[tbb-bugs] #24926 [Applications/Tor Browser]: Should Tor Browser for Android support the PanicKit Panic Trigger Intent?

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jan 19 11:06:49 UTC 2018 

#24926: Should Tor Browser for Android support the PanicKit Panic Trigger Intent?
--------------------------------------+--------------------------
 Reporter:  sysrqb                    |          Owner:  tbb-team
     Type:  enhancement               |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-mobile                |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by eighthave):

 As the person who put it there, I think it should stay :)  I think there
 should be a preference to control this, we have the UX laid out for this.
 The idea is that by default, all "panic responder" aps should do a "non-
 destructive" behavior so that someone can install a "panic trigger" app
 (e.g. Ripple) and have it work without any configuration.  Then any
 "destructive" actions must be explicitly enabled by the user, and
 cryptographically tied to one specific panic trigger app.  These can be
 deleting data, hiding the app by changing the name/icon/etc,

 Here is a more thorough overview:
 https://guardianproject.info/2016/01/12/panickit-making-your-whole-phone-
 respond-to-a-panic-button/

 Quitting the browser could be considered destructive since the website
 might have state, stuff in a webform, uploading content, etc.  I think it
 is important that Tor Browser have a default action for panic triggers to
 keep the the whole panic configuration experience as simple as possible.
 If there was a way to detect things that might be considered state, and
 only quit if those are not present, that would be ideal.  One simple non-
 destructive response would be to stop tor itself and all related network
 traffic and hide all notifications.

 As for destructive responses, I think Tor Browser should offer:
 * wipe all data and quit app (Tor Browser can do this without any
 confirmation)
 * prompt for full uninstall (Android requires that the user click the
 confirmation prompt)
 * change app icon/name and disguise itself as a game, utility, etc that is
 then unlocked with a PIN to restore Tor Browser with all data intact

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24926#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list