Default NoScript settings says "Allow Scripts Globally" is "dangerous"
This is confusing to users, as observed in the UX sprint. Should we change the message here? On the other hand, JavaScript is dangerous!
Activity
Instead of "Advised" and "Dangerous," the language could read "Better Security" and "Not Advised."
Even "Advised" and "Not Advised" would be better phrasing. Most instances of javascript found in the wild aren't dangerous, and users don't have the information required to determine why javascript might be dangerous. They seem to find this confusing.
Replying to saint:
Instead of "Advised" and "Dangerous," the language could read "Better Security" and "Not Advised."
Even "Advised" and "Not Advised" would be better phrasing. Most instances of javascript found in the wild aren't dangerous, and users don't have the information required to determine why javascript might be dangerous. They seem to find this confusing.
Does "Not Advised" correspond to the default setting here? If so, users are rightly confused that we ship something that we mark Dangerous, and if we change it to Not Advised, then they will be confused that we ship something and then mark it 'Not Advised'.
Trac:
Cc: saint, gk, mcs to saint, gk, mcs, bastik.public@gmx-topmail.deReplying to intrigeri:
Once the security slider controls the global NoScript behavior, maybe NoScript's own "Allow scripts globally" UI should simply be hidden instead of rephrased? Or did I miss a usecase for this button?
Yes, see here: https://trac.torproject.org/projects/tor/ticket/22985#comment:3
This doesn't apply if the proposed solution there is implemented, in which case hiding NoScript may be a great idea.
Trac:
Sponsor: N/A to N/A
Reviewer: N/A to N/A
Severity: N/A to Blocker
