[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] GSoC'16 proposal: the Torprinter project (a Panopticlick-like website)



Hi Lunar,

Thanks for the valuable feedback!
It would be great to have the features that you cite into the website.
For the first version, my point of view is to mainly focus on the added
value for developers which is to add/remove tests easily and get the
relevant data as easily as possible for them. With that, they can make
decisions on what to do next inside the Tor browser. For subsequent
versions, focusing on users could be really interesting if the rest
proves to be solid and stable.

What you described in your answer would be a more advanced version of
the "How far are you from an acceptable fingerprint?" feature that I
plan to integrate from the get-go. If the website detects that the user
has not a recommended configuration, it could give different links with
information and steps on how to fix that so that a non-tech person can
understand what they will do and what they will modify. Suggestions to
play with the security slider could be a great addition.
I'll be honest, I don't know how much of what you propose could be done
before summer's end. My timeline is a little bit rough but even if it is
not done by then, I can still add it after the GSoC period ends.

For the internationalization, the framework that I plan to use (either
Play or Django) supports it through templating. This means that anyone
can contribute to the translation without writing a line of HTML. The
main file will be in English and I'll probably do the one in French at
the same time. One contributor who wants to help will just have to take
the English file and translate each line without having to find
scattered hardcoded strings through different HTML files.

Pierre

On 03/22/2016 11:21 AM, Lunar wrote:
> Hi Pierre!
> 
> Thanks for this valuable proposal. :) Just a quick comment frome someone
> who has experienced supporting Tor users.
> 
> Georg Koppen:
>>> - How new tests should be added: A pull request? A form where
>>> submissions are reviewed by admins? A link to the Tor tracker?
>>
>> From a Tor perspective opening a ticket and posting the test there or
>> ideally having a link to a test in the ticket that is fixing the
>> fingerprinting vector seems like the preferred solution. I'd like to
>> avoid the situation where tests get added to the system and we don't
>> know about that dealing with users that are scared because of the new
>> results. So, yes, some review should be involved here.
> 
> It would be great if  you could also include ways to guide users in
> understanding the test results. From the top of my mind, it would be
> good if the application would have a way to know which Tor Browser
> version is being run. Then together with results, it would be good if
> users would get an answer to the following questions:
> 
>  * Is this the expected result?
>  * If not, is there any remediation available? At which cost?
>    - This could be prompting users to upgrade to a new version.
>      Ideally include support for known tools which bundle the
>      Tor Browser, so the message could be “Upgrade to Tails 2.2”
>      for Tails users.
>    - Tell them to fiddle with the security slider, with a warning
>      that they will loose some features.
>  * If there's no immediate remediation available, can they do anything?
>    - Is the issue known at all? Can we then assist them to report the
>      problem in a meaningful manner? Or point them at the existing
>      ticket—with a warning that it's going to be tech+english.
>    - Should they take extra precaution? Link to some documentation.
>    - Do we need to collect more data? Let's guide them how.
>    - Maybe it's a good opportunity to ask them for some money so we can
>      hire more browser developers?
> 
> I'm pretty sure the UX team could give input on good wordings and
> layout. And probably on the whole thing. :)
> 
> Have you consider any internationalization?
> 
> If not all of this can be implemented over the summer, just keeping it
> in mind in the design stage might help to add the required features
> later.
> 
> 
> 
> _______________________________________________
> tor-dev mailing list
> tor-dev@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
> 

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev