Security by obscurity ain't security, though. If they weren't opaque, at least we as a society would be better equipped to keep up with the algorithmic exploitation arms race.
I think, unfortunately, that is naive. While security through obscurity ain't security, there is something to be said for obfuscation of a system that people are trying to game.
That's the point, though: if a system is so fragile that anyone with knowledge of its inner workings can game it or otherwise exploit it, then it is not and was never secure (nor can it ever be while it continues to be opaque).
I say this enough to be a broken record, but transparency is a dependency of trust.
Well yeah, obviously, given that it ain't transparent.
> You are effectively saying poker would be better if everyone's cards were face up.
You are effectively saying that an ideal system is one that we'd have to treat like a poker game.
Even assuming the premise here holds true (that a transparent system will be more easily gamed by more people), that'd ultimately be better than the opaque case. The more people who are able to game a system, the less one individual can effectively game it for one's own individual benefit at the expense of everyone else in that system.
I thought of a better way to express this that might make sense to you.
In security, total transparency isn't effective. You want as much transparency as possible, but you need secrets for the system to work (usually passwords/certs/passphrases).
Now, there isn't a password/certs/passphrase in this context, so the secrecy is instead in the model.
