Untrusted software and security click-through warnings

Matthew Paul Thomas mpt at canonical.com
Tue Oct 16 09:40:46 UTC 2007

On Oct 16, 2007, at 6:08 AM, Alexander Sack wrote:
> On Mon, Oct 15, 2007 at 05:31:23PM +0100, Ian Jackson wrote:
> ...
>> At the moment a user can unwittingly compromise their system just by
>> clicking on one thing on a website and then saying `yes' a few times.
>> What I'm suggesting is that if they want to do that they should be
>> required to do something a little more complicated which is more
>> likely to trigger an actual decisionmaking process.  Like, for
>> example, typing random commands they found on a webpage.
> how about using a captcha-like mechanism to trigger this decisionmaking
> process?
> ...

     For example, have the computer specify that the user must type
     either twice or backward -- that choice being presented at
     random -- a word displayed, also chosen randomly, in the dialog

     Requiring this kind of confirmation is as draconian as it is
     futile ... Such measures also create a new locus of attention;
     the user is not attending to the correctness of their prior
     response, thus frustrating the purposes of both the confirmation
     and the user.

     No method of confirming intent is perfect ... If the rationale
     for performing an irreversible act was flawed from the outset,
     no warning or confirmation method can prevent the user from
     making a mistake.

                         -- Jef Raskin, /The humane interface/, p. 23

Matthew Paul Thomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20071016/3d38dcf9/attachment.pgp>

More information about the Ubuntu-devel-discuss mailing list