[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #10482 [TorBrowserButton]: External applications warning could be clearer and more specific
#10482: External applications warning could be clearer and more specific
------------------------------+---------------------------
Reporter: schoen | Owner: mikeperry
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: TorBrowserButton | Version:
Keywords: | Actual Points:
Parent ID: | Points:
------------------------------+---------------------------
I talked to a TBB user who was confused by the "External applications are
not safe by default and could unmask you" message, and the following
thoughts came out of our discussion about this:
* The idea of "unmask you [by sending information over the Internet that
lets someone see your IP address]" isn't very intuitive to some users, who
might either not think about non-Internet-oriented applications as
communicating online in the first place, or might not be thinking about
Tor's threat model. To unpack this, one concept is that "external non-Tor
software might communicate on the Internet (not through Tor)" and another
concept is that "if software communicates on the Internet, someone spying
on you might figure out who or where you are". Users might be surprised
by both of these concepts and not constantly bear them in mind when using
TorBrowser.
* The dialog doesn't make very obvious what the external software in
question ''is''. It might be helpful if it said something about the
particular application that the user is going to use and explained that
this application isn't under the control of Tor, or protected by it, so it
could communicate non-anonymously on the Internet. The idea of "external
applications" might be too abstract or general in this context, compared
to referring to particular software like LibreOffice, Microsoft Word,
Adobe Reader, or whatever.
* The dialog appears even if the user tries to save a file without opening
it using an application. This might be appropriate because opening it
later could unmask the user, but it might also be confusing because the
user might think "but I only wanted to save the file"! It might be
helpful at least to make the warning appropriate to the action that the
user is taking at that point: if they're trying to "open" a file with an
application, warn about that application; if they're trying to "save" a
file to the disk, warn that later use of that file in an external
application isn't protected by Tor and can cause non-anonymous network
activity.
* The dialog appears during the officially recommended upgrade path
(downloading a new TBB from the Tor web site), which is disturbing because
check.tpo specifically asked the user to upgrade, but then confronted them
with a warning when the user did what they were asked to. Is there a safe
way to make the intended TBB upgrade path not warn the user that what
they're doing is a security risk?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10482>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs