[tor-bugs] #28015 [Applications/Tor Browser]: Brainstorm improved ux for orgs that want to give bridges to their people
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 12 14:56:41 UTC 2018
#28015: Brainstorm improved ux for orgs that want to give bridges to their people
--------------------------------------+--------------------------
Reporter: arma | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ux-team, sponsor19 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by tom):
Your ideas were the first that came to my mind. I wracked my brain for a
little bit trying to come up with additional ones.
Ideas of varying quality:
Instead of 'via email, and then manually clicking a bunch of things in Tor
Browser and pasting the bridges into the right place' - make this a
supported flow where on copy/pastes a big blob of base64 and Tor Browser
decodes and parses it and does all the right things.
Orgs distribute a symmetric key that decrypts an encrypted blob baked into
the browser. This contains some or all of: a passphrase used to get secret
bridges from our moat, the location of their moat, or even new default
bridges. (This could be used by Tor Projects direct user support to test
connection failures also, by having a few of our own secret bridges)
Org distributes an 'add-on pack' (but not a browser add-on in that sense,
just the generic definition of 'supplemental') that one installs on top of
tor browser that contains *something*. A new moat url, new default
bridges, etc. The 'add-on pack' might be as simple as a specially named
json file Tor Browser looks for in its startup process. You could even
encrypt it by default with a passphrase Tor browser prompts you for on
startup if you really wanted to?
Orgs could distribute a true browser add-on one installs over Tor Browser
that alter's Tor Browser's behavior in the same sense of a Mozilla Partner
Repack (as we call them): it could supply bridge info, but also theme the
browser, add a default homepage, bookmarks, even add-ons. (Or maybe not
add-ons :) ) I think Psiphon did this as a funding mechanism also.
Tangential: a 'secret passphrase with a public moat URL' approach could
also have two other authentication mechanisms besides a high-entropy
passphrase: a TOTP based token o a WebAuth/FIDO USB Key.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28015#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list