[tbb-bugs] #25658 [Applications/Tor Browser]: Activity 2.1: Improve user understanding and user control by clarifying Tor Browser's security features
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 18 11:59:52 UTC 2018
#25658: Activity 2.1: Improve user understanding and user control by clarifying Tor
Browser's security features
-------------------------------------------+---------------------------
Reporter: isabela | Owner: antonela
Type: project | Status: assigned
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ux-team, TorBrowserTeam201804 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor: Sponsor17
-------------------------------------------+---------------------------
Comment (by antonela):
Hi! I have been working on creating an icon set that allows us to show
visual feedback for our three levels of security.
I tried hard the ideas we talked about last week.
You can lurk them here
https://trac.torproject.org/projects/tor/attachment/ticket/25658/25658-exploration%202.png
But nothing seems working.
So, I did an exercise, and I started to walk the user journey to
understand what are the user expectations when they downgrade or upgrade
their security settings.
Let's walk through this user journey:
- User wants to visit a risky site or a shared URL from an unknown source
- User slide up the Security Slider and set up the security at Safer or
Safest
- User types the URL and waits until the content load
- The content is not loading correctly because of settings.
- User can
a) downgrade their security level to make things work
b) use the website as it is because the nonloaded content is not
critical (e.g., fonts change, or an ad at sidebar blocked with js)
In both cases, probably an update of security won't fix the problem. In
the best situation, it will create a new content display problem. But in
the worst, users are exposed to leak information.
Also, seems like users don't even need to understand how the security
engine works, but how it benefits them[0]. We may make the decision easier
for them. And we can work with their expectations.
The slider UI was selected before for being a familiar pattern to set up a
stepped security level, pretty similar to Security Slider configuration on
Microsoft's IE. But now, we are experimenting the downsides of it.
So, can we simplify the choices? What if we have two levels of security
instead of three? Activated and Deactivated.
Maybe, we can increase TorBrowser default security by moving some medium
settings to default.
You can see the concept here
https://trac.torproject.org/projects/tor/attachment/ticket/25658/25658%20-%202.png
What do you think? Can we re-think this feature, so it works proactively
with user expectations? Can we offer a UX that is intuitive and
straightforward for regular users?
And for heavy users, can we allow them to set up specific content through
a granular configuration? How technically possible it is?
Is any tradeoff on removing medium security setting? Is it a lot of
development effort?
Will people downgrade their security because something is not
working/loading properly? If yes, is it not what users are doing right now
everytime they want to see a video, and someone is tracking them, and the
resistance app is blocking the content, and the content is not working?
[0] https://www.freehaven.net/anonbib/cache/usableTor.pdf
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25658#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list