[tbb-dev] Proposal for redesigning the security controls
David Fifield
david at bamsoftware.com
Thu Feb 1 22:18:27 UTC 2018
On Thu, Feb 01, 2018 at 08:27:00AM +0000, Georg Koppen wrote:
> I managed to come up with a proposal for redesigning the security
> controls (see below). As always feedback and discussion is very welcome.
During the 2015 UX sprint, one of the things we asked was for people to
explain what they thought every item in the toolbar was for. It's kind
of old now (Tor Browser 4.0), but anyway here are the parts of the
transcripts that had to do with the toolbar.
https://people.torproject.org/~dcf/uxsprint2015/#p1
Toolbar starts at 0:19:40.
OK. So now, you saw the onion one.
I want you to go through the toolbar, and you can explore them a little bit.
Explain to me what each of these things means to you, what you think they control.
Like from here to here?
Yeah.
Oh, OK. "Forbid Scripts Globally (advised)".
I have no idea.
"Forbid scripts".
Should I click, can I click on it?
Yeah, you can click on it. You can explore it.
OK. I'm going to click on it.
OK. Now I have a...
OK. So maybe to be super secure you are forbidding, like, automatic scripts to run.
I don't actually know what "scripts" means.
But, there's a little... What's that thing called?
I don't know what it's called either.
Circle with a cross through it, which means that's not happening.
OK. "Permanent 'Allow' commands in private windows".
I don't know what that means either.
"Options...".
OK, this looks like advanced things.
Oh, look, it's under "Advanced". [Laughter.]
OK, so there's like general stuff,
"Top-level sites by default".
I just have no idea what any of this means.
"Whitelist". OK, maybe like blacklist, but opposite?
But I don't know what that means.
"You can specify which web sites are allowed to execute scripts."
OK, so maybe scripts are something that web sites automatically do.
And you don't want them to.
OK, so you could put... Oh, I get it.
So these are the ones you would put in if you're like, OK, it's OK if these websites do whatever they want to do.
"Embeddings".
OK, these are just advanced ways of restricting untrusted sites, I believe.
Like, that's what it says.
"Appearance".
"Status bar label", "Contextual menu"...
OK.
Lots of appearance things.
I don't, I actually have no idea what most of these, I don't know really what this means at all.
"Notifications".
"Show messages about blocked scripts". OK, that makes sense.
"Place messages at the bottom".
I don't know what "XSS, question mark" means.
"Show message about blocked M-E-T-A redirections".
I don't know.
OK, "Advanced".
Other stuff I have no idea what it means. I'll just say...
OK. If you could, what, if you could summarize your understanding of everything that's behind that button, what would it be?
Advanced security settings.
OK.
Yeah. And then, should I go to this?
Yeah, do the next one. Yeah.
The onion... OK, so these also look like different settings.
First one says "New Identity" and I already clicked on that
so I sort of think I know what it means.
"Cookie Protections". I sort of know what that means, too.
I'll click on it to see what they then say.
Oh, I... OK. "Remove all but protected..."
"Protect New Cookies." "Do Not Protect New Cookies."
That confuses me, because... "Prot—"
Because I think I would want to... "Prot—" What?
Protect new cookies from what?
"Do Not Protect New Cook—". I don't know. I'm getting confused.
Like, OK.
"Do Not Protect New Cookies".
I don't know. OK. I'm going to click OK.
OK. "Preferences".
OK. So, if I want to use proxy settings,
and more security settings.
"Don't record browsing history or website..."
"Disable browser plugins...",
"Restrict third-party cookies...", OK.
"Change details that distinguish you from other Tor...", OK.
Do you know of any reason, from reading those options, why you would go to this screen?
Would you have a reason to?
Um, if you don't want your browser history to be...
"Don't record browser history..." Wait.
Now I'm also getting...
I was going to say, if you don't want your browser history to be recorded, but this says
"Don't record browser history". Oh, OK, yeah. So if you click it then...
"Don't record browser history".
Oh, OK, so then, oh I get it.
So yeah, you're in the private browsing mode.
So if you don't want, if you're researching Iran,
and you are searching a bunch of things, you don't want the government, or whoever,
to be skeptical of your purposes for researching Iran,
then you can just search through private browsing mode.
I don't really know about the other ones.
"Restrict third-party cookies", "Change details that distinguish you from other Tor Browser users"...
Oh, if you want to remain anonymous within your searching, I guess.
OK.
OK. So if you could summarize, what do you think that onion button is for, in general?
Oh, the onion as a whole. Like, maintaining anonym—, anon— [Laughter.]
Yeah, anony—
Anonymity.
That word! Yeah, wow. Oh my gosh.
Yeah, and like the settings of your Tor Browser, I guess.
OK.
And the rest of the things in the top here, what,
some of them may be more familiar, but what do you, what does each of them do?
I would think that you can like type in a web address here.
OK.
And refresh, "Reload current page",
and then search for something with this little magnifying glass,
or the Startpage. Or, search, I guess, using the Startpage.
And the, one more here, do you know what this one does?
I don't know.
Oh, OK. Yeah.
"Print", "Save", "New Window", "Bookmarks", "History", "Find",
"Developer", "Add-ons", "Preferences", "Downloads"...
Yeah.
Like all the general...
Sure, right right.
https://people.torproject.org/~dcf/uxsprint2015/#p2
Toolbar starts at 0:12:50
All right, so now the top of the window here. I want you to find all these little icons and explain what you think each one of them means.
Okay, okay. I'm going to start with the first one.
Okay, you can go ahead and explore them if you need to.
Okay. "Forbid Scripts Globally (advised)". I am not sure what it means.
Mmhmm.
I click, nothing happens.
And uh, oh, here's the, under the onion
I think it is all settings and information about the Tor webpage. Uh.
I will click on "Preference".
"Use the recommended proxy settings for my version of Firefox".
I am on Firefox? I thought I am on Safar— Wait. what?
Okay, so if that's surprising, just...
Okay. So it says "Use the recommended proxy settings for my version of Firefox".
So, I guess when I click "New Identity" it opens Firefox?
No. Wait—Sorry, I am a little bit confused now. [Laughter.]
That's fine. I can explain some things afterward. But just now, just explain that you are confused.
Okay, I am confused now.
The "Proxy Settings", so I am going to the security settings.
Oh, it says "Don't record browsing history or website data".
"Disable browser plugins, (such as Flash)".
"Restrict third-party cookies and other tracking"... Okay, good to know.
Um, and on the right of the onion tab it's the search engine.
And so what is this? Okay.
So it's the default webpage set on the browser.
How about the bar here? Oh, okay.
Here is the history, "Save Page", "Bookmarks", like normal web browser has.
Okay. Uh, "Sign in to Sync". Oh, okay.
So I can use this on one laptop and I will see my history and bookmarks on the other.
Mmhmm.
Okay, good to know. Um. Is it?
Great. That's it. Great, fantastic.
https://people.torproject.org/~dcf/uxsprint2015/#p3
Toolbar starts at 0:27:26
"Explain your best understanding of all the items in the toolbar."
And by "the toolbar", we mean this. Not all of this. That would be atrocious. Just...
This.
Yeah. And you can say as much or as little as you want to. Like "I would never use this" or just like "I don't care" or like "What do you do there", something like that.
So, I tried before to type in in that small, in that search engine directly what I'm looking for, which is what Google does, but here it doesn't work, so I guess
unless I type in a direct web site, I would only use it for that.
And then I'm guessing that this Startpage is kind of the same thing as what's inside the page,
which is, you type in what you're looking for.
Would I use it? I guess so.
I don't know, maybe I'd rather use the big one because it's bigger, so it's easier to click on it.
But I don't even know if that's what it does. I'd have to check.
And type in "onion" and see if that's what I'm getting.
Yeah. So yeah.
I think I would use the big one, just because this is small.
I think, same thing happened to me with Safari, is that, I find it really small, all the icons and everything
so that it's harder to click on or navigate.
Then there's a little plus here to open a new file.
I tend to use Command-T for new tab instead of the little plus.
Same reason, just because, it's less, you need to be less precise to just type Command-T
rather than look with your mouse for the small plus.
Then there's that onion.
So yeah, none of those two things on the left I would take a look at.
OK. That's fair.
I'm also a little confused as to...
I guess "Sp" means "Startpage" but I don't know if I'm on Tor Browser,
or what is Startpage, I don't know what that is,
I guess it's, I don't really know. But yeah.
So if I take a look at the onion, I guess it's about preferences and network settings,
"New Identity". So that's cool.
I think if it's in the toolbar up above, it's good enough.
But, I don't know.
And this is about... "Forbid scripts globally". "Permanent 'Allow' commands".
So I don't know what that means.
But I guess may it could be an ad block or something like that. If I'm guessing.
All right. Do you have anything else to say?
Um...
Oh no, this isn't like a trick question. Like, I'm supposed to let you talk as much as you want to talk and not cut you off,
but I don't necessarily want to you like talk more if you're done talking.
Just, I guess, generally, because when you're used to one specific browser, it's kind of hard to switch.
Also, I feel like I've seen just like Startpage, other things, pages like this,
where it's blue here,
and then it's just a list of things. It's kind of small,
it's not really easy. Kind of like Craigslist or Yahoo.com.
Yeah, Craigslist, it looks so bad.
It's kind of, it's kind of hard to navigate when it's small.
All right.
https://people.torproject.org/~dcf/uxsprint2015/#p4
Toolbar starts at 0:31:01
Good, and so finally, just go along the toolbar and give a summary of what you think each UI element does, in the top part of the browser here.
Okay, so this is the good old NoScript, and it is set to block all JavaScript right now. Which is cool.
It appears to be just like the NoScript I run in my browser, so no surprises there.
Now that I finally recognize the little green onion, I see that's the Tor menu and that tells me,
or that gives me control over the Tor module itself.
I can tear down circuits, I can tell what I want it to do with cookies,
configure all the other details.
I didn't click on the "About", but I guess that tells me what version I am running if I have to file a bug report.
It also lets me change the network settings.
I've got the usual sort of tabbed browsing experience and I can click the little plus to open up all kinds of new tabs.
I've got the usual sort of omnibox where I can either type in any URL that I want to browse to or I can type in a search string.
And if I type in "search string", it sends me to startpage.com which seems to be the browser's default search provider,
as is shown in the little search tool,
and I have a selection of other search engines I could use...
Startpage is the default for some reason, there is also DuckDuckGo, Google, Amazon, Bing,
I guess they get progressively worse as you go down the list.
[Laughter.]
And then the typical Firefox settings menu.
I didn't play with HTTPS Everywhere. But it seems to be set up to force HTTPS wherever possible.
Great, that is the end!
https://people.torproject.org/~dcf/uxsprint2015/#p5
Toolbar starts at 0:18:17
Okay. Alright, so the last one, just go through the toolbar at the top part here, and explain what you think each part of it means.
Okay. This... oh.
So I haven't really messed with this before.
But I'm... "Forbid Scripts Globally".
I mean, I am guessing that this is just another like layer of protection for, like, not revealing your IP address?
But there might be some situations where you'd have to like allow, to like make something work on certain pages.
But I don't know.
I'd probably just leave that on its default settings.
Which I guess...
It's saying, the one that is advised isn't the default?
Which is a bit confusing.
And now, I am on the one that is advised.
And the one that it was defaulted on, it is telling me is dangerous!
Which... I don't know... that's kind of weird to me. [Laughter.]
But. Okay. I think I don't understand enough.
I mean, I am guessing, is this maybe, like my thought process, are these scripts,
does that mean like, allowing webpages to run scripts like on your computer, or something?
I don't really understand that.
But this whole "dangerous"/"recommended" thing and the dangerous one is the one that defaults is weird to me.
Okay.
This I know is New Identity.
But then I have toyed around before with like preferences and looking around and usually it's out of my understanding.
Yeah. So I will just close that.
I get the back button.
The search bar is intuitive, I mean, it just looks like Firefox.
Um, this is familiar. I can choose which search engine I want.
And then this is also familiar.
And I see HTTPS Always is running, so that's cool.
Alright, great.
More information about the tbb-dev
mailing list