[tor-bugs] #9387 [Tor Launcher]: Tor Launcher/Torbutton should provide a "Security Slider"
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Dec 18 07:46:27 UTC 2014
#9387: Tor Launcher/Torbutton should provide a "Security Slider"
-------------------------+-------------------------------------------------
Reporter: | Owner: gk
mikeperry | Status: new
Type: | Milestone:
enhancement | Version:
Priority: major | Keywords: TorBrowserTeam201410D, tbb-
Component: Tor | security, tbb-usability, tbb-linkability,
Launcher | tbb-3.0, extdev-interview, tbb-isec-report,
Resolution: | tbb-4.5-alpha
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Comment (by SpencerOne):
Hey y'all, here are some of my thoughts. I used my own terms here, made
up on the spot, but please make me use yours if mine complicate the
discussion.
After reading the ongoing discussion, here are my two Satoshi:
1. Splitting the JavaScript allowances between allowance setting positions
on the slider could be confusing for people. It requires explaining what
JavaScript is and what it does in detail, that is, presuming that
explaining the settings is necessary, and I think we are on the same page
in thinking that it is. Alternatively, we can not explain the settings in
detail, though that leaves people unclear as to what is actually
happening, e.g., some JS is disabled/all JS is disabled, doesn't explain
much.
2. However, whatever the number of allowance settings, and four seems to
be the path forward from here, the details [what the user sees] should be
written in human, not computer. Though maybe that could be toggled.
3. Regarding a 'Custom' allowance setting on the slider itself, that makes
things a bit confusing. The slider should be the foremost front-end
allowance settings option, inherently likening 'Custom' to 'Advanced', as
a deeper option.
4. I agree that the allowance settings interface during install should be
the allowance settings interface in Preferences, as an attempt to lessen
visual and mental fragmentation.
5. The tool tips for allowance setting positions are cool, but are hidden
for most people. The always-on text is better for full understanding of
options/decisions, but takes up space. The always-on text that is only
visible at each allowance setting position fits in the middle of these two
options but requires work, clicking and whatnot. Maybe, in addition to
this middle option, the other unselected allowance setting positions
appear on hover, or in place, of the always-on text.
After reviewing TB 4.5 Alpha 2 [Mac]:
1. Setting security preferences could be a prompt in the second dialog,
considering the first is the drag-to install dialog. I see benefit in not
forcing people to make such decisions right away, but people are using TB
for a reason, so maybe it can be expected.
2. 'Cookie Protections' seems like a preference. What is cookie
protection, IDK, so maybe this is an advanced setting.
3. 'Proxy Settings' could be second after 'Privacy and Security Settings',
however, 'Proxy Settings' seems like an advanced setting, maybe
simplifying the experience for many people.
4. 'Privacy Settings' and 'Security Level' could use some explaining. I
would like to think that I am securing my data with the security settings,
or, in other words, securing my privacy. Semantics could be important
here. Are we only securing our anonymity?
5. I am all for the vertical slider, given the difficulty of containing
varying lengths in allowance setting position labels. We could move
allowance setting position labels to the left of the slider with
descriptions to the right. If we're only showing the current/selected
allowance setting position description, this provides plenty of space for
a more detailed explanation.
Questions:
1. Is there a visual flow of the dialogs and what they contain, or is it
all in development text archives?
2. Is there an outlet for visuals, like wireframes?
3. Does there have to be a "tradeoff between features and security"? It is
a big bite to take, but, can alternatives be written as stand-ins to
replace the vulnerable features?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9387#comment:71>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list