[tor-bugs] #2132 [Vidalia]: Vidalia's password prompt is often unhelpful; generates support requests

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed Mar 16 23:26:30 UTC 2011 

#2132: Vidalia's password prompt is often unhelpful; generates support requests
-------------------------+--------------------------------------------------
 Reporter:  nickm        |          Owner:  chiiph
     Type:  enhancement  |         Status:  new   
 Priority:  normal       |      Milestone:        
Component:  Vidalia      |        Version:        
 Keywords:               |         Parent:        
   Points:               |   Actualpoints:        
-------------------------+--------------------------------------------------

Comment(by chiiph):

 Replying to [comment:2 nickm]:
 > I disagree strongly with that.
 >
 > There are other ways to authenticate Vidalia to Tor that ought to work
 just fine:
 >
 >   * There's the cookie authentication method if Vidalia can see Tor's
 data directory, or if Tor can be told to store the cookie somewhere with
 appropriate protections.

 I wouldn't trust Windows's filesystem for this.

 >   * Vidalia could remember (locally) the last password it used when
 setting up tor.

 It's the same as with the cookie auth, how do you save the password?
 I think this is worst than (or at least as bad) a user setting a weak
 password

 >   * On Unix, the control port can be a unix domain socket rather than a
 TCP port on localhost.

 Yes, ControlSocket capabilities are in the changelog for the next release
 :)

 >
 > Also, Vidalia could give a useful error message when it fails to
 connect, and offer the user the option to automatically take one of the
 actions suggested at https://www.torproject.org/docs/faq#VidaliaPassword .

 We could add this to the help content to easy/fast access, may be
 displaying a short message and a link to the help content.

 >
 > Any of these appraoches is IMO better than forcing the user to set their
 own password.  Most people, left to their own devices, choose bad
 passwords and forget them.

 Yes, well, if they want to be anonymous they need to be aware of certain
 things, it's something you can't avoid. It's like users that setup
 Internet Explorer to run with Tor, they've been told it's a no-go, but
 they do it anyway.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2132#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list