[Cryptography] Apple: graphically show users that they are under attack

Michael Kjörling michael at kjorling.se
Fri Feb 26 10:31:30 EST 2016


On 25 Feb 2016 14:11 -0800, from hbaker1 at pipeline.com (Henry Baker):
> Apple needs to incorporate some sort of visual "meter" or other
> display icon that indicates when their phone is being scanned and
> when someone is trying to crack their passcode, their SSH login,
> etc.
> 
> In addition to attacks on your particular phone, Apple might also
> have a threat meter indicating attacks on iPhone's in general.
> 
> Perhaps this threat meter could have sound effects that sound like
> shells whizzing by and exploding nearby.

Okay, so you want to somehow visualize to the user the fact that the
Internet is a dangerous place. Because, yes, indeed, the Internet _is_
a dangerous place; I am not arguing that point, in fact I have made
the same argument on a number of occasions.

This does however have the obvious problem of: **what is the end user
supposed to _do_ with that information?**

We tried going down a very similar route with software firewalls on
individual PCs that popped up warnings about every little thing.
(Anybody remember ZoneAlarm?) It might have been a good idea in
theory, in the eyes of an engineer familiar with TCP/IP, but it didn't
work terribly well in practice with a variety of types of users with
hugely varying sets of computer knowledge.

Telling people that everything is doom and gloom, while giving them no
constructive avenue for improving the situation, especially in a
situation where there is no single clear responsible entity, is rarely
conducive to an environment where those issues get resolved.

For an end-user appliance meant to cater to broad groups, such as
software running on a smartphone or home computer, it seems better to
work on any relevant false positive and false negative ratios, and
silently drop anything that is detected as malicious as early in the
processing chain as possible (that last to reduce the risk of any bugs
themselves allowing compromise of the device).

86-year old Aunt Jane isn't interested in a visualization of "current
network danger level"; she wants the phone, tablet, computer, toaster,
refrigerator, lightbulb, whatever to _just work_ in the environment
it's designed to work in. Including the good, the bad and the ugly.

The engineer who _wants_ to know this isn't interested in an aggregate
"current network danger level"; they are much more likely to want the
gory details.

In neither case can I see how your proposal helps anyone.

Learned helplessness is not something to encourage, at all.

-- 
Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)


More information about the cryptography mailing list