Opened 7 years ago

Closed 7 years ago

#10482 closed enhancement (duplicate)

External applications warning could be clearer and more specific

Reported by: schoen Owned by: mikeperry
Priority: Medium Milestone:
Component: TorBrowserButton Version:
Severity: Keywords: tbb-usability
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


I talked to a TBB user who was confused by the "External applications are not safe by default and could unmask you" message, and the following thoughts came out of our discussion about this:

  • The idea of "unmask you [by sending information over the Internet that lets someone see your IP address]" isn't very intuitive to some users, who might either not think about non-Internet-oriented applications as communicating online in the first place, or might not be thinking about Tor's threat model. To unpack this, one concept is that "external non-Tor software might communicate on the Internet (not through Tor)" and another concept is that "if software communicates on the Internet, someone spying on you might figure out who or where you are". Users might be surprised by both of these concepts and not constantly bear them in mind when using TorBrowser.
  • The dialog doesn't make very obvious what the external software in question is. It might be helpful if it said something about the particular application that the user is going to use and explained that this application isn't under the control of Tor, or protected by it, so it could communicate non-anonymously on the Internet. The idea of "external applications" might be too abstract or general in this context, compared to referring to particular software like LibreOffice, Microsoft Word, Adobe Reader, or whatever.
  • The dialog appears even if the user tries to save a file without opening it using an application. This might be appropriate because opening it later could unmask the user, but it might also be confusing because the user might think "but I only wanted to save the file"! It might be helpful at least to make the warning appropriate to the action that the user is taking at that point: if they're trying to "open" a file with an application, warn about that application; if they're trying to "save" a file to the disk, warn that later use of that file in an external application isn't protected by Tor and can cause non-anonymous network activity.
  • The dialog appears during the officially recommended upgrade path (downloading a new TBB from the Tor web site), which is disturbing because check.tpo specifically asked the user to upgrade, but then confronted them with a warning when the user did what they were asked to. Is there a safe way to make the intended TBB upgrade path not warn the user that what they're doing is a security risk?

Child Tickets

Change History (2)

comment:1 Changed 7 years ago by mikeperry

Keywords: tbb-usability added

comment:2 Changed 7 years ago by mikeperry

Resolution: duplicate
Status: newclosed

Dup of #7439 (which includes some possible example text). See also #1079 and #9901.

Note: See TracTickets for help on using tickets.