Untrusted software and security click-through warnings

Alexander Sack asac at jwsdot.com
Tue Oct 16 10:26:30 UTC 2007

On Tue, Oct 16, 2007 at 10:40:46PM +1300, Matthew Paul Thomas wrote:
> On Oct 16, 2007, at 6:08 AM, Alexander Sack wrote:
>> how about using a captcha-like mechanism to trigger this decisionmaking
>> process?
>> ...
>     For example, have the computer specify that the user must type
>     either twice or backward -- that choice being presented at
>     random -- a word displayed, also chosen randomly, in the dialog
>     box.
>     Requiring this kind of confirmation is as draconian as it is
>     futile ... Such measures also create a new locus of attention;
>     the user is not attending to the correctness of their prior
>     response, thus frustrating the purposes of both the confirmation
>     and the user.
>     No method of confirming intent is perfect ... If the rationale
>     for performing an irreversible act was flawed from the outset,
>     no warning or confirmation method can prevent the user from
>     making a mistake.

I completely agree. My point is: if captchas don't help then why would
pasting commands from the net help to get the user think about the
risk their actions imply?

My opinion is clearly that we should come up with a decent and
standardized way to add third party applications that we can actually
_control_ and design in a way that at least gives our users a chance
to educate themselves before taking any action.

If you just ignore the demand to install third party applications from
third party repositories you will likely train our user-base to just
google the internet and follow arbitrary instructions they find - which
can't be what we want.

 - Alexander

More information about the Ubuntu-devel-discuss mailing list