[tor-commits] r24671: {projects} Ah, Torbutton. It's almost as if you never existed. (projects/articles/browser-privacy)

Mike Perry mikeperry-svn at fscked.org
Tue Apr 26 11:18:08 UTC 2011 

Author: mikeperry
Date: 2011-04-26 11:18:08 +0000 (Tue, 26 Apr 2011)
New Revision: 24671

Modified:
   projects/articles/browser-privacy/W3CIdentity.tex
Log:
Ah, Torbutton. It's almost as if you never existed.



Modified: projects/articles/browser-privacy/W3CIdentity.tex
===================================================================
--- projects/articles/browser-privacy/W3CIdentity.tex	2011-04-26 09:35:52 UTC (rev 24670)
+++ projects/articles/browser-privacy/W3CIdentity.tex	2011-04-26 11:18:08 UTC (rev 24671)
@@ -263,8 +263,8 @@
 make user interaction with content elements more explicitly tied to the
 current site.
 
-Similarly, one could imagine this two-level origin isolation being deployed to
-improve similar issues with DOM Storage and cryptographic tokens.
+Similarly, one could imagine this two level dual-keyed origin isolation being
+deployed to improve similar issues with DOM Storage and cryptographic tokens.
 
 Making the origin model for browser identifiers more closely match user
 activity and user expectation has other advantages as well. With a clear
@@ -309,45 +309,14 @@
 improvements, as it does not require extensive compatibility testing or
 standards coordination.
 
-% XXX: Do we need to even mention torbutton?
-One of the earliest examples of an identity-based approach is our own work on
-Torbutton\cite{torbutton}, Torbutton deserves poor marks for both simplicity
-and usability\cite{not-to-toggle}. Torbutton attempts to isolate the user's
-non-Tor activity from their Tor activity, effectively providing the user with
-a blank slate for their Tor activity, but optionally allowing them to toggle
-between these two identities.
+Of the major private browsing modes, Google Chrome's Incognito Mode comes the
+closest to conveying the idea of ``identity'' to the user, and the
+implementation is also simple as a result.  The Incognito Mode window is a
+separate, stylized window that clearly conveys an alternate identity is in use
+for this window, which can be used concurrent to the non-private identity.
+The better UI appears to lead to less mode error (where the user forgets their
+private browsing state) compared to other browsers\cite{private-browsing}.
 
-Firefox Private Browsing Mode is very similar, in that it allows users to
-switch between their normal browsing and a ``private'' clean slate.
-
-% FIXME: This paragraph can go if we need space:
-Both Firefox PBM and Torbutton suffer from usability issues, primarily because
-this concept of separate browsing identities is not properly conveyed to the
-user. In Firefox's case, this usability issue is apparent through the quantity
-of mode error observed in the review of Private Browsing Modes by Dan Boneh et
-al\cite{private-browsing}. In Torbutton's case, the issues appear more severe.
-We've informally observed that users have tremendous difficulties remembering
-which tabs were Tor-related and which were non-Tor related, and we've also
-observed issues with mode error.
-
-Both of these approaches are exceedingly complex: they deal with every aspect
-of browser state individually. This development effort however does enable
-Firefox and Torbutton to provide the user with great fine-grained control.
-
-Google Chrome's Incognito Mode comes the closest to conveying this idea of
-``Incognito identity'' to the user, and the implementation is also simpler as a
-result. The Incognito Mode window is a separate, stylized window that clearly
-conveys an alternate identity is in use for this window, which can be used
-concurrent to the non-private identity. This appears to lead to less mode
-error (where the user forgets their private browsing state) compared to other
-browsers.
-
-% FIXME: This paragraph can go if we need space:
-The implementation of Incognito is as a virtualized in-memory profile, which
-allows them to achieve protection against history storage issues for very low
-effort. It also allows them to tweak browser properties and permissions
-specifically for this profile.
-
 The Mozilla Weave project appears to be proposing an identity-oriented method
 of managing, syncing, and storing authentication tokens, and also has use
 cases described for multiple users of a single browser\cite{weave-manager}. It

More information about the tor-commits mailing list