[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #14061 [Tor Browser]: Develop a new cookie inspector accommodating double key logic

Subject: Re: [tor-bugs] #14061 [Tor Browser]: Develop a new cookie inspector accommodating double key logic
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 11 Jan 2015 18:35:44 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 11 Jan 2015 13:35:54 -0500
In-reply-to: <047.cf6b00dfb9b7a0500b93d92d93337076@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.cf6b00dfb9b7a0500b93d92d93337076@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#14061: Develop a new cookie inspector accommodating double key logic
-----------------------------+----------------------------------
     Reporter:  michael      |      Owner:  tbb-team
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  TorBrowserTeam201506
Actual Points:               |  Parent ID:  #3246
       Points:               |
-----------------------------+----------------------------------

Comment (by michael):

 Replying to [comment:8 gk]:
 > I am wondering why we need a new cookie inspector at all? "Show
 Cookies..." should be the one showing you the cookies and domain they are
 bound to, I think.
 >
 I assume that Mike's graphic implies the function of clicking a 1st party
 domain/favicon to drill down into cookie names where associated 3rd party
 cookies are specially marked. This assumption is based on a
 contract/bounty titled '''UI support for double-keyed cookies''' but it's
 possible that the correct interpretation is '''implement double-keyed UI
 support for the old cookie inspector design''' only.

 === Old cookie inspector design ===
 When interpreting that, note that the latter is a '''NOOP''' and the old
 cookie inspector works just the same after applying the double keying
 patch. That means that the cookie inspector ignores 1st/3rd party context,
 displaying all cookies indexed by their corresponding HTTP host header.

 Should we implement a graphical indication of party context? If yes, we
 need to decide on one of the many UI designs contrasting cookie
 representations lacking a 3rd party context from those including them, as
 well as deciding on how much UI support to provide (indexing and search
 strategy, exposing configuration, etcetera.)
 [[br]]
 > Mike's idea is not cookie specific and introducing it just for cookies
 might therefore be confusing.
 >
 It might be time to reevaluate UI design since making so many party
 isolation changes (along with your cool #9387 security slider, your
 [https://bugzilla.mozilla.org/show_bug.cgi?id=777620 B2G and channel
 referral], and other relevant UI considerations.)

 Should we free this child ticket and redefine it to specify '''all party
 isolation UI improvements?'''
 [[br]]
 > What do you have in mind with the alternative design?
 >
 My intentions are not part of this, but if I wanted to indicate cookie
 party association:

 - I would stick to tabular text instead of a graphic representation.

 - I don't know what style of indexing/searching and inspector
 configuration widget (a slider?) to provide[[br]]...since that gets
 complex and would benefit from in depth usability testing.

 Cookie party association UI is dependent on unresolved questions from
 other #3246 child tickets and maybe even non cookie ones. Should we put
 this on hold since the old inspector is working just fine?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14061#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #14167 [Service - git]: Please create user repository "sybilhunter" for phw
Next by Author: Re: [tor-bugs] #14164 [Tor]: Controller method to get our own descriptor (was: does tor knows itself ?)
Previous by thread: Re: [tor-bugs] #14061 [Tor Browser]: Develop a new cookie inspector accommodating double key logic
Next by thread: Re: [tor-bugs] #14061 [Tor Browser]: Develop a new cookie inspector accommodating double key logic
Index(es):
- Author
- Thread