[Freedombox-discuss] FBX Privacy Enabled UX
On 04/03/2012 02:11 AM, Fifty Four wrote:
> My proposal is that the
> FBX issues the name (another layer of pseudonymous names) thereby protecting
> peoples comments being printed/screenshot by an informant, i.e. a contacts
> real name is never beside a contacts comment - separate screens.
I don't think this is a realistic proposal, and even if it were
realistic, i don't think it would be a good tradeoff.
Free software is about freedom. A would-be informant could always be
free to modify their freedombox to show whatever they wanted to show
instead of some enforced layer of identity obscurity. Sure, you might
have this layer on your own freedombox, but you can't require our
hypothetical informant to run the same obscurity layer.
It's also worth remembering that (a) screenshots are not iron-clad proof
because they're trivially forgeable, and (b) an informant doesn't even
need a screenshot to snitch at all.
Even if we could enforce this layer of identity obscurity, and limit
ourselves to attackers who inform by taking screenshots, it would mean
producing a tool that takes more cognitive effort to use safely and
securely. Is "Blue" my sister, or is it that colleague from work who
i'm currently frustrated by? This is a high cost to pay, especially if
the goal is to make a tool that "just works" for regular humans.
So let's look at the proposed gain: a would-be informant who plans to
snitch by taking screenshots now has to take two screenshots instead of
one: one of the relevant material they intend to leak, and another of
their name-mapping page.
I don't think the benefit is worth the cost.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1030 bytes
Desc: OpenPGP digital signature