Yeah, it is really hard. I think systems should be designed with security from the start. Like you pointed out in your first article. I really wished the ActivityPub protocol was designed with cryptography implemented, but ... of course. It wasn't. And now we have a standardized social network protocol without confidentiality, and authenticated integrity.. which should've been baked in.
Yep. We are biased.
Things are getting better, slowly. We do have Libsodium for cryptography. Still, even then it can be confusing to those who don't understand.
But there isn't really a way to automatically implement secure code with cryptography built into the heart of it.
Only recently I've started thinking about security for the average user. Obviously still having a hard time ...
Yeah, it is really hard. I think systems should be designed with security from the start. Like you pointed out in your first article. I really wished the ActivityPub protocol was designed with cryptography implemented, but ... of course. It wasn't. And now we have a standardized social network protocol without confidentiality, and authenticated integrity.. which should've been baked in.
Yep. We are biased.
Things are getting better, slowly. We do have Libsodium for cryptography. Still, even then it can be confusing to those who don't understand.
But there isn't really a way to automatically implement secure code with cryptography built into the heart of it.
Only recently I've started thinking about security for the average user. Obviously still having a hard time ...
This Twitter post might interest you, about notifying users:
twitter.com/stebets/status/1017366...