[kde-doc-english] The help pages and other observations

Mon Oct 8 03:11:00 UTC 2012

Hello guys.

Please accept the following comments in the good humoured way in which they
are intended!

I am not exactly a pc newbee, but I am no expert either. I downloaded
Truecrypt around five hours ago. I was advised to check the signature of the
file and so downloaded this program (Gpg4win- or is it actually kleopatra?)
for the purpose. I was then advised to check the integrity of my download
using a SHA1 hash check. Eh? Er, OK then. I accomplished this, after a (what
the hell is that?) internet search, using a program downloaded from a site
that seemed to me to be far from secure, riddled with misleading advertising
downloads, masquerading as the download I wanted. But I got there eventually
(or at least I think I did). The SHA1 check said it was a match. Hurrah!
Installation followed.

I then opened kleopatra in order to check the signature of my download of
truecrypt, only to find that I had to manually install the keys or root
signatures or whatever that I trusted. I could do this by contacting the CA
administrator of the website (presumably the website of the original
download?). Why would I trust him, if indeed I was actually talking to him
and not a hacker anyway? That's why (after reading up a bit on the net) I
got your program isn't it? Surely if I knew what information I could trust
and from where, I wouldn't have needed it? Quite a merry dance so far. 

Ah well, I then started to read the online help files for kleopatra and, if
I actually had much hair left, would have proceeded to pull it out. If I had
the kind of background knowledge to understand the help file, I could have
saved myself all of the above frustrations and simply written my own
encryption software in the first place! It would have been laughably simple
in comparison.

Now, my points are as follows. If I have concerns about the security of a
download from a particular website, why should I trust any signatures that I
receive from that site? They could be credible but fake. I do not consider
myself qualified to manually construct a list of what parts of the internet
are safe and which aren't- just like about 99% of the people on the
internet. Also, if you are going to have an online help guide, please write
it so that the user (layman) can understand it- otherwise, security is going
to remain in the hands of a select few 'techies' and thus completely fail to
do what it sets out to achieve, whether open source or otherwise. This is
particularly true given that, apparently, we cannot trust isp's, search
engines, operating systems (including Linux), social media, cellular
networks, the government (I look forward to submitting my tax returns in the
UK via my facebook account), or just about anyone to refrain from knowing
our every move and exploiting it. And that's just the good guys. The
internet today has throttled the freedom it sprung from and defended. It
must die! Roll on the next solar storm! Or EMP. Etc. Blah.