Claude for Chrome

My theory is that the average user of an LLM is close enough to the average user of a computer and I've found that the general consensus is that security practices are "annoying" and "get in the way". The same kind of user who hates anything MFA and writes their password on a sticky note that they stick to their monitor in the office.

it has been revelatory to me to realize that this is how most people want to interact with computers.

i want a computer to be predictable and repeatable. sometimes, i experience behavior that is surprising. usually this is an indication that my mental model does not match the computer model. in these cases, i investigate and update my mental model to match the computer.

most people are not willing to adjust their mental model. they want the machine to understand what they mean, and they're willing to risk some degree of lossy mis-communication which also corrupts repeatability.

maybe i'm naive but it wasn't until recently that i realized predictable determinism isn't actually something that people universally want from their personal computers.

I think most people don't want to interact with computers and people will use anything that reduces the amount of time spent and will be be embraced en-mass regardless of security or privacy issues.

I think most people want computers to be predictable and repeatable _at a level that makes sense to them_. That's going to look different for non-programmers.

Having worked helping "average" users, my perception is that there is often no mental model at any level, let alone anywhere close to what HN folks have. Developing that model is something that most people just don't do in the first place. I think this is mostly because they have never really had the opportunity to and are more interested in getting things done quickly.

When I explain things like MFA in terms of why they are valuable, most folks I've helped see usefulness there and are willing to learn. The user experience is not close to universally seamless however which is a big hangup.

I think you're right, but I think the mental model of the average computer user does not assume that the computer is predictable and repeatable. Most conventional software will behave in the same way, every time, if you perform the same operations, but I think the average user views computers as black boxes that are fundamentally unpredictable. Complex tasks will have a learning curve, and there may be multiple paths that arrive at the same end result; these paths can also be changed at the will of the person who made the software, which is probably something the average user is used to in our days of auto-updating app stores, OS upgrades, and cloud services. The computer is still deterministic, but it doesn't feel that way when the interface is constantly shifting and all of the "complicated" bits that expose what the software is actually doing are obfuscated or removed (for user convenience, of course).

> the general consensus is that security practices are "annoying" and "get in the way".

Because they usually are and they do.

> The same kind of user who hates anything MFA and writes their password on a sticky note that they stick to their monitor in the office.

This kind of user has a better feel for threat landscape than most armchair infosec specialists.

People go around security measures not out of some ill will or stupidity, but because those measures do not recognize the reality of the situation and tasks at hand.

With keeping passwords in the open or sharing them, this is common because most computer systems don't support delegation of authority - in fact, the very idea that I might want someone to do something in my name, is alien to many security people, and generally not supported explicitly, except for few cases around cloud computing. But delegation of authority is very common thing done by everyday people on many occasions. In real life, it's simple and natural to do. In digital world? Giving someone else your password is the only direct way to do this.