#21940: OSX updater: consider disabling privilege escalation -------------------------------------------------+------------------------- Reporter: mcs | Owner: mcs Type: defect | Status: | needs_review Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: ff52-esr, tbb-7.0-must, | Actual Points: TorBrowserTeam201705R | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by linda): > Usability aspect here is that many users want to make TBB the default web browser, also to make it more secure to open web content from any app, and as a part of that, there is the need to install TBB as usual app, usually to the default location which usually needs admin privileges on any OS. I don't think that there is a usability issue here, but that it is a security issue that the browser team will make a decision on. A decision can be made without my consultation. The average internet user (which is different from the average Tor user) will likely not know the difference between an application requiring admin privileges or not, and will not notice if it does request it. They just want to install the thing so that they can use it. Unless it requires a different installation pattern than everything they are used to, I don't think they will notice. Generally, I think we should still do what is best in terms of security. (I would like to clarify that "if we de-escalate then things will break and we need to fix them" != a usability issue, that's just technical work as a result of decisions made. Also "a decision that will have security implications" != a usability issue (even if people have preferences over it, and if you honor those preferences. I think that's just catering to the right userbase. A usability issue is when everything is technically working fine, and people still have a hard time using it--i.e. when tor launcher asks a user to choose bridges but they don't know what they are and choose randomly.) -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21940#comment:10> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs