[tbb-dev] Current thoughts on tb-manual presentation

Lunar lunar at torproject.org
Fri May 30 09:15:32 UTC 2014

Georg Koppen:
> Matt Pagan:
> > Matt Pagan:
> >> Ultimately, I wonder if relying on the system browser to display a
> >> component of the Tor Browser would violate the Proxy Obedience security
> >> requirement of the design document.
> >>
> > 
> > My security concerns may be misplaced here, though. What do developers
> > think of Lunar's design? Is the warning message clear enough? If others
> > think so, I'm ok with going this route.
> Please, let's not rely on a non-Tor Browser for the reasons you pointed
> out. Even with the warning on the first page there is plenty room to
> shoot oneself in the foot.
> Couldn't you split the tbb manual efforts a bit and having a real manual
> in the Tor Browser available (be it as pdf or in html) and treating the
> subset Lunar mentioned (whatever exactly that might be) differently?
> I.e. having additional help buttons in the Tor Launcher menus that are
> opening scrollable textboxes explaining things/offering help? The only
> use case that is not covered by this idea is a Tor Browser that got
> stuck even before Tor Launcher dialogs are showing up.
> Not sure how important it is to have this one covered with a manual we
> ship as well. IMO this should be covered by a different kind of support
> which is e.g. offered on the same page the user downloads the bundle from.

Small integrated help screens like the one Tor Launcher currently has
for bridges don't give nice user experience. We can't link to a glossary
or another page explaining the tradeoffs of each pluggable transport for
example. I believe that's suboptimal.

Firefox online help is hosted on <https://support.mozilla.org/>. It
appears they assume that if you can't connect… well you need to find
a way to fix that first. Having the manual hosted like is great for
developers as it gives more flexibility: you can fix problems, give new
workarounds or update translations after releasing the packages.

Only having the manual accessible on a website would not be a good
solution for the Tor Browser because we want to help users get online or
circumvent censorship. I believe users should be able to learn which
pluggable transports to choose and that they need to disable WebRoot
Internet Security even when they got the Tor Browser through some
friend's USB stick. They need to learn how they could use GetTor to get
an updated version or reach out for support.

But I believe the manual should be accessible on a website for the
reasons listed above (translations, updating known issues), search
engines, and also because it will explain things like verification and

This is where I have a hard time understanding the fear of using a
system browser. How much difference does it make to access the manual
through a search on Google or a click on an icon in a file browser?

Lunar                                             <lunar at torproject.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20140530/7afa7443/attachment.sig>

More information about the tbb-dev mailing list