[tbb-dev] Proposal for redesigning the security controls

teor teor2345 at gmail.com
Thu Feb 8 23:36:42 UTC 2018


On 9 Feb 2018, at 03:04, Mark Smith <mcs at pearlcrescent.com> wrote:

>> On 2/7/18 4:23 PM, teor wrote:
>> Let's make sure we include some torproject sites in this list:
>> * Atlas (for relay operators, requires JS, and SVG for graphs)
>> * Trac (for users reporting bugs, requires JS to reply to a comment)
>> 
>> Personally, I run in High security mode, because I use Tor Browser
>> to open links that people send me.
>> 
>> But that means I have to use NoScript all the time on these TPO
>> sites.
>> 
>> Atlas and consensus-health graphs are the most common reason I
>> accidentally end up in "medium" security mode on other sites.
>> 
>> A visual indicator would really help me here.
> 
> I assume the reason you need to change the security slider from "Safest"
> (aka high) to "Safer" (aka medium) is to allow SVGs?

Yes, consensus health and atlas need SVG for graphs.

> Otherwise, you
> would just use the NoScript override to allow JS.

I use NoScript now.
But after the proposal is implemented, I am not sure how I will allow
JS for some sites.

> But maybe there are
> other reasons, which definitely argues for working through some user
> stories as Arthur suggested.

Not that I can recall. But the slider makes it hard to identify fine-grained
features needed by each website.

T



More information about the tbb-dev mailing list