Mike Perry: > Cyrus Katrak: > > https://github.com/kr36/seaturtle > > > > At a high level: > > - Process per tab security model, with each tab owning it's own in-memory > > state (cache, cookies, local storage, hsts db etc...). > > We've been going for URL bar domain isolation in Tor Browser to avoid > divergence with how users expect the browser to behave: > https://www.torproject.org/projects/torbrowser/design/#philosophy > https://www.torproject.org/projects/torbrowser/design/#identifier-linkability > > Even still, per-tab isolation is a common request, so it's easy to > assume that this is what most people really want. But I think if you > think through how it will work in practice, it becomes fairly clear it's > actually a very bad property for usability. > > The easiest way to see how per-tab isolation will cause confusion is to > imagine the twitter use case. In a normal twitter user flow, the user > logs in to twitter, opens some lists and conversations (often in new > tabs), perhaps opens tweetdeck in a new tab, follows links from people > in their feed, and sends and receives twitter conversation links from > their friends over DM, chat, IRC, and email. > > If each these actions happens in a new, isolated tab, the user will be > forced to log in repeatedly to twitter, and worse, forget which tabs > they logged in to twitter on, especially once they start following links > (both on and off site) from people's feeds. Actually, I should point out that I'd love to hear hard data on this, in case I'm wrong. I did some testing, and most interactions on twitter seem to in fact be designed to keep you in the same tab while following links on the site, but open all off-site links in independent tabs. At least in TBB on the desktop. I bet sites like Facebook, Google, and Twitter have data on how many of their users end up using multiple tabs/windows vs staying in the same tab until logout. It could be that I'm wrong and that multitab/multiwindow users are not the norm for these services. -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk