Opened 10 months ago

Last modified 9 months ago

#24926 new enhancement

Should Tor Browser for Android support the PanicKit Panic Trigger Intent?

Reported by: sysrqb Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-mobile
Cc: igt0, n8fr8 Actual Points:
Parent ID: #5709 Points:
Reviewer: Sponsor:

Description

I see advantages and disadvantages for this. If we keep it, then we should add a preference for users, so they can enable or disable it.

At this point, when Orfox receives an the Panic intent, it clears some state and quits. After we implement #24920, we shouldn't need worry about clearing state, so the app should simply quit.

Child Tickets

Change History (4)

comment:1 Changed 10 months ago by eighthave

As the person who put it there, I think it should stay :) I think there should be a preference to control this, we have the UX laid out for this. The idea is that by default, all "panic responder" aps should do a "non-destructive" behavior so that someone can install a "panic trigger" app (e.g. Ripple) and have it work without any configuration. Then any "destructive" actions must be explicitly enabled by the user, and cryptographically tied to one specific panic trigger app. These can be deleting data, hiding the app by changing the name/icon/etc,

Here is a more thorough overview:
https://guardianproject.info/2016/01/12/panickit-making-your-whole-phone-respond-to-a-panic-button/

Quitting the browser could be considered destructive since the website might have state, stuff in a webform, uploading content, etc. I think it is important that Tor Browser have a default action for panic triggers to keep the the whole panic configuration experience as simple as possible. If there was a way to detect things that might be considered state, and only quit if those are not present, that would be ideal. One simple non-destructive response would be to stop tor itself and all related network traffic and hide all notifications.

As for destructive responses, I think Tor Browser should offer:

  • wipe all data and quit app (Tor Browser can do this without any confirmation)
  • prompt for full uninstall (Android requires that the user click the confirmation prompt)
  • change app icon/name and disguise itself as a game, utility, etc that is then unlocked with a PIN to restore Tor Browser with all data intact

comment:2 Changed 10 months ago by sysrqb

Parent ID: 19675

comment:3 Changed 10 months ago by sysrqb

Parent ID: 19675#19675

comment:4 Changed 9 months ago by sysrqb

Parent ID: #19675#5709

Moving these to #5709, these aren't blockers anymore. We'll merge Orfox patches first, then audit everything as we move to m-c and work on TBA. (We should create more tickets as we find more items that need investigating/fixing)

Note: See TracTickets for help on using tickets.