Vista's Faux Security
An endless series of meaningless choices does not equal privacy, argues a security expert. Nor will they equal security for Vista.
But if youve ever been asked by a piece of software, your operating system, or a website whether you want to make a choice without the benefit of any background information or useful context then you can pretty much get the gist of joke.
The new TV ad, titled Security, features the grungy Mac guy standing next to the geeky PC guy, and behind the PC guy is some sort of Secret Service agent in sunglasses and a dark suit.
Every few seconds, the security guard asks PC if hed like to cancel or allow virtually everything PC does: You are returning Macs salutation. Cancel or allow?
Great Security Blunders
Is the Mac Really More Secure than Windows?
Restoring Online Privacy
Security Flaw Could Ground Wi-Fi Users|
As the ad goes on, PC gets increasingly frustrated with the repeated questions, when finally PC explains: I could turn him off, but then he wouldnt give me any warnings at all and that would defeat the purpose
This brand of faux security is well known to privacy folks, because the robot-like process of asking for user authorization has passed as a form of privacy protection for years.
(Before Im accused of some kind of bias, I should note that Im not particularly enamored of Mac security, either.)
For nearly a decade, most of the things that have passed for privacy features in a wide variety of applications, especially web browsers, have made those applications virtually unusable without choosing the equivalent of allow every time youre asked.
As we have learned through sad experience in the privacy world, an endless series of meaningless choices and even more meaningless actions do not equal privacy. Nor will they equal security in the world of Vista. Come to think of it, they dont equal security in airline transportation either, but I digress
The real concept at work here is less about protecting the privacy or security of the user than it is shifting the blame to them and away from the software creator whose application is about to do something that may be about to compromise the user.
The notion of giving users choices and letting them make their own decisions is fundamentally appropriate. But as with any choice that has significant consequences, no one can be expected to make a sound and reasonable decision without having enough useful information.