[tor-bugs] #23247 [Applications/Tor Browser]: Communicating security expectations for .onion: what to say about different padlock states for .onion services

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jan 30 21:30:45 UTC 2018 

#23247: Communicating security expectations for .onion: what to say about different
padlock states for .onion services
--------------------------------------+--------------------------
 Reporter:  isabela                   |          Owner:  tbb-team
     Type:  project                   |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  ux-team                   |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------
Changes (by phw):

 * cc: phw (added)


Comment:

 The following SOUPS 2016 paper seems very relevant to this ticket.  It was
 written by people from the Chrome security team and their work resulted in
 the indicators we see in Chrome today:
 https://www.usenix.org/system/files/conference/soups2016/soups2016-paper-
 porter-felt.pdf

 I skimmed parts of the paper and found the following two takeaways
 relevant:

 Section 1:
 > The indicator's meaning needs to be taught with words when possible.
 Millions of new Internet users have recently come online via smartphones
 without learning "standard" iconography from desktop browsers.

 We may also want to change the text next to the onion icon. In the paper,
 in Table 4, they evaluated what string users most associate with security
 and "secure" won, closely followed by "https," which they deemed too
 technical. Another of their candidates was "secure and private" which may
 be suitable in our case. I worry that just replacing the lock icon with an
 onion may not make it clear what's different -- in particular because
 onions are typically not associated with security.

 Section 3.1:
 > Making major modifications to this [lock] symbol, such as using a
 different object, may be disorienting: users now expect to find a lock in
 a browser window.

 I wonder if the presence of an onion will confuse some people? Another way
 forward would be to use the lock icon for onion services too but change
 the string from "secure" to "secure and private."

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23247#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list