Rubber hose attack

[P.J. Ponder]

On Fri, 2 Nov 2001, Rick Smith at Secure Computing wrote:

> If Microsoft's system is too brittle, then they'll pay for it through fraud
> expenses. If people find it unreliable or untrustworthy, they'll use other
> mechanisms for buying things. While I would feel compassion for consumers
> who are hurt or inconvenienced by some huge scam that exploited a poor
> Microsoft security implementation, such a scenario would be entertaining to
> watch.
>
> Regardless of .Net's expected convenience, most people will probably still
> patronize non-.Net vendors when they offer better prices, regardless of the
> inconvenience. It's not that hard to re-enter billing information,
> especially when compared to driving across town to the discount store
> instead of using the higher-cost mini-mart down the street.

I agree about the intersting to watch part - it should be a hoot.

I read a statistic a few years ago about the percentage of users of
Internet Explorer and Netscape browsers who had never changed the default
start page for the browser.  I forget what the percentage was, but it
struck me at the time as being quite high, like a third or more.  The
percentage may be higher now, a few years later, as access to the internet
permeates into a broader and less technically sophisticated demographic.

There is probably a significant percentage of users who will never learn
how to tweak the software tools that come with their new pcs, and they
won't even make the most rudimentary changes to the software behavior that
most of the users of this list would consider minimal customization.
It's for reasons like this that Microsoft and OEMs battle over getting
icons to come up on the screens of new pcs.

The default settings will be the permanent settings for many users, and if
it is easier to buy something through a .Net affiliate than to shop
around, then the .Net sites will get a certain percentage of users just by
'default'.  They won't get all, certainly, but they will get some just
because of the path of least resistance.

Same business practice with file format associations, preferred search
engines, pre-installed bookmarks, pre-loaded certificates, and so forth.
Passport is just part of the control/monopoly-enforcement package.

Ob crypto, I had a client who had a terrible time with public users not
having browsers with 128-bit crypto available to access the site - lots of
complaints, help desk calls, increased support staff hours, executive
management bitching about the network staff not helping the customers.
That's why it is important to make sure that the minimum spec is good
enough in a lot of applications, because lots of users will never learn
how to turn on the optional features and they will resent having to do it,
anyway.





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com