[tor-bugs] #7522 [BridgeDB]: Design a user interface for redeeming invite tokens
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Sep 8 04:24:58 UTC 2015
#7522: Design a user interface for redeeming invite tokens
-------------------------+-------------------------------------------------
Reporter: aagbsn | Owner: isis
Type: task | Status: new
Priority: normal | Milestone:
Component: | Version:
BridgeDB | Keywords: bridgedb-socdist, isisExB,
Resolution: | isis2016Q1, bridgedb-ui, tbb-usability
Actual Points: | Parent ID: #7520
Points: |
-------------------------+-------------------------------------------------
Changes (by isis):
* status: assigned => new
Old description:
> Should this interface be web based? Email based with gpg support? Both?
>
> Should a token be redeemed for an account, or be used each time to
> request a bridge?
>
> If a token is exchanged for an account, BridgeDB would need to store
> account credentials provided by a user. That might be more convenient for
> a user to remember, but might lead to problems such as:
>
> account names can be probed (i.e. does an account by a certain name
> already exist?)
> users might re-use nyms, potentially a liability.
>
> On the other hand, an account might be identified by an email address,
> which could be used to periodically send new bridges or invites. We want
> to add email subscription support to BridgeDB (#1610), and perhaps these
> features should overlap.
>
> Perhaps we could support both modes, where a valid token can be used to
> request bridges and add/remove email addresses. If a user chooses to add
> an email address, a suitable warning would be displayed to advise the
> user that the email address will be stored on the system.
New description:
Please see [https://trac.torproject.org/projects/tor/ticket/7522#comment:4
comment #4 on this ticket] for a better description of the scope of this
ticket. The following description is kept for historical purposes, and is
no longer relevant due to developments in the design of #7520. —isis
=== Original Description ===
Should this interface be web based? Email based with gpg support? Both?
Should a token be redeemed for an account, or be used each time to request
a bridge?
If a token is exchanged for an account, BridgeDB would need to store
account credentials provided by a user. That might be more convenient for
a user to remember, but might lead to problems such as:
account names can be probed (i.e. does an account by a certain name
already exist?)
users might re-use nyms, potentially a liability.
On the other hand, an account might be identified by an email address,
which could be used to periodically send new bridges or invites. We want
to add email subscription support to BridgeDB (#1610), and perhaps these
features should overlap.
Perhaps we could support both modes, where a valid token can be used to
request bridges and add/remove email addresses. If a user chooses to add
an email address, a suitable warning would be displayed to advise the user
that the email address will be stored on the system.
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7522#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list