TradeOffBetweenComfortAndSecurity

A friend asked me why initiatives in the Cryptography world were in such a bottleneck. Here's my response to him.

The paradox of easy crypto is this : the main strategy for making computation easier is to take responsibility away from the user. To centralize it in the cloud, or hide configuration details in the operating system or hardware. DontMakeMeThink. Don't force the user to have to worry about these things.

Unfortunately in the case of reliable privacy that's exactly what you can't do. Every detail that the user can't, in principle, check, is a potential point of failure, a security weakness.

A lot of the fighting you see is between real security experts who want access to those details and think that you can't trust the security of systems unless you have them, and companies that say "we've successfully hidden them away. But trust us they work"