Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#20264 closed defect (fixed)

Reduce number of security slider states from 4 to 3 (proposed)

Reported by: arthuredelstein Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-security-slider, TorBrowserTeam201611R
Cc: amoghbl1, boklm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Something we talked about at the Seattle meeting is the possibility of having only 3 allowed security slider states: Low, Medium and High. We would migrate users at Medium-Low to Medium-High and rename the latter to Medium. It seems such a change would improve usability and security. Also I think the current Medium-High is probably the best compromise for most users who are sophisticated enough to adjust the security slider.

Discuss! :)

Child Tickets

Change History (13)

comment:1 Changed 3 years ago by arthuredelstein

Cc: amoghbl1 added

Also, it might be good to figure this out soon given that Amogh is porting the security slider to Android.

comment:2 Changed 3 years ago by gk

I think this is a good idea. I am not sure yet, though, whether we should put that on our October plate given all the loose ends with our SponsorU funding. But it could be something for Tor Browser 6.5. Adapting the code for just 3 settings for Android should not be that hard.

comment:3 Changed 3 years ago by mcs

I also believe that reducing the choices from four to three makes sense in terms of usability. Looking at what is different between Medium-Low and Medium-High, the only setting that I am a little worried about is javascript.options.baselinejit.content = false. I don't know if that reduces JS performance enough that users will dislike Medium-High.

comment:4 Changed 3 years ago by fem

I think it's a good idea as the only difference between Medium-Low and Medium-High is that Medium-Low disables some JS performance optimizations (ION JIT, Type Inference, ASM.JS) while Medium-High disables all js optimizations (..., Baseline JIT) in addition to all js on non-https sites by default and SVG OpenType font rendering.

The differences with Low would then be that Medium makes html5 media click-to-play, disables MathML and blocking JAR files (which there's another ticket open discussing dropping the option from the slider, enabling it by default).

As for the performance question mcs brought up: I have Baseline JIT disabled and I don't notice it being slower but that is just my subjective experience. I find it does not matter too much because network performance through tor tends to be the biggest variable.

Last edited 3 years ago by fem (previous) (diff)

comment:5 in reply to:  description ; Changed 3 years ago by bugzilla

Replying to arthuredelstein:

Something we talked about at the Seattle meeting is the possibility of having only 3 allowed security slider states: Low, Medium and High.

Lo-Mid-Hi, let's make security as easy as consumer-grade electronics :)
(No, it will never be as easy, it's just a false sense of security.)

We would migrate users at Medium-Low to Medium-High and rename the latter to Medium. It seems such a change would improve usability and security.

Usability - by removing two-word names :), security - by removing one JS-MitM-enabled position, and privacy - by reducing fingerprinting.

Also I think the current Medium-High is probably the best compromise for most users who are sophisticated enough to adjust the security slider.

You think correctly, but it shows that TBB is still a compromise :(. Every higher setting should include everything from previous (including flexibility) and shouldn't degrade in security options (I'll file separate tickets for those issues).

Discuss! :)

The other teams prohibit to use bugtracker for discussions, but TBB Team encourages :)
(It's good when no forum, but could be bad when no moderation.)

comment:6 in reply to:  5 ; Changed 3 years ago by arthuredelstein

Replying to bugzilla:

Also I think the current Medium-High is probably the best compromise for most users who are sophisticated enough to adjust the security slider.

You think correctly, but it shows that TBB is still a compromise :(.

There is an inherent tension between security and usability in any browser -- a compromise is unavoidable. The slider is there to give the user some choice in the compromise they wish to make. If there were no tension, there would be no slider.

comment:7 in reply to:  6 Changed 3 years ago by bugzilla

Replying to arthuredelstein:

Replying to bugzilla:

Also I think the current Medium-High is probably the best compromise for most users who are sophisticated enough to adjust the security slider.

You think correctly, but it shows that TBB is still a compromise :(.

There is an inherent tension between security and usability in any browser -- a compromise is unavoidable. The slider is there to give the user some choice in the compromise they wish to make. If there were no tension, there would be no slider.

Compromise is that the user wants to set High, but has to use Medium-High, because of e.g. #20314 and #17637.

comment:8 Changed 3 years ago by arthuredelstein

Keywords: TorBrowserTeam201610R added
Status: newneeds_review

Here's a patch for review:
https://github.com/arthuredelstein/torbutton/commit/20264

It depends on the patch proposed for #20347.

comment:9 Changed 3 years ago by arthuredelstein

Here's a new version of the patch, rebased onto my 20347+1 patch:
https://github.com/arthuredelstein/torbutton/commit/20264+1

comment:10 Changed 3 years ago by mcs

Kathy and I reviewed the 20264+1 patch and it looks okay to us (of course gk should also review it because it would be bad to ship a a buggy security slider).

comment:11 Changed 3 years ago by gk

Keywords: TorBrowserTeam201611R added; TorBrowserTeam201610R removed

Moving review tickets to November.

comment:12 Changed 3 years ago by gk

Cc: boklm added
Resolution: fixed
Status: needs_reviewclosed

Looks good to me. boklm, our slider tests need to get updated I think.

Last edited 3 years ago by gk (previous) (diff)

comment:13 in reply to:  12 Changed 3 years ago by boklm

I created #20626 for the tests update.

Note: See TracTickets for help on using tickets.