ysabetwordsmith: Cartoon of me in Wordsmith persona (Default)
[personal profile] ysabetwordsmith
 A crucial and immovable flaw in many security systems is humans.  If people can't get something to work properly, they will find a way to make it work improperly.  I find that there are a great many places online that I don't think need passwords.  It's just something I don't want to fuck around with for trivial uses.  So either I don't go there, or I work around it.  The problem comes when people do exactly the same thing with a really, really important system.

(no subject)

Date: 2014-04-23 02:13 am (UTC)
thnidu: my familiar. "Beanie Baby" -type dragon, red with white wings (Default)
From: [personal profile] thnidu
Thank you for the boost. Obviously, this issue is important to me… and also to madfilkentist (see his comment), who works in exactly this field.

Re: Yes...

Date: 2014-04-23 04:06 am (UTC)
dialecticdreamer: My work (Default)
From: [personal profile] dialecticdreamer
You've pretty well pegged the dynamic of the US government in relation to computers.

I have a slightly different problem with the international element of users vs. hosts, privacy laws as applicable versus EXPECTED privacy laws.

What the internet needs is a sort of "Surgeon General's Warning"-- you know, the nasty little blurb on the pack of cigarettes? Short, bold, simple, and SMALL changes should be placed just below the bordered box:

- This site maintains a database of: Username, valid email address, password, and a provided field for first and last name. We do not sell or give away these details except as required to by law in (country of origin), when served by authorized representatives of (country of origin). -

Underneath that:
- Optional fields are clearly marked as such, and users may choose to fill in data to customize their social profile for this site. This information, when provided is subject to the same legal conditions as the primary database form. -

It would allow a user anywhere in the world to see at a glance where that information goes- if anywhere, because the demographic data (this many women ages 30-45 residing in Ireland, as a random example) is not identifying, thus not subject to the same level of privacy restriction, but that CAN help a company refine and focus marketing efforts.

My favorite part? A lawyer from BigCorp, Mexico, can't issue demands for restricted info from a Canadian site without actually going through the legal routes in Canada to confirm that the demand for information is legal under Canadian law and not just bullying.

Btw, back in the day, a friend had an amateur site devoted to Harry Potter and a different fandom. There were NO graphics, NO excerpts from either set of books, just a fan talking about the commonalities and differences in audience, world-building, et cetera. "This one is meant for the teen crowd, and the amount of time spent describing clothing makes me want to wear a uniform- forever!" kind of comments. Guess who got a very, very nasty letter from Scholastic for "violating the Harry Potter copyright and trademarks". THAT is bullying.

Sadly, I kept thinking, "how is this news?"

Date: 2014-04-23 02:35 am (UTC)
dialecticdreamer: My work (Default)
From: [personal profile] dialecticdreamer
Not because I'm indifferent to computer security, but because I haven't seen any improvement in day-to-day SECURITY on computers since the days of BBSing and floppy drives.

My husband's job involves computers, and well, the end users who should bleeping well KNOW better are exactly as bad as the article implied for the health care workers. But from his viewpoint, the particularly ONEROUS and STUPID directives to control network security come from the "computer experts" who don't give a fig about the individual or group needs FOR their precious secured computer system.

He's just a stuck as the end users, in this case. The frustration levels can be appalling.

(no subject)

Date: 2014-04-22 10:28 am (UTC)
From: [identity profile] matrixmann.livejournal.com
This for sure is due to the fact that most humans who deal with comuputer technology don't actually know what they're doing. - At least those ones who decide to introduce computer technology as a kind of "backup" or "safer security".
Perhaps you need to be a bit paranoid to get along with this, but that is just as one should treat it. A machine doesn't care who enters a password or uses a security pass code - it simply does what it does when receiving the code. Also, if you don't enter the code each time as it was designed and make your way around it, then this kind of security system is useless. The reason is you are actually making your way around it. You think that someone else can't?

Profile

ysabetwordsmith: Cartoon of me in Wordsmith persona (Default)
ysabetwordsmith

October 2014

S M T W T F S
    1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 202122232425
262728293031 

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags