[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Rethinking Bad Exit Defences: Highlighting insecure and sensitive content in Tor Browser

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Rethinking Bad Exit Defences: Highlighting insecure and sensitive content in Tor Browser
From: nusenu <nusenu@xxxxxxxxxxxxxxx>
Date: Tue, 28 Mar 2017 18:03:00 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 28 Mar 2017 14:04:15 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1490724211; bh=0T0X3ZL3fKw4RYpfTzqlJdWXfL4AlO+qqokQEcGsNKk=; h=Subject:To:References:From:Date:In-Reply-To:From; b=SDSoBa0x/Jm5OYJS9iJanz8o2Ynlx2etFCaKvHswA2xF6ZlSDuub4xCtMQ+Ew9T43 TpszU2FLkZNAKZuqOC7SkpU0bd2wRj5ed9YQBu1Zg82ZWydjkjXTBijPwXXJVvZ4fr k4xKeoxMWyu+6Q2OA3G/BHveNhJFozL8iBhUJNqA=
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1490724196; bh=0T0X3ZL3fKw4RYpfTzqlJdWXfL4AlO+qqokQEcGsNKk=; h=Subject:To:References:From:Date:In-Reply-To:From; b=Hg5j6cdZlAR6yFs0/DSjCHNp1lxnFbH7i4AXVlAoj3zzxf4yIUanJ3Icw9Exx60XZ sNHijo3PaQziAQm6vUcO+Hw4cSsj0+AtIVU/fpi8GwaeESR4ZUEoLJPRZKYC9stP/g NYpoxqpZzr/KI10HOuvBLb1Yi35TZW031c6KFXws=
In-reply-to: <CA+cU71ko60OSxoCEJAcYxDD27p4hN=MGFXMfnYBA2GVZbHnm7A@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <d21e5728-843e-3b54-b69b-bbbd748e505c@donncha.is> <CA+cU71ko60OSxoCEJAcYxDD27p4hN=MGFXMfnYBA2GVZbHnm7A@mail.gmail.com>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>


Tom Ritter:
> It seems reasonable but my first question is the UI. Do you have a
> proposal?  The password field UI works, in my opinion, because it
> shows up when the password field is focused on. Assuming one uses the
> mouse to click on it (and doesn't tab to it from the username) - they
> see it.

Depending on how "intrusive" you want to be you could hide the
bitcoin/onion addresses with an overlay similar how NoScript (used to?)
hide flash content and make it visible after clicking on it and
acknowledging a warning.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Rethinking Bad Exit Defences: Highlighting insecure and sensitive content in Tor Browser
  - From: Donncha O'Cearbhaill
- Re: [tor-dev] Rethinking Bad Exit Defences: Highlighting insecure and sensitive content in Tor Browser
  - From: Tom Ritter

Prev by Author: Re: [tor-dev] GSoC 2017 - Project "Crash Reporter for Tor Browser"
Next by Author: [tor-dev] GSoC 17- Intro
Previous by thread: Re: [tor-dev] Rethinking Bad Exit Defences: Highlighting insecure and sensitive content in Tor Browser
Next by thread: Re: [tor-dev] Rethinking Bad Exit Defences: Highlighting insecure and sensitive content in Tor Browser
Index(es):
- Author
- Thread