#25658: Activity 2.1: Improve user understanding and user control by clarifying Tor Browser's security features -------------------------------------------+--------------------------- Reporter: isabela | Owner: antonela Type: project | Status: assigned Priority: High | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: ux-team, TorBrowserTeam201810 | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: Sponsor17 -------------------------------------------+---------------------------
Comment (by gk): Replying to [comment:37 arthuredelstein]: > Replying to [comment:34 gk]: > > The security risks don't map the the underlying transport ot its security being used. The security risks we try to tackle are to a large part due to the *content* that gets transferred. Someone injecting this content on the path from server to user is an important risk but just one of those we need to defend against. This binding the security state to HTTP/HTTPS is not sufficient. Moreover, the strongest security we want to provide is something like the current "safest" option we have. We won't be able to enable this by default probably forever as the breakage is too high, irrespective of the transport being used. > > We have discussed this issue previously, but I wanted to try laying it out in more detail and see if that helps to clarify the different approaches. :) > Design (2), proposed in comment:33: > || || Unblocked || Blocked || > || HTTP || || WebFont, blob, SVG, scripts, WebGL, Video, Audio, WebAudio, MathML, JIT || > || HTTPS || WebFont, blob, SVG, scripts, WebGL, Video, Audio, WebAudio, MathML, JIT || || Just reply to this item: That's not proposed in comment:33. Here is what antonela wrote: {{{ Again: I think that the best way to improve the security slider is removing the slider component. As mentioned before, the slider is a UI artifact that doesn't add any value to this settings. Instead, it confuses users about their benefits on upgrade or downgrade. If we could simplify the security settings into a boolean option, we will follow the current Firefox approach on settings both in desktop and in mobile, and we will help users by making it easier to understand the trade-off: "Do I trust in this site?" }}} So, comment:33 proposes to reduce the slider from three options to two *in general* and bind all the security features to the transport. But you want to keep "safest", "safer", and "standard" but redo the "safer" option. So, these are different things. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25658#comment:38> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs