[tor-bugs] #25658 [Applications/Tor Browser]: Activity 2.1: Improve user understanding and user control by clarifying Tor Browser's security features

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Mar 20 19:15:25 UTC 2019 

#25658: Activity 2.1: Improve user understanding and user control by clarifying Tor
Browser's security features
-------------------------------------------------+-------------------------
 Reporter:  isabela                              |          Owner:
                                                 |  antonela
     Type:  project                              |         Status:
                                                 |  needs_information
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ux-team, GeorgKoppen201812,          |  Actual Points:
  TorBrowserTeam201903, tbb-8.5                  |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor17
-------------------------------------------------+-------------------------

Comment (by antonela):

 Replying to [comment:107 gk]:

 > What I mean is not a redesign of how per-site security settings should
 work but we thought about making site-specific settings _as they are
 available today_ accessible. Ideas we had were outlined in section 2.2 of
 the proposal.

 Got it! I approached a UI for what is described at 2.2.

 [[Image(https://trac.torproject.org/projects/tor/raw-
 attachment/ticket/25658/25658%20-%202.2.png, 700px)]]

 Questions:

 - ` By default only the option to temporarily allow JavaScript would be
 visible.` When? On the Default level? Or in all security levels?

 - What happens when user enable/disable JS or Active Content? Should they
 reload to apply effects?

 - We cannot prompt users to enable JS for each website who wants to use
 JS. How are we going to balance it? One option could be to not prompt
 users but enable it automatically and giving users visual feedback at the
 URL bar with the colored icon. If this is the road we are going to take,
 then we should expose this in global settings as an opt-in.

 - Can we save trusted sites in any safe way? Those trusted sites could
 have JS enabled, even if the global security level is `Safest`.

 - The gear icon at the Control Center goes to `about:preferences#privacy
 Permissions`. Should we incorporate JS and Active Content as an option
 there too?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25658#comment:109>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list