The dramatic revelations of large-scale government surveillance and deep penetration of the Internet by intelligence services and other adversaries have increased the interest of the general public in tools such as encryption software, anonymity services and others that previously were mainly of interest to technophiles and activists. But many of those tools are difficult to use and present major challenges for users, so to help improve the usability of these applications, Google, Dropbox and others are supporting a new project called Simply Secure.

The project is focused on making open-source security and privacy tools easier to use and to remove some of the pain of using crypto packages, off-the-record messaging and other tools that protect users online. The organization’s activities will center on bringing developers of open source security tools together with usability researchers and experts to help solve the difficult problems the developers face. Many open source projects are run by volunteers who don’t have the time or resources to tackle these issues on their own.

“Simply Secure represents an exciting opportunity to bring together diverse groups in pursuit of an important goal: making security and privacy tools more user-friendly. This transparent, community-focused approach is new, and represents a compelling adaptation of the open-source model to interaction design. Usable security has been a passion of mine for the past ten years, and I’m thrilled to be leading such a wide-ranging and well-supported initiatives,” said Sara Sinclair Brody, director of Simply Secure.

Google and Dropbox are providing financial support for Simply Secure. The organization has a group of advisors that includes Ben Laurie of Google, Cory Doctorow, a technology activist and writer and Ian Goldberg, a professor at the University of Waterloo and well-known security and anonymity researcher.

“We believe that people shouldn’t have to make a trade-off between security and ease of use. This is why we’re happy to support Simply Secure, a new organization dedicated to improving the usability and safety of open-source tools that help people secure their online lives,” Meredith Whittaker and Ben Laurie of Google said.

“Over the coming months, Simply Secure will be collaborating with open-source developers, designers, researchers, and others to take what’s there—groundbreaking work from efforts like Open Whisper Systems, The Guardian Project, Off-the-Record Messaging, and more—and work to make them easier to understand and use.”

Sinclair Brody, a former product manager at Google, said that Simply Secure will work on public audits of code bases and interfaces.

“More generally, we aim to take a page from the open-source community and make as much of our work transparent and widely-accessible as possible. This means that as we get into the nitty-gritty of learning how to build collaborations around usably secure software, we will share our developing methodologies and expertise publicly. Over time, this will build a body of community resources that will allow all projects in this space to become more usable and more secure,” she said in a blog post.

 

Categories: Web Security

Comments (3)

  1. ODA155
    1

    Maybe Google and Dropbox should concentrate on trying to secure their own resources first. How many times have we been asked (forced) to change passwords for Google services because they’ve been hacked… and there are malware variants that use Dropbox as their source for spreading other malware and storing stolen information.

    Just a thought.

    • HG502
      2

      How many times have I had to do that? 0. I’ve had other companies (Adobe, Sony, etc..) force me to change my password because

      a) They had poor security
      b) I used to have a bad password policy but that has since been rectified.

      Both a & b are out of Google’s control.

      As for Dropbox, I can’t say much about it as most of my friends in the security business have told me to stay away from them and plus I never liked the whole “one directory to back everything up” policy.

      • ODA155
        3

        Well, I am a security profession and I invite you to search for an article from last week where Google addresses and passwords were found online for anyone willing to pay for them. No, Google cannot control another company, my point was that while they want to make it easier for people to use other security products, I think they should focus a little more on securing their own. And maybe you were lucky in that your credentials were not among those stolen.

        As for Dropbox and any other “cloud” service, I personally do not trust them with my data, I can secure my stuff just as well if not better all the while making it available wherever I am.

Comments are closed.