[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] GSoC'16 proposal: the Torprinter project (a Panopticlick-like website)



Hi Pierre!

Thanks for this valuable proposal. :) Just a quick comment frome someone
who has experienced supporting Tor users.

Georg Koppen:
> > - How new tests should be added: A pull request? A form where
> > submissions are reviewed by admins? A link to the Tor tracker?
> 
> From a Tor perspective opening a ticket and posting the test there or
> ideally having a link to a test in the ticket that is fixing the
> fingerprinting vector seems like the preferred solution. I'd like to
> avoid the situation where tests get added to the system and we don't
> know about that dealing with users that are scared because of the new
> results. So, yes, some review should be involved here.

It would be great if  you could also include ways to guide users in
understanding the test results. From the top of my mind, it would be
good if the application would have a way to know which Tor Browser
version is being run. Then together with results, it would be good if
users would get an answer to the following questions:

 * Is this the expected result?
 * If not, is there any remediation available? At which cost?
   - This could be prompting users to upgrade to a new version.
     Ideally include support for known tools which bundle the
     Tor Browser, so the message could be âUpgrade to Tails 2.2â
     for Tails users.
   - Tell them to fiddle with the security slider, with a warning
     that they will loose some features.
 * If there's no immediate remediation available, can they do anything?
   - Is the issue known at all? Can we then assist them to report the
     problem in a meaningful manner? Or point them at the existing
     ticketâwith a warning that it's going to be tech+english.
   - Should they take extra precaution? Link to some documentation.
   - Do we need to collect more data? Let's guide them how.
   - Maybe it's a good opportunity to ask them for some money so we can
     hire more browser developers?

I'm pretty sure the UX team could give input on good wordings and
layout. And probably on the whole thing. :)

Have you consider any internationalization?

If not all of this can be implemented over the summer, just keeping it
in mind in the design stage might help to add the required features
later.

-- 
Lunar                                             <lunar@xxxxxxxxxxxxxx>

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev