Tor Launcher UI for Proxy and Firewall selection is confusing to users

Frequently users contact the support desk for help configuring a proxy when they don't need to.

Some users think they can get even more security by setting a proxy with Tor, or they think that using a proxy with Tor can circumvent website bans, or they start using Tor when someone tells them they need to use a proxy, then when they see on Tor Browser's launch that they can set a proxy, they think that's what they should do.

Please use this ticket to discuss other ways tor-launcher is confusing for users.

added TorBrowserTeam201408 component::applications/tor launcher owner::brade parent::11180 priority::medium resolution::fixed status::closed tbb-helpdesk-frequent tbb-usability type::defect labels

Trac:
Cc: N/A to mcs, mikeperry

From help desk experiences, it appears that many users don't understand what a “restrictive firewall”. Almost all users who asked for help enabled it when they were not behind any outgoing firewall.

My understanding of the “restrictive firewall” option is that it is helpful to select which guard nodes to use from the entire set of Tor relays. But this does not really match what users of bridges want.

One idea:

• Ask the bridge question first.
• Buttons should be “Cancel”, “Advanced options”, “Connect”
• “Advanced options” would lead users to the firewall and proxy questions.

In any cases, the current situation is not good and trying anything else is worthwhile IMHO.

I do not know what the best approach is to reduce confusion.

Do we have any data about which users are having trouble with the firewall question? I wonder if this is a more significant issue in certain locales – either due to imperfect translation of the wizard text or cultural issues that make people think "Yes, I am behind a restrictive firewall because I am in China".

The easy fix would be to add more clarifying text to the Proxy and Firewall panels. We could also do as you suggest and move those panels behind an "Advanced Options" button, although I think the original idea was that the choice of "Connect" or "Configure" was supposed to be the main branch point. And I am a little worried that if we bury the proxy and firewall questions too deeply, users who need to configure those things will not be able to figure out why tor is unable to connect (and find the settings they need to change).

If you don't know what a proxy is, you can't answer this question appropriately. If you don't know what a “port” is, you can't answer the question about the firewall appropriately… Users who need to configure these things are either likely to be aware of their network situation or they will need further assistance. The current situation encourages people who hardly know about their network to tick the wrong boxes because they believe it will help.

For the record, I have seen users configure 127.0.0.1:9050 / 127.0.0.1:9150 as an answer to the proxy question.

<Lunar^> nickm, karsten: Do you think we could collect counts of clients with FascistFirewall or *Proxy enabled? 
<karsten> Lunar^: we don't have any infrastructure in place to count client statistics. so I guess the answer is no, not easily.
<nickm> Lunar^: Offhand I don't know an easy way to do that in a privacy-preserving way

I talked to Lunar and here is our concrete suggestion:

Reduce the set of network setting config questions we ask from three to two. That is, we ask about proxy and bridges and stop asking about which ports are reachable.

The behavior from Tor Launcher in the background should be:

• If the user sets a proxy but doesn't set a bridge, set FascistFirewall 1 for her.
• If the user sets a proxy and also a bridge, don't set FascistFirewall.

The reasoning is that many proxies restrict the set of ports they'll proxy for, so we're resolving many "confused user" cases if we just take care of that part.

And in the case of a user who isn't using a proxy but has only ports 80 and 443 reachable, her Tor will pretty quickly find a guard on 443. So whereas for proxies and bridges we really do need the user to set something, bugging them about what ports are reachable is just to give Tor a hint, and Tor will figure it out pretty quickly anyway. Unless their reachable ports are really esoteric, in which case I guess they'd best either be really patient while Tor tries, or learn how to edit the torrc.

Trac:
Keywords: N/A deleted, TorBrowserTeam201406 added

Trac:
Keywords: TorBrowserTeam201406 deleted, TorBrowserTeam201407 added

Trac:
Keywords: TorBrowserTeam201407 deleted, TorBrowserTeam201408 added

We have made this change: https://gitweb.torproject.org/tor-launcher.git/commit/11467241203a65e71de97d91a24b15ffa5b976da

The firewall prompt has been removed from the wizard and we use ReachableAddresses to limit ports to 80,443 when a proxy is configured with no bridges.

Trac:
Resolution: N/A to fixed
Status: new to closed

closed

mentioned in issue #23945 (moved)

mentioned in issue #24452 (moved)

mentioned in issue #24452 (moved)

moved to tpo/applications/tor-launcher#11405 (closed)