[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #25658 [Applications/Tor Browser]: Activity 2.1: Improve user understanding and user control by clarifying Tor Browser's security features

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #25658 [Applications/Tor Browser]: Activity 2.1: Improve user understanding and user control by clarifying Tor Browser's security features
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 25 Oct 2018 15:26:40 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 25 Oct 2018 11:26:53 -0400
In-reply-to: <047.15bd00c6cfb9712b7dbc5bcdb6537c51@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.15bd00c6cfb9712b7dbc5bcdb6537c51@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#25658: Activity 2.1: Improve user understanding and user control by clarifying Tor
Browser's security features
-------------------------------------------+---------------------------
 Reporter:  isabela                        |          Owner:  antonela
     Type:  project                        |         Status:  assigned
 Priority:  High                           |      Milestone:
Component:  Applications/Tor Browser       |        Version:
 Severity:  Normal                         |     Resolution:
 Keywords:  ux-team, TorBrowserTeam201810  |  Actual Points:
Parent ID:                                 |         Points:
 Reviewer:                                 |        Sponsor:  Sponsor17
-------------------------------------------+---------------------------

Comment (by antonela):

 Hi geko, thanks for the heads-up; already read the diff. Seems like you
 have a strong opinion for keeping the slider.

 Let's do it again:

 **2.1.1 Removing HTTPS Everywhere and NoScript from the Toolbar**

 OK

 **2.1.2 Showing Security Slider State**

 We tried this before and this is the latest prototype I have: 

 https://marvelapp.com/383eaa9/screen/44007368

 Should we iterate over it again? Are we happy with the icon? Do we want a
 different icon?

 >
 >To mitigate that problem we could at least warn users about the possible
 danger and provide the option to acquire a New Identity right after
 changing the security slider level.

 Suggest a New Identity after the global setting change, seems smart. We
 can do that right after the user change about:preferences#security. A
 message that says "You may need a New Identity to apply changes safely.
 Your tabs will reload, and some information could be missed" will help.

 >
 >We'll add a security settings button to the toolbar which shows the
 current slider state but, once clicked on, opens an about:preferences
 panel in a new tab which contains the security slider.

 Something like this?
 [[Image(https://trac.torproject.org/projects/tor/raw-
 attachment/ticket/25658/25658-preferences.png, 700px)]]

 **2.1.3 Reorganizing the Toolbar**

 OK

 ** 2.2 Dealing with Per-Site Security Settings**

 > One way to do that would be to use the Permissions section which opens
 after clicking on the "i" icon in the URL bar.

 Ok. It should look similar to

 [[Image(https://trac.torproject.org/projects/tor/raw-
 attachment/ticket/25658/25658%20-%207.png, 700px)]]

 >
 > We should refrain from exposing icons for every single "active content"
 in the URL bar, though. Rather, besides the button for temporarily
 allowing JavaScript we would only add one additional, which is responsible
 for manipulating and showing the state of "active content" (like WebGL,
 SVG, fonts etc.).

 Where do you think it should have place? At the Control Center doorhanger?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25658#comment:35>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #27750 [Core Tor/Tor]: conn_close_if_marked: Non-fatal assertion !(connection_is_writing(conn))
Next by Author: Re: [tor-bugs] #28075 [Applications/Tor Browser]: Torbutton WARN: no SOCKS credentials found for current document.
Previous by thread: Re: [tor-bugs] #25658 [Applications/Tor Browser]: Activity 2.1: Improve user understanding and user control by clarifying Tor Browser's security features
Next by thread: Re: [tor-bugs] #25658 [Applications/Tor Browser]: Activity 2.1: Improve user understanding and user control by clarifying Tor Browser's security features
Index(es):
- Author
- Thread