[tbb-dev] Search Usability Regression in v10

Matthew Finkel sysrqb at torproject.org
Wed Nov 18 21:20:40 UTC 2020 

On Wed, Nov 18, 2020 at 03:59:15PM -0500, Peter Story wrote:
> I reported this usability problem on the tor-talk list but received no replies, so I thought I’d try here. For some context, I’m a researcher at Carnegie Mellon University, and I’m considering running a user-study involving Tor Browser in the coming months. I think this usability problem might negatively impact users (in my study, and at large), so I thought I should bring it to your attention. 
> 

Hi Peter,

Thanks for sending this mail and following up. I apologize for the lack
of response, we're all overloaded.

This is a known usability issue. It arises from the fact that Tor
Browser sends the initial search query via a POST request. The breakage
occurs because the "Back" action triggers a GET request for the previous
site and it does not re-play the original POST request. I assume the
reasoning for this is that POST requests are not assumed to be
idempotent, whereas GET requests are. I'm not sure how best we can solve
this except switching to using GET, however this places all queries into
the URL bar and then they become vulnerabilbe to shoulder-surfing as
such. That probably a necessary trade-off, though.

> 
> > I’m seeing a small but annoying usability problem in v10 of Tor Browser (tested with 10.0.2 on a Mac). Replication:
> > 
> > Open a new window
> > Search using either the URL bar or the “Search with DDG” field. On the page with search results, note that the page’s URL doesn’t contain the search query in the URL parameters.
> > Click on a link in the search results
> > Click the back button
> > Actual behavior: you are returned to a blank search page
> > Expected behavior: you are returned to your search results
> > 
> > I don’t see this problem in the latest version of Firefox, 82.0.3, and I don’t remember seeing this problem before Tor Browser v10. Also, I do not see this problem for searches conducted with Google in Tor Browser. 
> > 
> > I’m wondering whether this was an intentional change, or something that should be fixed. Hopefully it's an easy fix: if the search is conducted using URL parameters, then the back button should work as expected. 
> 
> Sincerely,
> -Peter Story
> PhD Student
> 

> _______________________________________________
> tbb-dev mailing list
> tbb-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev

More information about the tbb-dev mailing list