[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Rethinking Bad Exit Defences: Highlighting insecure and sensitive content in Tor Browser
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Tom Ritter:
> It seems reasonable but my first question is the UI. Do you have a
> proposal? The password field UI works, in my opinion, because it
> shows up when the password field is focused on. Assuming one uses
> the mouse to click on it (and doesn't tab to it from the username)
> - they see it.
>
> How would you communicate this for .onion links or bitcoin text?
> These fields are static text and would not be interacted with in
> the same way as a password field.
>
> A link could indeed be clicked - so that's a hook for UX... A
> bitcoin address would probably be highlighted for copying so that's
> another hook... But what should it do?
>
> -tom
Bitcoin has a URL scheme that is increasingly used, so the UI
mechanism could be the same as for .onion links. However, for both
.onion links and for bitcoin: links, there's a risk that the website
will simply ask the user to manually copy the .onion URL or Bitcoin
address -- I doubt that most users will recognize this as an attempt
to evade detection. So any UI mechanism will probably need to
recognize any string that looks like a .onion URL or a Bitcoin
address, even if they're not links.
Cheers,
- --
- -Jeremy Rand
Lead Application Engineer at Namecoin
Mobile email: jeremyrandmobile@xxxxxxxxxx
Mobile PGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C
Send non-security-critical things to my Mobile with PGP.
Please don't send me unencrypted messages.
My business email jeremy@xxxxxxxxxxx is having technical issues at the
moment.
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJY4GYXAAoJELPy0WV4bWVwz60P/2cOYAiRLaTx5wjy+pyqQCUn
N4+mZv9+YmW7OiqJKEylywyTcdhLeAAVlQPafawvN+9K1EObqiF5GtHdHOaOE+EJ
43iUbpRzMsZOlPGspP6YUrJw6zjLev021qMyyZv1r0EMPgi3d+jbfvrgPHcgw7AD
aA5hDy1bVAoLovwIWL1w/62MK+gsMHroE3oDOYNI3i6uLJHVtsdTdCVit8rwshey
BKOBY0xgh2pvMDGwB4hdK4K0GHAUcef6ErDXhrpKFPDjuJnLi6g5i3oPbgaI9YuR
ONIb3eK2K81oblpEmRxQgEJHby7sMKfqRqpsabcTDn6WUlN0z91JTqRtJWvyZYYC
rabdeLrEqlOA7IGG7S4w3hUlWi7Ql/iwUM3/9b3SNztwcWrC/VmCjDPpiZ/aJpI9
QP5/Y2SC5TYQ0+DRLe3HynI/zc5WHpRW6TU570BnJc+V5Y1uf8GH2g6WMNRegTKm
++cCx2SLGn2CaqHCubos7FVtx2Yi443vlL9kNE1bgsZIZBa8PGx6m3MjpZ8K9NLt
e1HkTbCGQaB09pVvMMRiazqc6r3sJcvogcmdct21P6ElyEW4D9L+grWqESNSM+gm
mlAIrMsfYeZnpl7vgmKVQ2TqirCxvLMA0movYjhISkyKIsPTSHc8Qoc00WHt2MvX
lus5voupc4tmsDtB/8z0
=L3v2
-----END PGP SIGNATURE-----
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev