[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #21940 [Applications/Tor Browser]: OSX updater: consider disabling privilege escalation
#21940: OSX updater: consider disabling privilege escalation
-------------------------------------------------+-------------------------
Reporter: mcs | Owner: mcs
Type: defect | Status:
| needs_review
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff52-esr, tbb-7.0-must, | Actual Points:
TorBrowserTeam201705R |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by linda):
> Usability aspect here is that many users want to make TBB the default
web browser, also to make it more secure to open web content from any app,
and as a part of that, there is the need to install TBB as usual app,
usually to the default location which usually needs admin privileges on
any OS.
I don't think that there is a usability issue here, but that it is a
security issue that the browser team will make a decision on. A decision
can be made without my consultation.
The average internet user (which is different from the average Tor user)
will likely not know the difference between an application requiring admin
privileges or not, and will not notice if it does request it. They just
want to install the thing so that they can use it. Unless it requires a
different installation pattern than everything they are used to, I don't
think they will notice.
Generally, I think we should still do what is best in terms of security.
(I would like to clarify that "if we de-escalate then things will break
and we need to fix them" != a usability issue, that's just technical work
as a result of decisions made. Also "a decision that will have security
implications" != a usability issue (even if people have preferences over
it, and if you honor those preferences. I think that's just catering to
the right userbase. A usability issue is when everything is technically
working fine, and people still have a hard time using it--i.e. when tor
launcher asks a user to choose bridges but they don't know what they are
and choose randomly.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21940#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs