[tor-bugs] #25658 [Applications/Tor Browser]: Activity 2.1: Improve user understanding and user control by clarifying Tor Browser's security features

[Tor Bug Tracker & Wiki]

#25658: Activity 2.1: Improve user understanding and user control by clarifying Tor
Browser's security features
-------------------------------------------+---------------------------
 Reporter:  isabela                        |          Owner:  antonela
     Type:  project                        |         Status:  assigned
 Priority:  High                           |      Milestone:
Component:  Applications/Tor Browser       |        Version:
 Severity:  Normal                         |     Resolution:
 Keywords:  ux-team, TorBrowserTeam201810  |  Actual Points:
Parent ID:                                 |         Points:
 Reviewer:                                 |        Sponsor:  Sponsor17
-------------------------------------------+---------------------------

Comment (by gk):

 Replying to [comment:39 arthuredelstein]:
 > Replying to [comment:38 gk]:
 >
 > > Just to reply to this item: That's not proposed in comment:33. Here is
 what antonela wrote:
 > > {{{
 > >  Again: I think that the best way to improve the security slider is
 removing the slider component. As mentioned before, the slider is a UI
 artifact that doesn't add any value to this settings. Instead, it confuses
 users about their benefits on upgrade or downgrade.
 > >
 > > If we could simplify the security settings into a boolean option, we
 will follow the current Firefox approach on settings both in desktop and
 in mobile, and we will help users by making it easier to understand the
 trade-off: "Do I trust in this site?"
 > > }}}
 > > So, comment:33 proposes to reduce the slider from three options to two
 *in general* and bind all the security features to the transport. But you
 want to keep "safest", "safer", and "standard" but redo the "safer"
 option. So, these are different things.
 >
 > My interpretation of antonela's proposal in comment:33 is that there are
 three global levels. See
 [https://trac.torproject.org/projects/tor/attachment/ticket/25658/25658%20-%206.4.png
 the image] under "General Settings - about:preferences#security". The
 three radio buttons correspond to "safest", "safer" and "standard". Then
 each site would have two possible states: protected or unprotected.

 I don't understand that. That dialog is only talking about *where* our so-
 called protections are applied (on all sites/only on unsecure
 sites/never), not *which* kind of protections. And we have two sets of
 protections ("safest" and "safer" however we want to structure the
 latter). Thus, this does not map to an on/off option: It does not say
 which protections apply to all sites ("safer" or "safest") and it does not
 say which protections apply to only unsecure ones. The dialog is only
 talking about "Security Protection" indicating the same group of
 restrictions applies to all three options given (in the first case to all
 sites, in the second one to unsecure ones and in the third case to none)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25658#comment:41>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online