Hi Pierre!
Thanks for this valuable proposal. :) Just a quick comment frome someone who has experienced supporting Tor users.
Georg Koppen:
- How new tests should be added: A pull request? A form where
submissions are reviewed by admins? A link to the Tor tracker?
From a Tor perspective opening a ticket and posting the test there or ideally having a link to a test in the ticket that is fixing the fingerprinting vector seems like the preferred solution. I'd like to avoid the situation where tests get added to the system and we don't know about that dealing with users that are scared because of the new results. So, yes, some review should be involved here.
It would be great if you could also include ways to guide users in understanding the test results. From the top of my mind, it would be good if the application would have a way to know which Tor Browser version is being run. Then together with results, it would be good if users would get an answer to the following questions:
* Is this the expected result? * If not, is there any remediation available? At which cost? - This could be prompting users to upgrade to a new version. Ideally include support for known tools which bundle the Tor Browser, so the message could be “Upgrade to Tails 2.2” for Tails users. - Tell them to fiddle with the security slider, with a warning that they will loose some features. * If there's no immediate remediation available, can they do anything? - Is the issue known at all? Can we then assist them to report the problem in a meaningful manner? Or point them at the existing ticket—with a warning that it's going to be tech+english. - Should they take extra precaution? Link to some documentation. - Do we need to collect more data? Let's guide them how. - Maybe it's a good opportunity to ask them for some money so we can hire more browser developers?
I'm pretty sure the UX team could give input on good wordings and layout. And probably on the whole thing. :)
Have you consider any internationalization?
If not all of this can be implemented over the summer, just keeping it in mind in the design stage might help to add the required features later.