Hi,
when we've started confining Tor Browser with AppArmor in Tails, we introduced a usability regression: when downloading a file, we let the user choose between "Save as" and "Open with", while we know that "Open with" will always fail.
Note that we currently set extensions.torbutton.launch_warning to false, because the text in that warning dialog is no good fit for Tails.
I see two main options:
1. Add an option to Tor Browser to never propose opening a downloaded file with an external application.
I suspect this is quite involved, and probably not worth the effort. But you know the codebase, and I don't, so I'm all ears :)
2. Display a custom pre-download dialog that makes users aware of the limitations ("the next dialog window lies ⇒ don't even try choosing 'Open with'")
E.g. set extensions.torbutton.launch_warning back to true, and patch the torbutton.popup.external.* strings to tell users that "Open with" won't work.
Can we do that ourselves without modifying Torbutton?
If not, could we add a pref (off by default) that uses alternate strings when turned on? I guess we can provide a patch, and have the strings go through our own tech writers / UX people, if you think it's acceptable.
3. Other ideas?
[JFTR this is about Tails ticket #9285.]
Cheers,
intrigeri:
Hi,
when we've started confining Tor Browser with AppArmor in Tails, we introduced a usability regression: when downloading a file, we let the user choose between "Save as" and "Open with", while we know that "Open with" will always fail.
I see two main options:
- Add an option to Tor Browser to never propose opening a downloaded file with an external application.
This would of course be ideal. Personally I find the fact that it is the web server that decides the MIME type another reason for completely removing "Open with..." (perhaps in the "vanilla" (i.e. non-Tails) Tor Browser too?). I'm not sure if there's an attack vector there, but it just feels wrong, and creates an inconsistent UX. For instance, depending which Tails mirror is picked when trying to download the .iso or .sig, the download may have the "Open with..." option, or it may not.
FWIW, in our ticket about this [1] I investigated some add-ons that modify the download dialog. A cheap way to implement this may be to just always drop the MIME info so the "Save as"/"Cancel" dialog always is used.
- Display a custom pre-download dialog that makes users aware of the limitations ("the next dialog window lies ⇒ don't even try choosing 'Open with'")
This is a hack! :)
However, in the "vanilla" Tor Browser I think the current warning would be improved if it were moved from the separate dialog into the download dialog, e.g. the warning is shown underneath the "Open with..." radio button whenever it is selected.
Cheers!
anonym:
intrigeri:
I see two main options:
- Add an option to Tor Browser to never propose opening a downloaded file with an external application.
This would of course be ideal. [...]
I had a look, and it turned out to be almost trivial to add a pref for this once I found the responsible code in this gigantic codebase. See the attached patch for a PoC! I suppose a ticket should be opened, but I guess we could first discuss here what we actually want to do since, well, the discussion started here. Or?
However, this patch would (AFAICT) do exactly what we want in Tails, so we'd be thrilled if you could apply it in time for the next Tor Browser release, even if we come up with some grander solution that will take longer time to implement. Then it can just be dropped.
Cheers!
anonym:
anonym:
intrigeri:
I see two main options:
- Add an option to Tor Browser to never propose opening a downloaded file with an external application.
This would of course be ideal. [...]
I had a look, and it turned out to be almost trivial to add a pref for this once I found the responsible code in this gigantic codebase. See the attached patch for a PoC! I suppose a ticket should be opened, but I guess we could first discuss here what we actually want to do since, well, the discussion started here. Or?
However, this patch would (AFAICT) do exactly what we want in Tails, so we'd be thrilled if you could apply it in time for the next Tor Browser release, even if we come up with some grander solution that will take longer time to implement. Then it can just be dropped.
Sounds good to me. Could you open a ticket on trac, mark it as needs_review and attach the patch?
Thanks,
Georg