Personally I find this really unsettling for non-technical users. Almost asshole-ish. It's funny to us...but seriously providing a real answer after all that would even be sufficient. Not just answering with a "yes", but with a little blurb on how it is secure.
Oh, so when someone doesn't lie to you it's unsettling?
The only way to know if something is secure is when it's adopted en-mass and you see if it really was secure or not. You could read the WinXP pamphlet on security back when it was released and it had endless bullet points about how secure it was. It was probably the least secure software in the history of computing based on actual attacks after the fact.
Security isn't something you provide an answer to unless you're selling snake oil. Luckily, it seems most people prefer buying snake oil and are happy to eat up a vendor telling them how secure an utterly untested product is.
Security theory is not something you can understand as a non-technical user anyway.
I think one should start by explaining what "a layer 3 virtual network that uses public keys instead of IP addresses" would mean, or what a network is depending on what non-technical means.
If one doesn't immediately understand what this means, they should stay away. The intended audience is clearly people who have some grounding in networking.
Q: What do you mean "No"?
A: We believe we have done a good job in securing it.
Q: So did you do a good job?
A: We hope so!
Q: You "hope so", what sort of answer is that?
A: Trust us. It's secure. We are not hackers. We don't want to steal your data. We did not put in any back doors. We audited the code ourselves. There are not any kernel level hacks, root kits, or otherwise. This has been tested against a variety of anti-virus scanners and none of them flagged anything. We're very good. Please please trust us?
The last answer could be even better if it included an actual list of things that have been checked against:
What testing methodology did you use, what form of vulnerability or classes of errors does it prevent (valgrind, ...). Has the code been formally verified ?
What are the attack scenarios that you have considered. What are those you don't prevent (physical access, system compromise, user compromise).
:-) The slight tone of sarcasm was there if you were looking for it.
Ultimately it comes down to "Trust us". Unless you are well versed in computer security, anything other than what I wrote, is meaningless. Even the rootkit stuff I put there is above the head of the average computer user (we're probably talking the 98th percentile and above that would understand what a rootkit is).
Probably talking the 99.99th percentile for what's above.
> Personally I find this really unsettling for non-technical users.
There is of course the counter argument, that if you're non-technical, you probably shouldn't be trying to implement a cryptographic layer-3 network for any reason other than "the lols".
That just means we move the bar a little further. We write an answer for programmers who know next to nothing about cryptography and security measures.
I’m not part of the Snow project, but I have the impression it’s still pretty experimental. If so, it’s probably better for non-technical users to remain unsettled about it for a while yet.
