Circuit visualizer needs a cue about guards

One user came to me really confused about the fact that everytime they used “New identitiy” or “New circuit for this site”, the first Tor node in the circuit was always the same. We probably should add an explanation about guards somewhere close to the circuit visualizer.

added TorBrowserTeam201603 component::applications/tor browser owner::tbb-team priority::medium resolution::fixed severity::normal status::closed tbb-7.0-frequent tbb-circuit-display tbb-usability type::enhancement ux-team labels

I think this is a good idea as I see this as a recurring theme in our blog comments, too. I fear, though, that getting the UX right is a non-trivial thing...

Trac:
Keywords: N/A deleted, tbb-usability added

One easy way I could think of is to have something like “89.234.157.254 (France, Guard)” with “Guard” hyperlinked to a good and accessible explanation of guards on Torproject.org website. That last part is tricky, but doesn't require coding.

Replying to lunar:

One easy way I could think of is to have something like “89.234.157.254 (France, Guard)” with “Guard” hyperlinked to a good and accessible explanation of guards on Torproject.org website. That last part is tricky, but doesn't require coding.

Instead of something on tpo, maybe about:guards internal to the browser to save on bandwidth would be better.

Trac:
Cc: N/A to mcs

Replying to yawning:

Instead of something on tpo, maybe about:guards internal to the browser to save on bandwidth would be better.

Do you see any special actions on such page? Like a “Change Guard” button?

(I haven't followed any discussions or progress on a Tor Browser User Manual lately, so I don't know if this would also fits in there, and the bundling question.)

Replying to lunar:

Replying to yawning:

Instead of something on tpo, maybe about:guards internal to the browser to save on bandwidth would be better.

Do you see any special actions on such page? Like a “Change Guard” button?

Not off the top of my head. Forcing a new guard is almost always bad for the user, so I think such feature would do more harm than good ("My tor is slow and bashing New Identity doesn't help, I'll rotate my guard" is something that should be difficult imo). It just felt like the documentation would be relatively static, and there's no need to strain the network with circuit creation etc, for a simple description about guards.

I can see the argument on making it centrally hosted as well, particularly in the ease of updating/localization fronts.

(I haven't followed any discussions or progress on a Tor Browser User Manual lately, so I don't know if this would also fits in there, and the bundling question.)

No idea here.

Trac:
Cc: mcs to mcs, arthuredelstein

Trac:
Keywords: N/A deleted, tbb-circuit-display added

Trac:

Here's a patch for review, where I suppress the IP and country name for the guard node. Instead, the circuit display simply says "Guard node" or, if there is a bridge, "Bridge: meek". This helps protect the user from leaking the identity of the guard accidentally (such as in screenshots or bug reports), and it also mostly avoids the confusion described in this ticket.

https://github.com/arthuredelstein/torbutton/commit/16665

Here's how the circuit display looks with this change:

Trac:
Keywords: N/A deleted, TorBrowserTeam201509R added
Status: new to needs_review

(Note that I added a new phrase, "Guard node" for translation, so we will need to push to Transifex in order for the tor circuit display to function properly with non-English locales.)

The patch looks OK to me, but I wonder if some people will complain that the guard or bridge IP is now hidden. Maybe we should provide some way to see it, even if it is hidden by default.

Trac:
Sponsor: N/A to N/A

My suggestion would be not remove the IP address that is next to Guard Node. First of all, it's useful for users to know what the IP address is, when guards change IP addresses and possibly (albeit a low chance) if the guard node's IP are changing within an irregular time frame. At the very least the country which the guard node is coming from should be shown. The "leaking the identity of the guard accidentally via screenshots" isn't really common so it shouldn't be something that should affect this.

Also, if possible create the ability to hover over the word "Guard node" and show a message which tells the user that "Guard node IP addresses change every ~3 months" or similar. This would greatly reduce people asking why guard node IP addresses are the same.

There should be an easy way for users to determine their guard node. Problems with guard nodes are not that uncommon and the guard node display helps tracking them down.

Moving needs_review tickets to October 2015.

Batch modification for realz now.

Trac:
Keywords: TorBrowserTeam201509R deleted, TorBrowserTeam201510R added

Replying to cypherpunks:

My suggestion would be not remove the IP address that is next to Guard Node. First of all, it's useful for users to know what the IP address is, when guards change IP addresses and possibly (albeit a low chance) if the guard node's IP are changing within an irregular time frame. At the very least the country which the guard node is coming from should be shown. The "leaking the identity of the guard accidentally via screenshots" isn't really common so it shouldn't be something that should affect this.

Also, if possible create the ability to hover over the word "Guard node" and show a message which tells the user that "Guard node IP addresses change every ~3 months" or similar. This would greatly reduce people asking why guard node IP addresses are the same.

I generally agree with that and thing we should keep the IP address. Hovering over "Guard node" might be one option although it might be hard to tell the user that there is something to hover in the first place. Maybe putting a "?" next to the first hop and allowing to hover over that one might help?

Trac:
Status: needs_review to needs_revision

Trac: