Hi Lunar,
Thanks for the valuable feedback! It would be great to have the features that you cite into the website. For the first version, my point of view is to mainly focus on the added value for developers which is to add/remove tests easily and get the relevant data as easily as possible for them. With that, they can make decisions on what to do next inside the Tor browser. For subsequent versions, focusing on users could be really interesting if the rest proves to be solid and stable.
What you described in your answer would be a more advanced version of the "How far are you from an acceptable fingerprint?" feature that I plan to integrate from the get-go. If the website detects that the user has not a recommended configuration, it could give different links with information and steps on how to fix that so that a non-tech person can understand what they will do and what they will modify. Suggestions to play with the security slider could be a great addition. I'll be honest, I don't know how much of what you propose could be done before summer's end. My timeline is a little bit rough but even if it is not done by then, I can still add it after the GSoC period ends.
For the internationalization, the framework that I plan to use (either Play or Django) supports it through templating. This means that anyone can contribute to the translation without writing a line of HTML. The main file will be in English and I'll probably do the one in French at the same time. One contributor who wants to help will just have to take the English file and translate each line without having to find scattered hardcoded strings through different HTML files.
Pierre
On 03/22/2016 11:21 AM, Lunar wrote:
Hi Pierre!
Thanks for this valuable proposal. :) Just a quick comment frome someone who has experienced supporting Tor users.
Georg Koppen:
- How new tests should be added: A pull request? A form where
submissions are reviewed by admins? A link to the Tor tracker?
From a Tor perspective opening a ticket and posting the test there or ideally having a link to a test in the ticket that is fixing the fingerprinting vector seems like the preferred solution. I'd like to avoid the situation where tests get added to the system and we don't know about that dealing with users that are scared because of the new results. So, yes, some review should be involved here.
It would be great if you could also include ways to guide users in understanding the test results. From the top of my mind, it would be good if the application would have a way to know which Tor Browser version is being run. Then together with results, it would be good if users would get an answer to the following questions:
- Is this the expected result?
- If not, is there any remediation available? At which cost?
- This could be prompting users to upgrade to a new version. Ideally include support for known tools which bundle the Tor Browser, so the message could be “Upgrade to Tails 2.2” for Tails users.
- Tell them to fiddle with the security slider, with a warning that they will loose some features.
- If there's no immediate remediation available, can they do anything?
- Is the issue known at all? Can we then assist them to report the problem in a meaningful manner? Or point them at the existing ticket—with a warning that it's going to be tech+english.
- Should they take extra precaution? Link to some documentation.
- Do we need to collect more data? Let's guide them how.
- Maybe it's a good opportunity to ask them for some money so we can hire more browser developers?
I'm pretty sure the UX team could give input on good wordings and layout. And probably on the whole thing. :)
Have you consider any internationalization?
If not all of this can be implemented over the summer, just keeping it in mind in the design stage might help to add the required features later.
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev