[tor-bugs] #25658 [Applications/Tor Browser]: Activity 2.1: Improve user understanding and user control by clarifying Tor Browser's security features

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Nov 2 12:28:05 UTC 2018


#25658: Activity 2.1: Improve user understanding and user control by clarifying Tor
Browser's security features
-------------------------------------------+---------------------------
 Reporter:  isabela                        |          Owner:  antonela
     Type:  project                        |         Status:  assigned
 Priority:  High                           |      Milestone:
Component:  Applications/Tor Browser       |        Version:
 Severity:  Normal                         |     Resolution:
 Keywords:  ux-team, TorBrowserTeam201810  |  Actual Points:
Parent ID:                                 |         Points:
 Reviewer:                                 |        Sponsor:  Sponsor17
-------------------------------------------+---------------------------

Comment (by antonela):

 Replying to [comment:49 cypherpunks3]:
 > Replying to [comment:9 antonela]:
 > > Replying to [comment:8 cypherpunks]:
 > > > (Also a note on the `about:preferences` changes: I think they're
 unnecessary since the functionality would already be offered by the
 security button, so there's no need for duplicate effort)
 > > >
 > >
 > > Well, we don't want to have the slider on the Top bar UI. The
 doorhanger is just showing the security setting description + a call to
 action in the case the user wants to change it. So if the user wants to
 change the security setting, they should go to `about:preferences` to
 upgrade or downgrade their setup.
 >
 > This makes it much more impractical, you have to go to a new tab with
 `about:preferences` just to change the security slider and it has the
 unintended side effect of making the user think that it's 'okay' to mess
 with stuff on `about:preferences`.


 Yes. The security slider settings apply globally. You can start to think
 this user flow making a question: When do users upgrade or downgrade their
 security? Then you will realize that the *trigger* usually comes from the
 current site/tab there are visiting, or they are willing to attend.

 The best part now is that we are planning to allow per-site permissions.
 So, if you are a user in the highest security mode and some site you are
 visiting have bad performance (gets broken), but you trust in that site,
 and you are okay with javascript running there, then you can allow it
 temporary. With this scenario, you don't need to change your global
 setting, but a temporary feature is enabled in the current tab.

 That is cool. We are avoiding this common user pattern when users
 downgrade their security because they want to visit an specific site and
 then they never go up again.

 There are no reasons for you as a non-technical user to mess stuff in
 about:preferences because you will have there the same three options
 without global granular settings. You can downgrade or upgrade your
 overall security, and your browser will restart to apply changes.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25658#comment:50>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list