[tor-bugs] #25658 [Applications/Tor Browser]: Activity 2.1: Improve user understanding and user control by clarifying Tor Browser's security features

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Apr 23 11:44:38 UTC 2018 

#25658: Activity 2.1: Improve user understanding and user control by clarifying Tor
Browser's security features
-------------------------------------------+---------------------------
 Reporter:  isabela                        |          Owner:  antonela
     Type:  project                        |         Status:  assigned
 Priority:  High                           |      Milestone:
Component:  Applications/Tor Browser       |        Version:
 Severity:  Normal                         |     Resolution:
 Keywords:  ux-team, TorBrowserTeam201804  |  Actual Points:
Parent ID:                                 |         Points:
 Reviewer:                                 |        Sponsor:  Sponsor17
-------------------------------------------+---------------------------

Comment (by hiro):

 Replying to [comment:18 tom]:
 > Yea. Talking about the slider settings gets confusing because different
 words mean different things to different people, and there are a lot of
 things I think we're trying to roll up into a single slider.
 >

 The problem I see is exactly that and what we communicate to users. If I
 click on the learn more link on the slider I am taken to the Tor Browser
 Manual.
 The first sentence I see is the following:

 "Tor Browser includes a “Security Slider” that lets you increase your
 security by disabling certain web features that can be used to attack your
 security and anonymity. Increasing Tor Browser’s security level will stop
 some web pages from functioning properly, so you should weigh your
 security needs against the degree of usability you require."

 If I had not read the design document I would think of the security slider
 as mainly an increased privacy protection.
 I understand maybe the slider is not the place to talk about de-
 anonymisation in the Tor network and go into details, so maybe we should
 do that in the Tor Browser manual to make it more clear?

 Also, I think that, as a user I'd be able to better understand this if we
 would at least explain why we disable certain features and what I am
 loosing if I enable them.

 It is also worth to consider that it might be a risk to give the user the
 habit of lowering their security every time a website doesn't work. What
 if it is the website that is broken and not Tor Browser just to strict?

 A few of these considerations I suppose could also be included in the
 styleguide as a reference of how a page would work in the various Tor
 Browser modes. Also as some "tracking-blocking" features become used by
 other browser, this reasoning could be used to make pages generally more
 privacy friendly.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25658#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list