转发:Can Johnny Build a Protocol……
Can Johnny Build a Protocol? Co-ordinating developer and user intentions for privacy-enhanced secure messaging protocols
by Ksenia Ermoshina, Harry Halpin and Francesca Musiani
Abstract
As secure messaging protocols face increasingly widespread deployment, differences between what developers “believe” about user needs and the actual needs of real-existing users could have an impact on the design of future technologies. In the domain of secure messaging, the sometimes subtle choices made by protocol designers tend to elude the understanding of users, including high-risk activists. We’ll overview some common protocol design questions facing developers of secure messaging protocols and test the competing understandings of these questions using STS-inspired interviews with the designers of popular secure messaging protocols ranging from older protocols like PGP and XMPP+OTR to newer unstandardized protocols used in Signal and Briar. Far from taking users as a homogeneous and undifferentiated mass, we distinguish between the low-risk users that appear in most usability studies (such as university students in the USA and Europe) and high-risk activist userbases in countries such as Ukraine and Egypt where securing messages can be a matter of life or death.
slides:
paper:
by Ksenia Ermoshina, Harry Halpin and Francesca Musiani
Abstract
As secure messaging protocols face increasingly widespread deployment, differences between what developers “believe” about user needs and the actual needs of real-existing users could have an impact on the design of future technologies. In the domain of secure messaging, the sometimes subtle choices made by protocol designers tend to elude the understanding of users, including high-risk activists. We’ll overview some common protocol design questions facing developers of secure messaging protocols and test the competing understandings of these questions using STS-inspired interviews with the designers of popular secure messaging protocols ranging from older protocols like PGP and XMPP+OTR to newer unstandardized protocols used in Signal and Briar. Far from taking users as a homogeneous and undifferentiated mass, we distinguish between the low-risk users that appear in most usability studies (such as university students in the USA and Europe) and high-risk activist userbases in countries such as Ukraine and Egypt where securing messages can be a matter of life or death.
slides:
https://nextleap.eu/res/Ermoshina_EuroUSEC_final.pdf
paper:
https://www.ndss-symposium.org/wp-content/uploads/2018/03/eurousec2017_16_Ermoshina_paper.pdf
