intrigeri:
Hi,
when we've started confining Tor Browser with AppArmor in Tails, we introduced a usability regression: when downloading a file, we let the user choose between "Save as" and "Open with", while we know that "Open with" will always fail.
I see two main options:
- Add an option to Tor Browser to never propose opening a downloaded file with an external application.
This would of course be ideal. Personally I find the fact that it is the web server that decides the MIME type another reason for completely removing "Open with..." (perhaps in the "vanilla" (i.e. non-Tails) Tor Browser too?). I'm not sure if there's an attack vector there, but it just feels wrong, and creates an inconsistent UX. For instance, depending which Tails mirror is picked when trying to download the .iso or .sig, the download may have the "Open with..." option, or it may not.
FWIW, in our ticket about this [1] I investigated some add-ons that modify the download dialog. A cheap way to implement this may be to just always drop the MIME info so the "Save as"/"Cancel" dialog always is used.
- Display a custom pre-download dialog that makes users aware of the limitations ("the next dialog window lies ⇒ don't even try choosing 'Open with'")
This is a hack! :)
However, in the "vanilla" Tor Browser I think the current warning would be improved if it were moved from the separate dialog into the download dialog, e.g. the warning is shown underneath the "Open with..." radio button whenever it is selected.
Cheers!