[tbb-bugs] #25658 [Applications/Tor Browser]: Activity 2.1: Improve user understanding and user control by clarifying Tor Browser's security features

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Apr 20 17:15:57 UTC 2018 

#25658: Activity 2.1: Improve user understanding and user control by clarifying Tor
Browser's security features
-------------------------------------------+---------------------------
 Reporter:  isabela                        |          Owner:  antonela
     Type:  project                        |         Status:  assigned
 Priority:  High                           |      Milestone:
Component:  Applications/Tor Browser       |        Version:
 Severity:  Normal                         |     Resolution:
 Keywords:  ux-team, TorBrowserTeam201804  |  Actual Points:
Parent ID:                                 |         Points:
 Reviewer:                                 |        Sponsor:  Sponsor17
-------------------------------------------+---------------------------

Comment (by cypherpunks):

 Replying to [comment:18 tom]:
 > I think one of the pain points we have with Tor Browser is the lack of
 persistent storage. We are so deathly scared of storing anything to disk
 that we can't save user's per-site exceptions to things. Perhaps we should
 reconsider this (opt-in of course.) I'd be curious to brainstorm if we
 could divine a storage mechanism we actually felt some measure of
 confident in. For example: What if we used something like Argon2 combined
 with a TPM-backed value? This is bypassable, but it requires on-machine
 brute forcing. If we developed something akin to 'Firefox Accounts', we
 could enable users the ability to store data on a Hidden Service and
 revoke authorization to it. These ideas are very 'out there'.
 Or just allow to assign different security slider setting to different
 temporary containers (each different container has a new identity, so to
 speak)? If the Project Fission thing gets going then there's a different
 process for different container and that would solve a lot of security
 problems and the UX with containers wouldn't require much work or
 difficulty to setup.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25658#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list