Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I wouldn't understand that. Is it getting a manufacturer address to block some devices? Does it use a key to encrypt something? Which "security device? /dev/urandom?

I see that non-technical users can be confused by too much information, but when you omit this even knowledgeable users can't make an informed decision.



You would because there'll be context:

1- You'd be in a page where you'll be enrolling your YubiKey or WebAuthn device. You'll be having your key at hand, or recently plugged in.

2- Your device's LED would be flashing, and you'll be pressing to the button on your device.

3- The warning will pop-up at that moment, asking that question to you. This means the website probably querying for something like the serial number of your key, which increases the security, but reduces your privacy.

With the context at hand, you'd understand that instantly, because the place you are and the thing you're doing perfectly completes the picture, and you're in control of every step during the procedure.


> probably querying for ...

Exactly. You need to infer that, it isn't stated directly.

Same like you need to guess, that "Unable to connect" means connection refused, while "We can’t connect to the server at a" means the DNS request failed. Or does it mean no route to host? Network is unreachable?

I would argue, that (sometimes) the user would be fine to distinguish whether he wants to approve something, but can't because both dialogs state the same wishy-washy message. Even non-technical users (might) eventually learn the proper terms, but they can't if they only get shown meaningless statements.


> Exactly. You need to infer that, it isn't stated directly.

I don't care. The site is doing something unusual. It's evident, it's enough to take a second look and think about it.

> Same like you need to guess, that "Unable to connect" means...

Again, as a layman, I don't care. As a sysadmin, I don't worry, because I can look into in three seconds flat. Also, Unable to Connect comes with its reasons in parantheses all the time.

We should think in simple terms.


> I don't care. The site is doing something unusual. It's evident, it's enough to take a second look and think about it.

Is it enough to do an informed decision?

> Again, as a layman, I don't care.

You do care, whether you mistyped or the network is down. I agree that you probably don't care to distinguish between "network unreachable" and "no route to host" though.

> As a sysadmin

True, but that information was already there and was thrown away.


> Is it enough to do an informed decision?

With my layman hat, yes it is. I'll think about a trade-off between site's importance in my life, trustworthiness of the body behind the site, and my privacy.

> You do care, whether you mistyped or the network is down.

No I don't. Because it's easy to check for a typo, and then it's easy enough to investigate like layman. e.g.: Try going to Google, check for your (wireless) connection from your taskbar, every OS shows a "!" when internet is unreachable, and so on...

> but that information was already there and was thrown away.

Sometimes starting with a truncated but accurate info allows a way faster start. Precision and accuracy are different things, and accuracy is more important than precision.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: