#25658: Activity 2.1: Improve user understanding and user control by clarifying Tor
Browser's security features
-------------------------------------------+---------------------------
Reporter: isabela | Owner: antonela
Type: project | Status: assigned
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ux-team, TorBrowserTeam201810 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor: Sponsor17
-------------------------------------------+---------------------------
Comment (by antonela):
Replying to [comment:49 cypherpunks3]:
> Replying to [comment:9 antonela]:
> > Replying to [comment:8 cypherpunks]:
> > > (Also a note on the `about:preferences` changes: I think they're
unnecessary since the functionality would already be offered by the
security button, so there's no need for duplicate effort)
> > >
> >
> > Well, we don't want to have the slider on the Top bar UI. The
doorhanger is just showing the security setting description + a call to
action in the case the user wants to change it. So if the user wants to
change the security setting, they should go to `about:preferences` to
upgrade or downgrade their setup.
>
> This makes it much more impractical, you have to go to a new tab with
`about:preferences` just to change the security slider and it has the
unintended side effect of making the user think that it's 'okay' to mess
with stuff on `about:preferences`.
Yes. The security slider settings apply globally. You can start to think
this user flow making a question: When do users upgrade or downgrade their
security? Then you will realize that the *trigger* usually comes from the
current site/tab there are visiting, or they are willing to attend.
The best part now is that we are planning to allow per-site permissions.
So, if you are a user in the highest security mode and some site you are
visiting have bad performance (gets broken), but you trust in that site,
and you are okay with javascript running there, then you can allow it
temporary. With this scenario, you don't need to change your global
setting, but a temporary feature is enabled in the current tab.
That is cool. We are avoiding this common user pattern when users
downgrade their security because they want to visit an specific site and
then they never go up again.
There are no reasons for you as a non-technical user to mess stuff in
about:preferences because you will have there the same three options
without global granular settings. You can downgrade or upgrade your
overall security, and your browser will restart to apply changes.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25658#comment:50>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online