[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Browser Bundle: Usability Improvement Proposal (windows)



Thus spake Greg Kalitnikoff (kalitnikoff@xxxxxxxxxxxxxxxx):

> Hm, interesting thing that very recently I found out such project -
> SBrowser282, custom Tor Browser Bundle made by some russian radicals.
> It does exactly what you are talking about as I understand. More
> interesting that they claim it`s all made with open source software.
> 
> Download link:
> http://ifile.it/uxgel0p/SBrowser282.exe
> And as I can see it is just self-extracting 7z archive. Anyway, be
> warned about any exe-file!
> 
> More links and info can be found here (in russian)
> http://rusinfo.cc/entries/421

If you speak Russian, you may want to point these people at the new
Tor Browser Design doc:
https://www.torproject.org/projects/torbrowser/design/, especially the
requirements section:
https://www.torproject.org/projects/torbrowser/design/#DesignRequirements

We're starting to see a few different browser bundles arising due to
people not being satisfied with our choice of Firefox and for various
other operational reasons. One variant Andrew saw took the smallest web
browser they could find, embedded a Tor client in it, and provided the
resulting 2M package as something like "MicroTor".

They certainly sound useful, but the problem with these approaches is
that they often don't even state if they've done the *bare minimum*
audit to ensure all browser activity actually uses the proxy settings
of their pet browser:
https://www.torproject.org/projects/torbrowser/design/#proxy-obedience

For micro-browsers especially (even popular ones like Google Chrome),
you're likely to see them relying on OS functionality as opposed to
built-in functionality. In the case of the SSL stack, this can mean
immediate proxy bypass for SSL connections and/or OCSP data. See:
https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs#ProxyBypassBugs

All of this is not to mention the efforts we're investing into
ensuring the Tor Browser has good privacy properties, too:
https://www.torproject.org/projects/torbrowser/design/#privacy

> "Fabio Pietrosanti (naif)" <lists@xxxxxxxxxxxxxxx> wrote:
> 
> > Hi all,
> > 
> > i would like to propose some usability improvement for TorBrowserBundle
> > for Windows, in order to make it more usable.
> > 
> > Reduce to 3-clicks the requirements to use TorBrowserBundle on Windows.
> > 
> > Today the Tor Browser Bundle require the user to make several action
> > before using it that can represent a stopping-issue for unskilled and
> > uncertain users.
> > 
> > Especially the user require to:
> > - dealing with the concept of "extraction"
> >   Really dumb users doesn't know what file compression is, some doesn't
> > even know what file size.
> > - dealing with a decision of "where to extract".
> >   That relate to interacting with the system and a really dumb users
> > fear doing actions for which he don't know the consequence.
> > 
> > In doing this the user have to do several clicks and choices.
> > 
> > There are a lot of users that "are not even able to install firefox".
> > They fear to damage the computer in doing some actions for which they
> > don't know the consequence.
> > 
> > I'd like to propose a new simplified way of using TorBrowserBundle as
> > follow:
> > - User Download the software
> > - User click on TorBrowserBundle.exe
> > - A nice splashscreen show to the user
> > - A progress bar (below the splashscreen) inform the user that Tor it's
> > initialing
> >   - Extracting to TorBrowserBundle Directory ...OK
> >   - Starting Tor...OK
> >   - Initialing Tor Connection... OK
> >   - Starting Firefox... OK
> > - Then the browser show up to the user.
> > - The browser show at first page :
> >   - useful information about Tor
> >   - inform the user about the newly created directory
> >   - include the default CheckTor page
> > 
> > By using that approach the user will not have the feeling of no
> > "technical" decision has to be taken by the user in order to use Tor, no
> > stopping-fear of breaking something, no compression/extraction concept
> > to be understood.
> > 
> > The user the next time that want to use TorBrowserBundle will not need
> > to enter into the Installation Directory but will always be able to
> > start the software from the same file he downloaded
> > 
> > That way it would really be a 3-clicks step for the user to use Tor
> > Browser Bundle:
> > - Click on download link
> > - Accept download
> > - Start the software
> > 
> > What do you think?
> > 
> > -naif
> > _______________________________________________
> > tor-talk mailing list
> > tor-talk@xxxxxxxxxxxxxxxxxxxx
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpCd0b4CBhqK.pgp
Description: PGP signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk