[tbb-bugs] #28015 [Applications/Tor Browser]: Brainstorm improved ux for orgs that want to give bridges to their people

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Oct 12 14:56:41 UTC 2018


#28015: Brainstorm improved ux for orgs that want to give bridges to their people
--------------------------------------+--------------------------
 Reporter:  arma                      |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  ux-team, sponsor19        |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by tom):

 Your ideas were the first that came to my mind. I wracked my brain for a
 little bit trying to come up with additional ones.

 Ideas of varying quality:

 Instead of 'via email, and then manually clicking a bunch of things in Tor
 Browser and pasting the bridges into the right place' - make this a
 supported flow where on copy/pastes a big blob of base64 and Tor Browser
 decodes and parses it and does all the right things.

 Orgs distribute a symmetric key that decrypts an encrypted blob baked into
 the browser. This contains some or all of: a passphrase used to get secret
 bridges from our moat, the location of their moat, or even new default
 bridges. (This could be used by Tor Projects direct user support to test
 connection failures also, by having a few of our own secret bridges)

 Org distributes an 'add-on pack' (but not a browser add-on in that sense,
 just the generic definition of 'supplemental') that one installs on top of
 tor browser that contains *something*. A new moat url, new default
 bridges, etc.  The 'add-on pack' might be as simple as a specially named
 json file Tor Browser looks for in its startup process.  You could even
 encrypt it by default with a passphrase Tor browser prompts you for on
 startup if you really wanted to?

 Orgs could distribute a true browser add-on one installs over Tor Browser
 that alter's Tor Browser's behavior in the same sense of a Mozilla Partner
 Repack (as we call them): it could supply bridge info, but also theme the
 browser, add a default homepage, bookmarks, even add-ons. (Or maybe not
 add-ons :) )  I think Psiphon did this as a funding mechanism also.



 Tangential: a 'secret passphrase with a public moat URL' approach could
 also have two other authentication mechanisms besides a high-entropy
 passphrase: a TOTP based token o a WebAuth/FIDO USB Key.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28015#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list