Google asked people in Times Square:"What is a browser?". Stuff like this makes me despair for creating a secure web—what chance do people have of surfing safely if they don’t understand browsers, web sites, operating systems, DNS, URLs, SSL, certificates...
Sign in with 
OpenID
To which I'd reply "What is a carburettor?" Frankly, I've got no idea even though I've been driving for 9 years.
Now asking the same question to car mechanics and I'd hope for a better answer. :)
Dominic Mitchell - 20th June 2009 09:51 - #
@Dominic: precisely.
I don't think this is worrying or even particularly surprising, it's just a useful reminder that we need to design the web in a way that doesn't assume understanding of its inner workings. Frankly, I don't want people to have to understand DNS or SSL certificates.
James Wheare - 20th June 2009 11:45 - #
If your car was built in the last 15 years it would likely not have a carburetor, almost all cars now use fuel injection. Which is a good reason to know roughly how your car works so that you aren't at the mercy of an unscrupulous mechanic.
Huxley - 20th June 2009 13:45 - #
I'm fine with designing the web to assume people don't understand its inner workings, but that doesn't address the fundamental security problem here. If people don't know how to figure out what site they are on (or indeed what a "site" even is), what chance do they have of keeping their data secure online? And if our users can't stay safe, is it responsible of us to build applications that require them to hand their personal information over to our sites?
That would be ideal, James, but we don't know that it's even possible.
For instance, the lock icon that you get when you visit an https URL offers a very specific set of guarantees. I think it's important that people understand what that lock means - a misguided sense of security can be worse than no security at all - and a basic understanding of DNS, etc. is rather fundamental to it.
Brendan Taylor - 20th June 2009 16:36 - #
Funny that no-one knows what Chrome is, since Google have been doing the hard sell for months on google search and youtube
Pete - 20th June 2009 20:00 - #
It shouldn't be up to the people surfing the Web to have to know the intricate details of the infrastructure: things should be secure by default, and people should be given a reasonable overview of whether a site is "good" or not.
Matters like this drive me up the wall. It's like the demise of e-mail as a decent communications tool: there are ways of establishing secure, trusted communications between people, and yet the people who run the infrastructure drag their heels in over implementing the necessary pieces that would make things "just work". Instead, there's a cottage industry of half-baked "solutions" such as anti-virus software which not only avoids addressing most of the fundamental problems but also gives a false sense of security to the user who is simultaneously asked not to worry about such things and yet is required to recite the Internet security glossary at a moment's notice.
One knows that the infrastructure is failing its users when one has to report phishing attempts targeting users of a mail network who have received such messages through that same mail network, and the only help that is offered amounts to a reminder saying that "users should not click on the links". And then the next day, one gets the scheduled reminder to change one's password and wonders whether stern (but inadequate) reminders are really helpful for those who cannot and should not be required to distinguish between the "good Internet" and the "bad Internet".
Paul Boddie - 20th June 2009 21:47 - #
Just as it's a necessity to have a licence to drive a car, even though you don't automatially get to drive an F1 with it, people need formal introductionary education in CS, just to "drive" casually and avoiding the occasional "accidents". The "racing" is yet still for pros.
OneOfMany - 21st June 2009 12:04 - #
OneOfMany, +1, but obviously enforcement is a problem.
I think maybe level 0 is: you can use the web without any understanding, but assume it's unsafe, and act as though you were relating to an unknown stranger.
level 1 is: you must understand what a browser is, what the domain in the URL is for, basic password security rationale, and what the lock icon is. You can share information which you would relate at a group dinner with people you have some connection with, but little trust in.
level 2 is: you must understand general classes of attack such as social engineering, phishing, MitM, etc. You can share private information, including credit cards and letters to your mistress.
Jeremy Dunck - 21st June 2009 16:15 - #
Based on this evidence, I think google should have a big campaign and rebrand Chrome as "Google Internet 2 - upgrade your search engine today!"
Is your internet slow? Upgrade to Google Internet 2009.
Charles Darke - 21st June 2009 21:02 - #
Hah, that's a brilliant idea. I bet it would work.