[tor-dev] Tor Launcher settings UI feedback request

Tom Ritter tom at ritter.vg
Fri May 3 20:07:56 UTC 2013


Sweet!  However I think this Wizard is a super-technical version of
something that should be much simpler if we intend to be targeting
non-technical users.

Feedback:
http://trial.pearlcrescent.com/tor/torlauncher/2013-05-03/SetupWizard/screen1-proxyYesNo.png

Question 1 (this is literally the first thing a user will see when
launching, right?) is a super-technical question.  How is a user
supposed to know if they're using a proxy?  If we're targeting users
who barely know what a browser is, I don't think these instructions
are good enough.  But any instructions would be wrong IMO.  Surely
there's some way to query this information from the system, no?  On
linux, looking at environment variables; on Windows there are system
functions.

http://trial.pearlcrescent.com/tor/torlauncher/2013-05-03/SetupWizard/screen3-firewallYesNo.png

What percentage of users are a) affected by this question and b)
understand it?  I suspect it's very, very low, and therefore not worth
dedicating a screen to.  Every additional screen is a monumental
amount of pain for a non-technical user to read, try to think through,
and then ultimately guess at hoping they get something right.  If
something, anything, doesn't work - they will think back through all
the screens they guessed at, and give up figuring it's way too hard to
figure out.

What's the behavior of firewalls failing?  Some drop packets (timeout)
and others reject, right?  If a connection on port 6-thousand-whatever
hits one of those cases, retry on 80 or 443.  Put up a cool animated
gif that makes the user think their computer is fighting hard to get
them online.  Bonus points for having it actually represent the packet
getting lost or being rejected.

http://trial.pearlcrescent.com/tor/torlauncher/2013-05-03/SetupWizard/screen5-bridges.png

I don't think this represents sufficiently that this is *Optional*.
That (most) users will not need to fill this in.



I think we should think about the security and privacy implications of
an approach that can be referred to technically as "try a bunch of
shit".

1) If a user wants to use a proxy (e.g. an SSH tunnel) and we don't
abide by that, they will leak network traffic, this is bad.  It's also
probably reasonably common for technical folks.
2) If a user must use a proxy - trying a non-proxied connection
doesn't really matter, it'll just be dropped. It's very unlikely this
will cause an alert or raise suspicions, especially when the net admin
has created a chokepoint (the proxy) where she can do all the logging
and analytics she wants.. (Anyone disagree?)
3) If a user must have their traffic exit on certain ports, and we try
a different port - the firewall will drop it, and again, unlikely to
cause an alert or raise suspicions.
4) If a user *wants* to have their traffic exit on a port, and we
don't abide by it, that's bad. But I don't think this is super common.
 Well, maybe it is, maybe people prefer port 443.

So I think the best course of action would be to try and handle
everything except to bridge screen automatically, with perhaps some
[Advanced] button in the bottom left that these settings are hidden
behind.  Get the proxy settings automagically, and try some port
probing.

-tom


More information about the tor-dev mailing list