[tor-bugs] #10482 [TorBrowserButton]: External applications warning could be clearer and more specific

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Dec 24 00:12:42 UTC 2013 

#10482: External applications warning could be clearer and more specific
------------------------------+---------------------------
 Reporter:  schoen            |          Owner:  mikeperry
     Type:  enhancement       |         Status:  new
 Priority:  normal            |      Milestone:
Component:  TorBrowserButton  |        Version:
 Keywords:                    |  Actual Points:
Parent ID:                    |         Points:
------------------------------+---------------------------
 I talked to a TBB user who was confused by the "External applications are
 not safe by default and could unmask you" message, and the following
 thoughts came out of our discussion about this:

 * The idea of "unmask you [by sending information over the Internet that
 lets someone see your IP address]" isn't very intuitive to some users, who
 might either not think about non-Internet-oriented applications as
 communicating online in the first place, or might not be thinking about
 Tor's threat model.  To unpack this, one concept is that "external non-Tor
 software might communicate on the Internet (not through Tor)" and another
 concept is that "if software communicates on the Internet, someone spying
 on you might figure out who or where you are".  Users might be surprised
 by both of these concepts and not constantly bear them in mind when using
 TorBrowser.

 * The dialog doesn't make very obvious what the external software in
 question ''is''.  It might be helpful if it said something about the
 particular application that the user is going to use and explained that
 this application isn't under the control of Tor, or protected by it, so it
 could communicate non-anonymously on the Internet.  The idea of "external
 applications" might be too abstract or general in this context, compared
 to referring to particular software like LibreOffice, Microsoft Word,
 Adobe Reader, or whatever.

 * The dialog appears even if the user tries to save a file without opening
 it using an application.  This might be appropriate because opening it
 later could unmask the user, but it might also be confusing because the
 user might think "but I only wanted to save the file"!  It might be
 helpful at least to make the warning appropriate to the action that the
 user is taking at that point: if they're trying to "open" a file with an
 application, warn about that application; if they're trying to "save" a
 file to the disk, warn that later use of that file in an external
 application isn't protected by Tor and can cause non-anonymous network
 activity.

 * The dialog appears during the officially recommended upgrade path
 (downloading a new TBB from the Tor web site), which is disturbing because
 check.tpo specifically asked the user to upgrade, but then confronted them
 with a warning when the user did what they were asked to.  Is there a safe
 way to make the intended TBB upgrade path not warn the user that what
 they're doing is a security risk?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10482>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list