Opened 4 years ago

Last modified 11 months ago

#14633 new defect

Default NoScript settings says "Allow Scripts Globally" is "dangerous"

Reported by: arthuredelstein Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Blocker Keywords: tbb-usability uxsprint2015
Cc: saint, gk, mcs, bastik.public@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

This is confusing to users, as observed in the UX sprint. Should we change the message here? On the other hand, JavaScript is dangerous!

Child Tickets

Change History (8)

comment:1 Changed 4 years ago by arma

Component: - Select a componentTor Browser
Owner: set to tbb-team

comment:2 Changed 4 years ago by saint

Instead of "Advised" and "Dangerous," the language could read "Better Security" and "Not Advised."

Even "Advised" and "Not Advised" would be better phrasing. Most instances of javascript found in the wild aren't dangerous, and users don't have the information required to determine *why* javascript might be dangerous. They seem to find this confusing.

comment:3 in reply to:  2 Changed 4 years ago by arma

Replying to saint:

Instead of "Advised" and "Dangerous," the language could read "Better Security" and "Not Advised."

Even "Advised" and "Not Advised" would be better phrasing. Most instances of javascript found in the wild aren't dangerous, and users don't have the information required to determine *why* javascript might be dangerous. They seem to find this confusing.

Does "Not Advised" correspond to the default setting here? If so, users are rightly confused that we ship something that we mark Dangerous, and if we change it to Not Advised, then they will be confused that we ship something and then mark it 'Not Advised'.

comment:4 Changed 4 years ago by gk

Cc: gk added

comment:5 Changed 4 years ago by mcs

Cc: mcs added

comment:6 Changed 4 years ago by intrigeri

Once the security slider controls the global NoScript behavior, maybe NoScript's own "Allow scripts globally" UI should simply be hidden instead of rephrased? Or did I miss a usecase for this button?

comment:7 Changed 4 years ago by bastik

Cc: bastik.public@… added

comment:8 in reply to:  6 Changed 11 months ago by cypherpunks

Severity: Blocker

Replying to intrigeri:

Once the security slider controls the global NoScript behavior, maybe NoScript's own "Allow scripts globally" UI should simply be hidden instead of rephrased? Or did I miss a usecase for this button?

Yes, see here: https://trac.torproject.org/projects/tor/ticket/22985#comment:3

This doesn't apply if the proposed solution there is implemented, in which case hiding NoScript may be a great idea.

Note: See TracTickets for help on using tickets.