[tor-dev] Hash Visualizations to Protect Against Onion Phishing

Yawning Angel yawning at schwanenlied.me
Thu Aug 20 19:11:23 UTC 2015


On Fri, 21 Aug 2015 04:39:14 +1000
teor <teor2345 at gmail.com> wrote:

[snip]
> Visual schemes are only helpful to users who have the appropriate
> level of visual ability or processing:
> * as has already been mentioned, colouring schemes are not as useful
> to the colourblind;
> * facial recognition schemes are useless to the face-blind (including
> many autistic people); and any visual scheme would need to have a
> text alternative for screen readers or other tools used by the
> visually impaired.

  [snip]

> If we choose a list of English words, is that going to cause
> recognition issues for people who are non-native English speakers, or
> whose native script is a non-Latin script? (We could test this out.)

As much as all of these are important issues, if we search for a
solution that works for absolutely everyone, then we will never
implement anything, because IMO no such thing exists.

I sort of have mixed feelings about this in general, but since enough
people seem to think it's a good idea, what appears to be the obvious
way forward is:

 * Come up with a well defined interface for "take an opaque blob,
   present it to the user".
 * Implement the underlying firefox glue.
 * Test deploy a few user select-able representation modules.

Without doing so, trying to hash out any sorts of design(s) will likely
end badly, and going with "write the framework that lets us do UX
testing" will let us get a better handle on the problem[0].

Regards,

-- 
Yawning Angel

[0]: And who knows, an enterprising student may discover that the
"One Universal Onion Representation For Purposes of Quick Verification"
is "Onions As Interpretive Modern Dance, Music, and Tactile Sensations
Conveyed Via A Force Feedback Joystick", and write the appropriate
plugin.  Personally, I'm done with this subject and I'll stick to using
bookmarks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150820/64acb1d1/attachment.sig>


More information about the tor-dev mailing list