Wednesday, Dec 2, 2015 11:06 AM John Levine wrote:
Show your data or please stop making generalizations like this. This is
really not helpful.
Hmmn. If people are this unfamilar with practical user security, and
are unable to type "trade password for a candy bar" into Google, this
is going to be a very slow slog.
John, what is deeply frustrating about this conversation is that every time I
ask a serious question, I get an answer like this. Did you look into that
study? Can you describe their methodology? Did they identify potentially
confounding factors that would introduce bias into the results? Does their
methodology account for those factors? Do they make any sort of case at all
for why their sample is a representative sample? You don't know, do you?
You just read one of the clickbait articles that Google offered you.
The very study you are citing is actually used as an example of bad methodology
in a textbook, _Elementary Statistics: Looking at the Big Picture_, by Nancy
Pfenning. Did the researchers check to see if the people they surveyed gave
their actual birthday, or their actual password? Or were they the ones who
were scammed? The survey was also done in 2004. Do you think nothing has
changed since then?
The reason this has become a slog is that nearly every answer I've gotten for a
question I've asked, and nearly every criticism I've seen of a statement I've
made, is of a similar level of quality to the answer you just gave me. I don't
mean to single you out--your example study is just too good an example not to
What this conversation has told me is that nobody on this mailing list actually
knows the answer to this question: "what are the costs and benefits of
redacting information from the Received header fields in email messages?" You
all think you know the answer, and your intuition is probably not completely
invalid, but if we actually care what the answer to this question is, we
probably do need to form a working group to study it a bit more seriously than
we have done thus far, and we definitely can't rely on the assurances of
supposed subject matter experts as to what the actual cost is.
Sent from Whiteout Mail - https://whiteout.io
My PGP key: https://keys.whiteout.io/mellon(_at_)fugue(_dot_)com
Description: PGP signature
ietf-smtp mailing list