Georg Koppen:
Matt Pagan:
Matt Pagan:
Ultimately, I wonder if relying on the system browser to display a component of the Tor Browser would violate the Proxy Obedience security requirement of the design document.
My security concerns may be misplaced here, though. What do developers think of Lunar's design? Is the warning message clear enough? If others think so, I'm ok with going this route.
Please, let's not rely on a non-Tor Browser for the reasons you pointed out. Even with the warning on the first page there is plenty room to shoot oneself in the foot.
Couldn't you split the tbb manual efforts a bit and having a real manual in the Tor Browser available (be it as pdf or in html) and treating the subset Lunar mentioned (whatever exactly that might be) differently? I.e. having additional help buttons in the Tor Launcher menus that are opening scrollable textboxes explaining things/offering help? The only use case that is not covered by this idea is a Tor Browser that got stuck even before Tor Launcher dialogs are showing up. Not sure how important it is to have this one covered with a manual we ship as well. IMO this should be covered by a different kind of support which is e.g. offered on the same page the user downloads the bundle from.
Small integrated help screens like the one Tor Launcher currently has for bridges don't give nice user experience. We can't link to a glossary or another page explaining the tradeoffs of each pluggable transport for example. I believe that's suboptimal.
Firefox online help is hosted on https://support.mozilla.org/. It appears they assume that if you can't connect… well you need to find a way to fix that first. Having the manual hosted like is great for developers as it gives more flexibility: you can fix problems, give new workarounds or update translations after releasing the packages.
Only having the manual accessible on a website would not be a good solution for the Tor Browser because we want to help users get online or circumvent censorship. I believe users should be able to learn which pluggable transports to choose and that they need to disable WebRoot Internet Security even when they got the Tor Browser through some friend's USB stick. They need to learn how they could use GetTor to get an updated version or reach out for support.
But I believe the manual should be accessible on a website for the reasons listed above (translations, updating known issues), search engines, and also because it will explain things like verification and installation.
This is where I have a hard time understanding the fear of using a system browser. How much difference does it make to access the manual through a search on Google or a click on an icon in a file browser?