[messaging] Social Security cards and additional issues
trevp at trevp.net
Thu Jan 30 12:57:08 PST 2014
On Thu, Jan 30, 2014 at 12:21 PM, Watson Ladd <watsonbladd at gmail.com> wrote:
> Take your social security card: notice that the number is broken up
> into unequal blocks.
> The same is true for telephone numbers.
> I don't think this is coincidence: has human interaction research been
> conducted on
> making strings easily identifiable?
There's research on character legibility and word recognition that's
not hard to find (eg Miles Tinker, Kevin Larson). But for
alphanumeric strings of crypto length I couldn't find much.
> The second point concerns the need for fingerprints in the first
> place. We're looking at a future that is increasingly multi-device.
> Transparently managing shared contacts including cryptographic
> identities from prior encounters obviates the need for fingerprints.
Certainly Trust-On-First-Use (TOFU) or a trusted infrastructure could
provide a nicer UX than fingerprint verification.
But I suspect there will always be use cases where manual verification
matters (e.g. first-time contact, or users with high-security
requirements). So I don't think the need for fingerprints is
completely "obviated", though I agree we shouldn't force all users to
deal with them.
> However, it does raise all sorts of tracking questions/how to access
> this shared contact file from a new device?
Yes, syncing devices is also a hard problem, particularly in the
context of "ratcheting" algorithms which update keys for forward
secrecy. Perhaps another thread sometime...
> Thirdly, UX remains a huge issue. Cryptocat got this right, and a
> desktop Java application is probably the best current solution
> (although Java is no longer as ubiquitous as it once was). Pond is
> having issues making a cross-system GUI. Unless we can get people to
> use our solutions, they don't matter.
Yes, good UIs are difficult.
More information about the Messaging