[tbb-dev] Proposal for redesigning the security controls

Mark Smith mcs at pearlcrescent.com
Thu Feb 8 16:04:38 UTC 2018

On 2/7/18 4:23 PM, teor wrote:
> Let's make sure we include some torproject sites in this list:
> * Atlas (for relay operators, requires JS, and SVG for graphs)
> * Trac (for users reporting bugs, requires JS to reply to a comment)
> Personally, I run in High security mode, because I use Tor Browser
> to open links that people send me.
> But that means I have to use NoScript all the time on these TPO
> sites.
> Atlas and consensus-health graphs are the most common reason I
> accidentally end up in "medium" security mode on other sites.
> A visual indicator would really help me here.

I assume the reason you need to change the security slider from "Safest"
(aka high) to "Safer" (aka medium) is to allow SVGs? Otherwise, you
would just use the NoScript override to allow JS. But maybe there are
other reasons, which definitely argues for working through some user
stories as Arthur suggested.

Here are some additional thoughts that Kathy and I had after reading and
thinking about the proposal:

- Some aspects of this design involve creating new UI for functionality
that is handled under the covers by NoScript. We should think about how
we will accomplish that integration. For example, should we contribute
UI design assistance and patches to NoScript?

- There is some danger that redesigning things piecemeal that Tor
Browser adds to Firefox will cause us to end up with a final result that
is not as good as it could be. Specifically related to the security
controls proposal, we should take time now to think about how each
function that is currently in the Torbutton menu will be exposed. We may
only have three items left:
    New Identity
    Tor Network Settings
    Check for Tor Browser Update

- We should think about how to best expose the current security slider
level. If people change it often and then forget that they did so, we
should consider making it very obvious what the active setting is, e.g.,
change the color and/or add a background pattern to the entire toolbar.
We could also think about adding some kind of temporary mode for the
security slider so it returns to the user's default level. It might be
tricky to handle entering and leaving such a temporary setting though.

Mark Smith
Pearl Crescent

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20180208/64d60561/attachment.sig>

More information about the tbb-dev mailing list