Email or username:

Password:

Forgot your password?
Top-level
David Crooks 🏳️‍🌈🏳️‍⚧️

@jsnell @9to5Mac I work in cybersecurity, where there has been a huge increase in priority recently for obvious reasons.

But you have to balance that against people getting what they need done - our job is to enable, not prevent.

12 comments
Jason Snell :zeppelin:

@dcrooks @9to5Mac

We all know that social engineering happens.

Adding more hoops for users to jump through won't stop social engineers from conning people into jumping through the hoops.

But it will frustrate legitimate users.

David Crooks 🏳️‍🌈🏳️‍⚧️

@jsnell @9to5Mac Yes: agreed.

And something that’s really important - eg with phishing - is that users are our best defence - we need to encourage users to help, rather than acting like they’re obstacles.

Imagine a security team of thousands of users, all of whom have the tools to engage rather than being frustrated?

Glyph

@jsnell @dcrooks @9to5Mac it really sounds like you are not considering the case of intimate partner surveillance, which is what this sounds like a defense for to me. I am not sure this is the perfect solution to the problem, but “remind me never” is not tenable if an abuser might have physical access and your password at a point in time; it’s important to never give *anything* infinite silent background persistence.

Glyph

@jsnell @dcrooks @9to5Mac (I anticipate that I, personally, am also going to find this very annoying, but I can see why it’s there.)

David Crooks 🏳️‍🌈🏳️‍⚧️

@glyph @jsnell @9to5Mac A fair point - but I feel like there is a better balance to be had here.

Glyph

@dcrooks @jsnell @9to5Mac I don’t really disagree, this does seem like kind of an arbitrary cadence that probably privileges apple’s own products in dubious ways (do you have to re-enable FaceTime’s camera and screen recording access every week? I am guessing “no”) but still that is the sort of problem that needs to be reckoned with here

Jason Snell :zeppelin:

@glyph @dcrooks @9to5Mac It's on Apple to find _better_ solutions that protect users while also respecting them. If you want to find an example that justifies adding more security pop-ups and clutter, you can _always_ find one.

David Crooks 🏳️‍🌈🏳️‍⚧️

@jsnell @glyph @9to5Mac 💯

They have really outstanding, experienced staff (which feels redundant to say) - agreed.

Jason Snell :zeppelin:

@glyph …and don't tell me what I am and am not considering. Thanks.

Glyph

@jsnell for what it’s worth this is why I qualified with “sounds like”. I did not mean to tell you that you don’t care about or don’t know about the issue, just that you didn’t mention it here, and given that (as far as I know) that is *the* problem being addressed by this sort of over-alerting, its absence is notable. Sorry that I implied otherwise.

James Grimmelmann

@glyph @jsnell @dcrooks @9to5Mac I think "silent" is an important word there. If screen recording unblockably triggers a menu-bar UI element (as it does on iOS) it reduces the risk of silent surveillance.

Go Up