[tor-bugs] #9387 [Tor Launcher]: Tor Launcher/Torbutton should provide a "Security Slider"

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Dec 16 01:40:21 UTC 2014 

#9387: Tor Launcher/Torbutton should provide a "Security Slider"
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  gk
  mikeperry              |     Status:  new
         Type:           |  Milestone:
  enhancement            |    Version:
     Priority:  major    |   Keywords:  TorBrowserTeam201410D, tbb-
    Component:  Tor      |  security, tbb-usability, tbb-linkability,
  Launcher               |  tbb-3.0, extdev-interview, tbb-isec-report,
   Resolution:           |  tbb-4.5-alpha
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------------

Comment (by mikeperry):

 While testing 4.5-alpha-2 in various security levels, I noticed a few
 issues:

 1. The Medium-High security level causes "Custom settings" to get checked
 if you do "New Identity" and have disk records disabled (ie the default
 TBB). It doesn't seem to do this if you allow disk records (which may be
 why you missed this bug).
 2. Unchecking "Custom settings" doesn't seem to take effect until "New
 Identity", especially if you change NoScript state manually.
 3. The Medium-High security level seems to fail to disable javascript for
 HTTP sites (it should set set noscript.global to false and rely on
 noscript.globalHttpsWhiteList).
 4. We probably should move our new JIT defaults into the TBB repo.
 5. NoScript 2.6.9.8rc1 was just released which fixes the need for the
 https: whitelist injection. We should remove this injection as soon as we
 switch to this NoScript.

 I also have the following UI/UX comments:
 1. We should hint somewhere that this is a tradeoff between features and
 security. Perhaps changing "Security Level" to "Security Level (Disables
 high-risk web features to improve security)" or similar?
 1. Alternatively, or in addition, we could have the levels also include
 "(Most Usable)" down to "(Least Usable)", or perhaps "(Full Features)"
 down to "(Least Features)"
 1. I think the slider should be horizontal. It's taking up a lot of window
 real estate in a way that only makes sense if we have huge volumes of text
 describing the positions. I think tooltips will suffice instead of a side-
 bar, which means we can make this more compact.
 1. If it were horizontal, we can maybe also include it in one of the Tor
 Launcher windows without overload.
 1. If we stay with a vertical slider, why is "High" on the bottom? This
 ordering only makes sense if we also say "(Most Usable)" or "(Most
 Features)" I think.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9387#comment:70>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list