Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Make encryption optional, and explicitly state the associated risk of a lost key.


This is actually a good idea. Apple does this on macOS with File Vault: "WARNING: You will need your login password or a recovery key to access your data. ... If you forget both your password and recovery key, the data will be lost."

They could put a clear warning on the iCloud screen as well. However, there is a large market for the iPhone in non-tech savvy people, especially old people, who may not understand fully what this decision means.


If memory serves, Apple did precisely this with FileVault for a very long time. Google did the same thing with encryption on phones. It was all quite thoroughly optional and all the warnings were thoroughly clear.

People can, will, do, and did ignore any and all warning messages and then look to support to help them. It does not seem to matter how large, scary, or clear the warnings are. They will be ignored.

So if you're Google or Apple and want to ensure that people's identity documents or tax records or business documents aren't stolen when the laptop or phone is, you make encryption the default. It helps that these devices are easier to sell to businesses. I'm thankful for these choices.

In my professional capacity as an information security practitioner and my personal capacity as a privacy advocate, I find the idea at hand distasteful. Improved security should be available to everyone, not just those with a deep grasp of how to manage cryptographic keys. Gaining any measure of data security should not be reserved solely for us in the technical elite.

There might, perhaps, be a slightly different discussion to be had about making it more common for tools to enable advanced users to manage their own keys. But this should never come at the expense of the common user. We have a profound professional responsibility to be better than that.


> Apple does this on macOS with File Vault: "WARNING: You will need your login password or a recovery key to access your data. ... If you forget both your password and recovery key, the data will be lost."

Many people assume that that when it says "can't", it actually means "won't", and that they'll be able to beg or browbeat support into helping them.

I can also already see the argument: "but that's not my data, it's in My Documents, it's a document so it shouldn't be encrypted!"

Communicating these things to users is hard because when it comes to computers, the lexicon is often personal. What one user calls My Documents might refer to the My Documents collection in Windows, and another one might mean a random folder they created that they put documents in. It's basically impossible to get everyone on the same lexicon, although it's getting better as young kids grow up with computers.


As I recall, that's how Mozy did it for online backups way back when. (I think it was encrypted in any case but they handled the key management by default.) They let you handle your own key if you wanted to but gave a stern warning if you elected to do that.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: