Untrusted software and security click-through warnings
Matthew Paul Thomas
mpt at canonical.com
Tue Oct 16 09:40:46 UTC 2007
On Oct 16, 2007, at 6:08 AM, Alexander Sack wrote:
>
> On Mon, Oct 15, 2007 at 05:31:23PM +0100, Ian Jackson wrote:
> ...
>> At the moment a user can unwittingly compromise their system just by
>> clicking on one thing on a website and then saying `yes' a few times.
>>
>> What I'm suggesting is that if they want to do that they should be
>> required to do something a little more complicated which is more
>> likely to trigger an actual decisionmaking process. Like, for
>> example, typing random commands they found on a webpage.
>
> how about using a captcha-like mechanism to trigger this decisionmaking
> process?
> ...
For example, have the computer specify that the user must type
either twice or backward -- that choice being presented at
random -- a word displayed, also chosen randomly, in the dialog
box.
Requiring this kind of confirmation is as draconian as it is
futile ... Such measures also create a new locus of attention;
the user is not attending to the correctness of their prior
response, thus frustrating the purposes of both the confirmation
and the user.
No method of confirming intent is perfect ... If the rationale
for performing an irreversible act was flawed from the outset,
no warning or confirmation method can prevent the user from
making a mistake.
-- Jef Raskin, /The humane interface/, p. 23
--
Matthew Paul Thomas
http://mpt.net.nz/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20071016/3d38dcf9/attachment.sig>
More information about the Ubuntu-devel-discuss
mailing list