[Cryptography] Well Known Bad Idea: ask users to make security decisions, or If you *work* for Apple, please update your email software

[Henry Baker]

-----Original Message-----
From: John Levine <johnl at iecc.com>
Sent: Oct 5, 2025 5:31 PM
To: <cryptography at metzdowd.com>
Cc: <hbaker1 at pipeline.com>
Subject: Re: [Cryptography] Well Known Bad Idea: ask users to make security decisions, or If you *work* for Apple, please update your email software

[[ definitely not worth posting to the list ]]

It appears that Henry Baker said:
>Apple: I have to actually click on the "display name" to get the full email address to show
>(on MacOS); I have no idea how to get the email address to show in iPhoneOS -- I usually
>have to display the entire email message in "raw ascii format" (with all headers), which is one
>hell of a lot uglier than a simple email address. This is 100X too far beyond the capabilities
>of many/most family members, as well as beyond the capabilities of 95% of the Apple
>user base.

I understand that you personally really really want to see the email address rather than
the display name. For me, I occasionally tap twice to see the address but it's rarely
an issue.

But why should anyone else care? Please don't claim it has some essential security benefit
since people who have done actual research know that it doesn't.

R's,
John

---
Re: Apple "For the Rest of Us"

The "1984" Commercial and Slogan

The Commercial: Airing during Super Bowl XVIII, the "1984" ad depicted a dystopian future reminiscent of George Orwell's novel, with an unnamed heroine symbolizing the Macintosh.

The Slogan: The slogan "the computer for the rest of us" encapsulated the Macintosh's mission to make computing accessible to *everyone*, not just businesses or *experts*.

The Message: The ad and slogan positioned the Macintosh as a revolutionary tool to save humanity from conformity and control, an interpretation that highlights Apple's early focus on individual empowerment through technology.

[Sadly, that online "1984" future has already arrived, and it only took 40 years !]

--
"The Rest of Us" -- aka the non-wizards -- aren't qualified to dive beneath "display names" to find out when they're being phished and scammed.

Unfortunately, Apple never followed through on *security* "for the rest of us".

Once again, if you have family/loved ones who aren't all that computer literate, they need additional protection & education in order to survive in today's online world.

Apple has positioned themselves as such a protector, but they haven't been doing such a great job when it comes to email programs.