[tbb-bugs] #25633 [Applications/Tor Browser]: Ctrl-D makes it too easy to create bookmarks accidentally

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Mar 27 06:10:22 UTC 2018 

#25633: Ctrl-D makes it too easy to create bookmarks accidentally
------------------------------------------+---------------------------
     Reporter:  cypherpunks               |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:  tbb-disk-leak
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+---------------------------
 It used to be the case that pressing Ctrl-D would pop up a dialog box
 prompting you to create a bookmark (or cancel.)

 A few releases ago, Firefox changed this behavior.  Now, Ctrl-D creates a
 bookmark, then pops up a dialog prompting you to edit the bookmark (or
 delete it.)

 This is a subtle distinction, but potentially an important one, for two
 reasons.

 '''1. Pressing Escape after Ctrl-D doesn't undo the bookmarking operation
 as you might expect.'''  It's very easy to press Ctrl-D by mistake when
 you mean to press, say, Ctrl-F.  If you've just pressed a key you didn't
 intend to press, without knowing what it does, and an unexpected dialog
 appears in your peripheral vision, it's natural to react by pressing
 Escape ("oops, didn't mean that.")  And if you do that, and the dialog
 disappears in response, it's quite natural to assume that you successfully
 cancelled whatever action it was that you inadvertently initiated.

 '''2. Pressing Ctrl-D immediately saves the current URL to disk'''
 (namely, in places.sqlite), without any further confirmation.  Even if you
 are paying attention, a simple slip of the finger can potentially create a
 persistent record of your browsing activity.  (Even if you delete the
 bookmark immediately, it won't be purged from places.sqlite right away.)

 This UI change was a bad idea, but in "normal" Firefox usage, it's usually
 only a minor annoyance - I end up with a bunch of random accidental
 bookmarks at the bottom of the menu that I need to clean out every couple
 of months.  But in the Tor Browser context, it's potentially quite
 dangerous, as it violates the disk avoidance principle.

 Saving bookmarks without the user's consent may or may not have any
 practical impact in most cases.  But it can have a major impact on users'
 confidence in the browser.  For that reason, Tor Browser can and should do
 better.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25633>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list