[Freedombox-discuss] Freedombox's pursuit of perfection undermines its goals

Subject: [Freedombox-discuss] Freedombox's pursuit of perfection undermines its goals
From: joshuaspodek@yahoo.com (Joshua Spodek)
Date: Mon, 24 Oct 2011 15:41:18 -0400
Message-id: <[🔎] 1319485278.1721.86.camel@cinetic>
In-reply-to: <[🔎] 87wrbww9jx.fsf@debian.home>
References: <mailman.132.1319284834.27384.freedombox-discuss@lists.alioth.debian.org> <[🔎] 1319301085.32389.314.camel@cinetic> <[🔎] 87wrbww9jx.fsf@debian.home>

On Sun, 2011-10-23 at 00:39 -0500, Nick Daly wrote:

> I know it seems slow at times, but there are a lot of reasons we need to
> do (certain features) right the first time.  The best example is the
> Haystack Project [0] which, unfortunately, leaked user information and
> actually did more harm to users because they *thought* their information
> was protected when it wasn't.  The worst thing we can do is to project
> an incorrect *image* of security on an insecure project (personal
> security theatre).

I agree on the importance on accuracy in our image of security. I don't
know if we or anyone can responsibly project an image of *perfect*
security. Absent perfect security, an image of "avoiding the risks of a
centralized server, but still containing risks" seems responsible to me.
I'm not sure what more we /could/ say, since no one can predict all
possible problems.

If the "worst thing we can do is to project an incorrect *image* of
security on an insecure project", I contend we should consider not
projecting an image of perfect security, which I consider impossible. I
suggest we say we are imperfect but avoid the flaws of a centralized
server and the code is Free so you can read and modify it.

Besides, many users don't need serious security. For them "right" may
have a low threshold.

> If we need to do it right the first time, doing it right takes a long
> time, and we need to get it out the door now, then leaving those
> features out of the first release might be the right approach.  Doing it
> wrong (misleading people with our image) does a lot more harm than doing
> it slowly (because people *do* trust us to do it right the first time, I
> know I do).

"right" doesn't /have/ to take a long time, especially for some users,
as you said.

I agree with the image issue. Projecting perfect security when we don't
have it could cause irreparable problems. As I wrote above, I believe
projecting imperfect security will help many people while being more
accurate, in my opinion at least.

Reply to:

References:
- [Freedombox-discuss] Freedombox's pursuit of perfection undermines its goals
  - From: joshuaspodek@yahoo.com (Joshua Spodek)
- [Freedombox-discuss] Freedombox's pursuit of perfection undermines its goals
  - From: nick.m.daly@gmail.com (Nick Daly)

Prev by Date: [Freedombox-discuss] Freedombox's pursuit of perfection undermines its goals
Next by Date: [Freedombox-discuss] Straight and Narrow.
Previous by thread: [Freedombox-discuss] Freedombox's pursuit of perfection undermines its goals
Next by thread: [Freedombox-discuss] [Fwd: Re: Freedombox's pursuit of perfection undermines its goals]
Index(es):
- Date
- Thread