[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #8313 [TorBrowserButton]: Display a confirmation upon enabling Flash

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #8313 [TorBrowserButton]: Display a confirmation upon enabling Flash
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 02 Mar 2013 20:45:31 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 02 Mar 2013 15:45:40 -0500
In-reply-to: <049.6b84a59d70708b34f66d6acbaf5f198a@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.6b84a59d70708b34f66d6acbaf5f198a@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#8313: Display a confirmation upon enabling Flash
--------------------------------------------+-------------------------------
 Reporter:  mikeperry                       |          Owner:  mikeperry   
     Type:  enhancement                     |         Status:  needs_review
 Priority:  major                           |      Milestone:              
Component:  TorBrowserButton                |        Version:              
 Keywords:  tbb-usability, MikePerry201303  |         Parent:  #7470       
   Points:                                  |   Actualpoints:              
--------------------------------------------+-------------------------------

Comment(by proper):

 Replying to [comment:5 mikeperry]:
 > Replying to [comment:4 proper]:
 > > Bug 1:
 > > I saw popup twice right after Tor Browser started with check.top. I
 don't think it's the right time?
 >
 > This was either a race condition or because you already had flash
 enabled because it doesn't happen for me. Either way, I attached a new XPI
 that should prevent it. Let me know if it actually does.

 Still see it right after TB started (twice) and when I want to disable it,
 I also get it twice.

 > > Suggestion 1:
 > > Often read users don't know what an IP address is. Tails devs
 recommend to me once to use IP/location instead. No strong opinion here.
 > >
 > > Suggestion 2:
 > > "Harm your privacy" isn't strong enough. "Harm your anonymity"
 perhaps? Oh well, you plan on fixing the (#7008) IP bypass problem. Well,
 if #7008 gets implemented, you can change back to "Harm your privacy". In
 meanwhile, when not using special precautions with stock TBB, IP leak is
 imho "Harm your anonymity".
 >
 > I fixed the text to try to address both of these.

 Looks good.

 > > Suggestion 3:
 > > Time until "ok" can be pressed is too short.
 >
 > This is a Firefox thing. It is governed by the pref
 security.dialog_enable_delay. If we raise that, we raise it for everything
 that uses it (including addon install, etc).

 Doubling it can't hurt?

 > > User experience, without flash enabled:
 > > I think it's a bit too difficult for the mortal user. If you trained
 them "flash = youtube, flash = no anonymity" and they see the noscript
 question, they may say no and be disappointed or create support requests.
 "Where can I say yes, where I must say no."
 >
 > Yeah, I think you're right. I am very conflicted about the NoScript
 click-to-play. I am not sure HTML5 video has had enough time for the
 underlying codecs to get audited, but the NoScript barrier really is
 confusing. I think the "This plugin is disabled" barrier is also
 confusing. I am trying to decide if I should just get rid of both of them
 for better usability.

 I don't know the security/privacy disadvantages by NoScript click-to-play.
 I think, if there aren't any, you had already disabled it. In any case,
 this ticket needs more commenter.

 > > Concern:
 > > Users will most likely think "it's ok to enable for youtube", then
 they forget to disable it and shoot their own feet. Or not... If I
 understand right even with flash enabled they have to activate the plugin
 every time for every page/video/click?
 >
 > This is one of the reasons we have both the Firefox click-to-play
 barrier and the blanket enable/disable. If you enable Flash but forget, at
 least you're reminded by the click-to-play on other sites before Flash
 automatically runs...

 Ok.

 > I have no idea why Firefox decides to sometimes give you a click-to-play
 barrier and sometimes decides to do the dropdown thing, though. :/

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8313#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #7681 [Tor bundles/installation]: Wrap Tails inside a VM, where the outer VM runs Tor and handles the network
Next by Author: [tor-bugs] #8387 [Tor]: Unbuilt one-hop circuits sometimes hang around forever
Previous by thread: Re: [tor-bugs] #8313 [TorBrowserButton]: Display a confirmation upon enabling Flash
Next by thread: Re: [tor-bugs] #8313 [TorBrowserButton]: Display a confirmation upon enabling Flash
Index(es):
- Author
- Thread