By Igor Magun
Security software has a problem–it’s absolutely dreadful to use.
Take Signal, the end-to-end encrypted messaging app endorsed by Edward Snowden. It collects very little metadata and uses a robust encryption protocol that, in theory, keeps your messages unreadable if anyone tries to intercept them.
But in practice, here’s what happens: I get a Signal message from my friend and I try to respond. The app tells me, over and over, that my friend doesn’t have Signal–even though he just messaged me using it. So, I text him instead, putting us at the mercy of less-than-adequate SMS encryption.
This problem extends beyond Signal. I use a virtual private network (VPN) to encrypt my web traffic over public WiFi. My last VPN provider refused to play ball with Microsoft’s cloud storage service, OneDrive. My current one works perfectly with OneDrive–but breaks four other programs.
So, if I need those programs, I turn the VPN off, exposing any unencrypted internet traffic to snoops.
And then there’s full-disk encryption, designed to protect the files on your computer. It’s enabled by default on my iPhone and my Surface Pro tablet, so I don’t even have to think about it. But implementing it on my desktop requires a mess of third-party programs that I don’t have the time and energy for.
Security is hard, make no mistake. Some very clever thinking goes into the examples I’ve mentioned, and even with their flaws, programs like Signal serve a purpose. Depending on who you need to keep your data safe from, these tools can be indispensable.
But having a security system that only works some of the time really isn’t good enough.
This highlights something important that tech companies have only just started to realize: security shouldn’t be something people ever need to think about. Why aren’t SMS messages end-to-end encrypted? Why does anyone still need to get a VPN to protect their internet traffic on public WiFi?
User experience plays as big a role in security as does good encryption. Security needs to be the default, not an afterthought that you download from an app store. And it needs to work well. If users must go out of their way to be secure, chances are they won’t. And that leaves us all less secure.