OTHER CHAPTERS IN THIS BOOK HAVE TALKED ABOUT HOW USABILITY IMPACTS SECURITY. One class of security software is anonymizing networks —overlay networks on the Internet that provide privacy by letting users transact (for example, fetch a web page or send an email) without revealing their communication partners.
In this chapter, we’ll focus on the network effects of usability on privacy and security: usability is a factor as before, but the size of the user base also becomes a factor. As we will see, in anonymizing networks, even if you were smart enough and had enough time to use every system perfectly, you would nevertheless be right to choose your system based in part on its usability for other users.
While security software is the product of developers, the security it provides is a collaboration between developers and users. It’s not enough to make software that can be used securely; software that is hard to use often suffers in its security as a result. For example, suppose there are two popular mail encryption programs: HeavyCrypto, which is more secure (when used correctly), and LightCrypto, which is easier to use. Suppose you can use either one, or both. Which should you choose?
You might decide to use HeavyCrypto because it protects your secrets better. But if you do, it’s likelier that when your friends send you confidential ...