> Take a computer-nonliterate but otherwise functionally competent adult with very limited vision (macular degeneration, glaucoma, etc.), onset of cognitive disorders (Alzheimer's, Parkinson's, TIAs, ...) but compelled to use computers for some functions (utility payments, banking, government services, remote comms, socialisation, hobbies & interests).
How far do you want to take this? At the end of the day you need to understand what's going on - otherwise you're going to visit a site presenting a self-signed cert and just click the "let me bypass this warning" button before handing over your creds.
It's no different to being phoned up by a scammer and being asked to transfer money for a "tax refund". What can we do about that technically? We try. We add warnings when customers initiate a bank transfer but at the end of the day it's their money and they must be free to send it where they please. So there has to be a focus on education, _as well as_ technological methods to try and protect the user.
> The world contains numerous people who are not tech-savvy, capable, digital natives. And even a large fraction of that population would fall prey to attacks of this nature.
There's a difference between being "tech-savvy, digital natives" and understanding the basics of how things like your email client work - and what it displays when it's going to send attachments.
I'm tired of this attitude that people are helpless and that understanding some basic aspects of the technology they use on a daily basis is completely forever out of their reach. It's patronising, and it leads to us "dumbing down" software (see Chrome and the address bar).
> Please show more awareness and compassion.
I've acknowledged that a warning may go some ways to improving this situation, but I absolutely stand by:
- The functionality had some genuine usage in the form of desktop software that opened up the mail client with e.g. crash logs attached.
- Removing the functionality entirely rather than exploring how to do it in a safer (read: not safe) way was an over-reaction and we've lost something potentially useful as a result.
> Perhaps beginning with your handle.
Perhaps you could focus on the points being made _in the body of_ the next comment you reply to?
The example given is drawn from immediate experience and illustrates my own slow-dawning awareness of the gulf and its implications from my heady days as a 1990s Linux & free software advocate. I still think they're great tools. I no longer think most people, certainly not most present adults, will profitably use them.
Most people do not have a functional model of how things work, they have a process model, possibly more accurately a ritualistic model, of action and effect. "I do A and B happens." There is no "because C" causal explanation, or any such notions are hopelessly inaccurate, often mythical or animistic.
Population-level computer literacy has been studied, and the results are frankly gutstopping. Usability expert Jacob Nielsen wrote on this in 2016:
Across 33 rich countries, only 5% of the population has high computer-related abilities, and only a third of people can complete medium-complexity tasks.
"Below level one" describes 14% of the adult population, for which typical skills are "Delete this email message". "Level one" (29% of the population) can assign categories or use search features, say, in email. "Level 2" (26%) could accomplish a task such as "You want to find a sustainability-related document that was sent to you by John Smith in October last year". Level 3 is the highest skill level, representing 5% of the population.
If you've been noting totals you might have twigged that we're only to 74% of the population. That is because fully 26% of adults have no effective computer literacy.
And 69% of the population in total (none, <1, 1) have at best extraordinarily limited skills and understanding. Whilst there's some variance among OECD populations (Finland does better, Turkey poorly), the shifts aren't that great. Human cognitive distribution is something we have to live with: all the children are not above average.
You may be tired of this fact but it remains the best interpretation of the evidence.
I'm certainly frustrated by this, on multiple grounds. It means that general-population digital tools must be targeted to the minimum viable user. It means that the advanced-user community is a very minor market segment, at least by units. It means that consequences of poor technical literacy are born by all of us. That's wrapped up in an essay "The Tyranny of the Minimum Viable User":
How far do you want to take this? At the end of the day you need to understand what's going on - otherwise you're going to visit a site presenting a self-signed cert and just click the "let me bypass this warning" button before handing over your creds.
It's no different to being phoned up by a scammer and being asked to transfer money for a "tax refund". What can we do about that technically? We try. We add warnings when customers initiate a bank transfer but at the end of the day it's their money and they must be free to send it where they please. So there has to be a focus on education, _as well as_ technological methods to try and protect the user.
> The world contains numerous people who are not tech-savvy, capable, digital natives. And even a large fraction of that population would fall prey to attacks of this nature.
There's a difference between being "tech-savvy, digital natives" and understanding the basics of how things like your email client work - and what it displays when it's going to send attachments.
I'm tired of this attitude that people are helpless and that understanding some basic aspects of the technology they use on a daily basis is completely forever out of their reach. It's patronising, and it leads to us "dumbing down" software (see Chrome and the address bar).
> Please show more awareness and compassion.
I've acknowledged that a warning may go some ways to improving this situation, but I absolutely stand by:
- The functionality had some genuine usage in the form of desktop software that opened up the mail client with e.g. crash logs attached. - Removing the functionality entirely rather than exploring how to do it in a safer (read: not safe) way was an over-reaction and we've lost something potentially useful as a result.
> Perhaps beginning with your handle.
Perhaps you could focus on the points being made _in the body of_ the next comment you reply to?