Re: A couple of questions and concerns about Emacs network security

[Eli Zaretskii]

> Date: Thu, 5 Jul 2018 11:29:20 -0400
> From: "Perry E. Metzger" <address@hidden>
> Cc: address@hidden, address@hidden, address@hidden,
>  address@hidden, address@hidden
> 
> > It isn't the Emacs way to second-guess our users' needs, 
> 
> Most users do not know or understand anything about setting
> security, so defaults have to do the right thing.
> [...]
> > definitely
> > not to decide for them what is and what isn't a matter of life and
> > death for them.
> 
> Most users depend on software vendors to set the correct amount of
> security.
> [...]
> They have no understanding of the protocols in use and it
> is unreasonable to ask them to make such decisions by default.

Emacs always gives users who do understand the freedom to make their
choices.  Paternalism is not our way.  Where something needs to be
explained, we document it in a way that gives the users enough
information to make up their minds.  We don't decide for them, because
such decisions will never be good enough.

> I'm dead serious in saying if you do not obey the standards for how
> browsers are supposed to behave, you might quite literally kill
> someone. People have died this way. Do you want me to start posting
> names and incidents? You want descriptions of dissidents having their
> genitals electrocuted and being locked upright in freezing cold
> rooms, I'll happily start linking to Amnesty International reports
> for you.
> 
> Many countries now use the internet as an instrument of control and
> oppression. We should not be making their job easier.

People die on the roads every day, but restricting free movement due
to that somehow doesn't sound right to me.

> If people want to remove security on their own, that's their business,
> but providing defaults that are not even as secure as what Chrome or
> Firefox does is totally irresponsible.

Emacs is not a Web browser, we have different priorities.  So the
solutions need not be the same.  Blindly copying from browsers is not
a good way of dealing with these issues.  We need to carefully analyze
the potential risks and the preventive measures, and decide what makes
sense as the defaults.  (And Firefox's defaults are sometimes quite
annoying, I turn some of them off for that very reason.)

> > It is IMO unreasonable to make our defaults match what happens in
> > dictatorships that you describe,
> 
> You do not understand the issue and are thus incompetent to make a
> decision on this.

Please drop the attitude if you want me to take you seriously.  You
don't know the first thing about me to talk like this.  If anything,
my familiarity with real dictatorships is much closer and firsthand
than from reading Amnesty International reports.  If you want to
convince, explain, do not try to scare and suppress.

> Do you really want me to describe some of the things that have
> happened to people who have had their communications intercepted
> because software developers were irresponsible? You can find pretty
> graphic descriptions online.

Yes, and 9/11 was also pretty scary and detrimental to health.  But
TSA is not the solution, even if it were more effective than it is.

> you honestly propose ignoring the need to protect users from network
> based attacks?

I said nothing of the kind.  I said that we need to have "the right
amount" of security, that's all.  Dumping all the possible protection
methods on users without careful analysis of what is more and less
important is a bad starting point.