[tbb-dev] Proposal for redesigning the security controls

teor teor2345 at gmail.com
Wed Feb 7 21:23:54 UTC 2018

> On 8 Feb 2018, at 04:56, Arthur D. Edelstein <arthuredelstein at gmail.com> wrote:
> Maybe we could make progress by considering a set of
> thought-experiment user stories (or even, user studies) visiting
> particular websites and describing what the decision making process
> should be. For example, if I visit YouTube (which has scripts, video
> and audio) under High Security or under Medium Security, what should
> my decision making process be? How many decisions/clicks should be
> required to get the website working, and at what stage do I decide to
> give up for security reasons? What security/privacy mistakes could I
> make and how can Tor Browser prevent those mistakes? Other important
> sites might be online games, social media, Google documents, etc.

Let's make sure we include some torproject sites in this list:
* Atlas (for relay operators, requires JS, and SVG for graphs)
* Trac (for users reporting bugs, requires JS to reply to a comment)

Personally, I run in High security mode, because I use Tor Browser to
open links that people send me.

But that means I have to use NoScript all the time on these TPO sites.

Atlas and consensus-health graphs are the most common reason I
accidentally end up in "medium" security mode on other sites.

A visual indicator would really help me here.


Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20180208/cda90e7f/attachment.sig>

More information about the tbb-dev mailing list