In the end, whether its asking a user to agree to a Terms of Service document thats full of privacy loopholes, or whether youre asking them if they want to allow a Trojan Horse application to upload a users banking records to an identity thief, its a sham.
Great Security Blunders
Is the Mac Really More Secure than Windows?
Restoring Online Privacy
Security Flaw Could Ground Wi-Fi Users|
Unless a user has enough information, and enough context in which to judge the consequences of their choices, the choice to cancel or allow is nothing more than yet another annoying obstruction between the end-user and the task theyre wishing to accomplish. In such a case, users can be counted upon to make whatever choice gets their task accomplished, regardless of whether it costs them their first-born child.
As I noted, none of this is very new to the privacy world. Indeed, organizations like the Internet industrys favorite so-called privacy watchdog group, TRUSTe, have made a cottage industry of creating faux choices and calling it consumer protection. Companies have learned to construct devious privacy policies and pretzel-like processes that are summed up by a cancel or allow decision that stands between the consumer and whatever it is shes trying to accomplish.
These processes are designed to look like theyre empowering users, but really theyre providing them with what amounts to a Hobsons choice a choice that is really no choice at all.
According to Wikipedia (so you know it must be accurate and if it isnt, feel free to change it!), the concept of the Hobsons choice originated with an English livery stable owner in the 1500s. Customers seeking to rent a horse were given the choice of whatever horse Hobson offered them, or pulling your carriage yourself.
Over the last decade, many websites have adopted a privacy model that is similar to Vistas new security model: present users with a choice between agreeing to whatever consequences are being foisted upon them, or be stopped dead in your tracks and get nothing done.
Given the extraordinarily task-oriented nature of most peoples computing experiences (when was the last time you sat down at your computer actually intending to get nothing accomplished?), presenting useless choices as being any choice at all is cynical at best and fraudulent at worst.
Yet many will undoubtedly continue to parrot the line that Vista is the most security-minded version of Windows yet. And if your definition of security-minded is the conditioning of consumers to click allow in order to get anything done, it is indeed one of the best testing grounds of conditioned responses since somebody bought Dr. Pavlov a dog and a bell.
Cancel or Allow?
At the end of the new Apple ad, the security guard finally asks the hapless PC: You are coming to a sad realization. Cancel or allow?
Unfortunately, after conditioning the world to click allow, all Microsoft will have accomplished is to pass the buck to the hapless PC user, trying to make the user responsible for anything bad that happens because they ultimately chose to allow it.
While that may allow Microsofts security engineers to sleep at night, the rest of us wont rest as easy until Vistas holes are plugged with something more substantial than a dialog box.