[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #9387 [Tor Launcher]: Tor Launcher/Torbutton should provide a "Security Slider"
#9387: Tor Launcher/Torbutton should provide a "Security Slider"
-------------------------+-------------------------------------------------
Reporter: | Owner: gk
mikeperry | Status: new
Type: | Milestone:
enhancement | Version:
Priority: major | Keywords: TorBrowserTeam201410D, tbb-
Component: Tor | security, tbb-usability, tbb-linkability,
Launcher | tbb-3.0, extdev-interview, tbb-isec-report,
Resolution: | tbb-4.5-alpha
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Comment (by mikeperry):
While testing 4.5-alpha-2 in various security levels, I noticed a few
issues:
1. The Medium-High security level causes "Custom settings" to get checked
if you do "New Identity" and have disk records disabled (ie the default
TBB). It doesn't seem to do this if you allow disk records (which may be
why you missed this bug).
2. Unchecking "Custom settings" doesn't seem to take effect until "New
Identity", especially if you change NoScript state manually.
3. The Medium-High security level seems to fail to disable javascript for
HTTP sites (it should set set noscript.global to false and rely on
noscript.globalHttpsWhiteList).
4. We probably should move our new JIT defaults into the TBB repo.
5. NoScript 2.6.9.8rc1 was just released which fixes the need for the
https: whitelist injection. We should remove this injection as soon as we
switch to this NoScript.
I also have the following UI/UX comments:
1. We should hint somewhere that this is a tradeoff between features and
security. Perhaps changing "Security Level" to "Security Level (Disables
high-risk web features to improve security)" or similar?
1. Alternatively, or in addition, we could have the levels also include
"(Most Usable)" down to "(Least Usable)", or perhaps "(Full Features)"
down to "(Least Features)"
1. I think the slider should be horizontal. It's taking up a lot of window
real estate in a way that only makes sense if we have huge volumes of text
describing the positions. I think tooltips will suffice instead of a side-
bar, which means we can make this more compact.
1. If it were horizontal, we can maybe also include it in one of the Tor
Launcher windows without overload.
1. If we stay with a vertical slider, why is "High" on the bottom? This
ordering only makes sense if we also say "(Most Usable)" or "(Most
Features)" I think.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9387#comment:70>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs