's give you an overview of what we're trying to tell you here, so
@@ -28,25 +29,42 @@
Piece five:
Observations, Recommendations, Open research questions.
-- Users' safety relies on them behaving like others. How do they predict?
- What if they need to behave their certain way? How do they compute the
- tradeoff and risks?
-- Don't try to get the user to answer questions you can't answer yourself.
+- Talk about protections you can get from more users with a high-latency
+ system, and about in what ways that degrades as you move to low-latency.
+ Standard Econ Graph: increased anonymity as we slow things down,
+ but decreased user base (and thus decreased anonymity) as we slow
+ things down.
+
- The importance of choosing good defaults: since most people will use
the defaults, you've made the decision for everybody.
+- Don't try to get the user to answer questions you can't answer yourself.
- Especially messy because even the researchers don't know the answers,
and don't understand the tradeoffs. E.g., who is the adversary really,
and what can they do?
-- The importance of smart users / educating your users. Public perception
- as a security parameter. Good marketing as a security parameter?
+
+- Users' safety relies on them behaving like other users. How do they
+ predict the behavior of other users? What if they need to behave their
+ certain (different) way -- how do they compute the tradeoff and risks?
+- The importance of smart users / educating your users, so they know what
+ they're getting into, so they can compare systems better, so people will
+ be willing to use the better systems. Public perception as a security
+ parameter. Good marketing as a security parameter? (Since most people
+ will believe it, and therefore you need to take it into account even if
+ you know better.)
+
- Not just about numbers and blending, also about reputability. A network
- used only by criminals is not the one you want.
+ used only by criminals is not the one you want. People have an
+ incentive for the network to be used for "more reputable" activities
+ than their own.
+
- The importance of a GUI. Users evaluate the quality of a product by the
- quality of its GUI. Cf Tor's choice not to have a gui so far. They also
- judge quality based on feature-lists, which is unsafe.
+ quality of its GUI. Cf Tor's choice not to have a gui so far, and
+ problems with that. They also judge quality based on feature-lists;
+ yet in our context extra features are unsafe.
+
- Bootstrapping. How do we get any users? High-needs users are never
- first joiners. Low-needs users won't join if it meets the high-needs
- users' needs.
+ first joiners. Low-needs users won't join if it's secure enough (read:
+ slow enough) that it meets the high-needs users' needs.
@@ -161,7 +179,7 @@
- PGP/GPG for pseudonymity
- - Low-latency versus high-latency: who knows?
+ - Low-latency versus high-latency
- On low-latency vs high-latency: If your attacker can beat LL, you should
go with HL always and hope that others do. But if your attacker can't
@@ -217,13 +235,16 @@
- Users make security decisions based on pretty blinkenlights and long
feature lists. But long feature lists are a bad bad idea. Fear.
-- How are *we* supposed to know what the adversaries are??
+- How are *we* supposed to know what the adversaries are?? And if not
+ us, who?
-- Not everything is as good as encryption; adding more bits for overkill
- doesn't seem to work anywhere else.
+- Not everything in the security realm is as amazingly secure as
+ encryption; adding more bits for overkill doesn't seem to work
+ anywhere else.
-- Roger wants a Standard Econ Graph. ("Look! Crossing curves! Econ is a
- science, Dammit!")
+- Roger wants a Standard Econ Graph: increasing anonymity as we slow
+ things down, but decreasing user base (and thus decreasing anonymity)
+ as we slow things down.
Other stuff to say:
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/