Opened 3 years ago

Closed 3 years ago

#17767 closed defect (fixed)

Make it more clear that JavaScript is disabled on security level "high"

Reported by: gk Owned by: arthuredelstein
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-security-slider, TorBrowserTeam201609R
Cc: arthuredelstein, brade, mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor: SponsorU

Description

If a user is setting the security slider level to "high" and is reading its description, the first thing JavaScript related that shows up is: "All JavaScript performance optimizations are disabled. Scripts on some sites my run slower."

This is pretty confusing as a bit later it is pointed out that "JavaScript is disabled by default on all sites."

We should remove the first explanation on this security level. Thanks for karsten pointing this out.

Child Tickets

Change History (12)

comment:1 Changed 3 years ago by cypherpunks

The explanation is consistent and that part contains important information that shouldn't be removed. Disabled by default means exactly that - by default.

Perhaps it would be clearer with the sentence about JS disabled on all sites by default coming first. I don't think it's a big difference, though.

comment:2 in reply to:  1 Changed 3 years ago by gk

Replying to cypherpunks:

The explanation is consistent and that part contains important information that shouldn't be removed. Disabled by default means exactly that - by default.
Perhaps it would be clearer with the sentence about JS disabled on all sites by default coming first. I don't think it's a big difference, though.

I think there is a big difference: users might want to inform themselves about the JavaScript behavior if they switch to the highest security level. They start reading and come to the first note about performance optimizations. They think they've found the information they were looking for and stop reading as the sentences are pretty clear: JavaScript is on but just slower.
They are wrong. That does not describe this security level. The only thing that describes it is that JavaScript is disabled by default on all sites.

comment:3 Changed 3 years ago by teor

A similar issue exists for the Medium-High security level.

I suggest we reorder the sentences as follows:

  • JavaScript is disabled by default...
  • JavaScript performance optimizations...
  • HTML5 video and audio become click-to-play...

Users might be asked to enable JavaScript by websites that need it. So I suggest we put the JavaScript descriptions first.

Should we also modify the JavaScript performance explanation on High?

  • If JavaScript is enabled, performance optimizations...

comment:4 Changed 3 years ago by gk

Keywords: TorBrowserTeam201609 added
Sponsor: SponsorU

Getting this on our radar for September.

comment:5 Changed 3 years ago by arthuredelstein

Cc: arthuredelstein added

comment:6 Changed 3 years ago by arthuredelstein

Keywords: TorBrowserTeam201609R added; TorBrowserTeam201609 removed
Status: newneeds_review

comment:7 Changed 3 years ago by arthuredelstein

Owner: changed from tbb-team to arthuredelstein
Status: needs_reviewassigned

comment:8 Changed 3 years ago by arthuredelstein

Status: assignedneeds_review

comment:9 Changed 3 years ago by mcs

Cc: brade mcs added
Status: needs_reviewneeds_revision

This approach seems OK (reordering the text). But we should also reorder the text within the slider tooltips (i.e., in the id="high_preview" and id="mh_preview" tooltip elements).

comment:10 in reply to:  9 Changed 3 years ago by arthuredelstein

Replying to mcs:

This approach seems OK (reordering the text). But we should also reorder the text within the slider tooltips (i.e., in the id="high_preview" and id="mh_preview" tooltip elements).

Oops -- thanks for catching that. Here's a new version that has the slider tooltips corrected, as well as adopting teor's suggestions.

https://github.com/arthuredelstein/torbutton/commit/17767+1

comment:11 Changed 3 years ago by arthuredelstein

Status: needs_revisionneeds_review

comment:12 Changed 3 years ago by gk

Resolution: fixed
Status: needs_reviewclosed

Looks good to me. Applied to master (commit fe6c10c893f3aed2d58e5b0c1b703543d7286f96).

Note: See TracTickets for help on using tickets.