Content pfp
Content
@
1 reply
0 recast
2 reactions
William Allen pfp
William Allen
@williamallen.eth
Is the desire for e2e/zero knowledge encryption (Skiff, Proton, Signal etc) a stated preference with a much smaller TAM vs the revealed preference of 'just good enough' or 'the devs will add it later' encryption?
3 replies
0 recast
4 reactions
Cassie Heart pfp
Cassie Heart
@cassie
Part of the stated vs revealed preference of E2EE, ZK, MPC, and other cryptographic approaches, hell, even cryptocurrencies, is that the value delivered has to be greater than the investment. With Signal, a lot of heavy lifting is done to make it as usable as possible, and even then, there are still rough edges.
1 reply
0 recast
2 reactions
Cassie Heart pfp
Cassie Heart
@cassie
Part of this is because it is incredibly difficult to retain the security guarantees by smoothing some of those rough edges. Part of it is because a more holistic solution is required (PKI, such as Apple's iCloud Keychain infrastructure and Advanced Data Protection, has now enabled equivalent security with easier use)
1 reply
0 recast
4 reactions
Cassie Heart pfp
Cassie Heart
@cassie
Building that holistic solution doesn't happen overnight, and while significant engineering expense went into the new iMessage security features, it still remains limited to iMessage. Revealed preference: if you can't talk to Android users over iMessage, what do you do? Downgrade security.
2 replies
0 recast
3 reactions
Cassie Heart pfp
Cassie Heart
@cassie
The thing is, people don't realize how crucial the privacy and secrecy guarantees of strong encryption are, until they don't have it but need it. (See women's health care restrictions being passed that have lead to overzealous AGs requesting medical records from out of state)
3 replies
1 recast
15 reactions
vincent pfp
vincent
@pixel
security products are harder to sell because the benefit is only understood by people who have been pwned
2 replies
0 recast
2 reactions
vincent pfp
vincent
@pixel
selling a mechanical keyboard is easier than YubiKey because benefit is obvious, while benefit of physical 2FA is not as obvious, also applies to HW wallet
0 reply
0 recast
3 reactions
Cassie Heart pfp
Cassie Heart
@cassie
Which is why it has to be something so intuitive that doing things insecurely or damaging to privacy is hard. An amazingly hard problem, with the gift of beautiful design when done correctly.
1 reply
0 recast
3 reactions