Opened 11 months ago

Last modified 2 months ago

#28800 needs_information task

Implement New Identity functionality for Tor Browser on Android

Reported by: gk Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-mobile, tbb-newnym, ux-team, TBA-a3, tbb-8.5, tbb-parity, TorBrowserTeam201904
Cc: anontela, sysrqb, igt0, jan@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor9

Description

We want to have an easy to use New Identity functionality for Tor Browser for Android. Currently there is some New Identity-like functionality provided by Orbot but a) that's only responsible for circuit-switching and b) it is not clear whether we stick to Orbot in our grand scheme of things.

Child Tickets

Attachments (1)

tba-trash.png (36.2 KB) - added by antonela 8 months ago.

Download all attachments as: .zip

Change History (13)

comment:1 Changed 11 months ago by darkspirit

Cc: jan@… added

comment:2 Changed 11 months ago by gk

Keywords: TBA-a3 added

comment:3 Changed 10 months ago by gk

Keywords: TorBrowserTeam201901 added; TorBrowserTeam201812 removed

Moving tickets to Jan 2019.

comment:4 Changed 10 months ago by gk

Keywords: TorBrowserTeam201902 added; TorBrowserTeam201901 removed

Moving tickets to February.

comment:5 Changed 9 months ago by gk

Keywords: TorBrowserTeam201903 added; TorBrowserTeam201902 removed

Moving remaining tickets to March.

comment:6 Changed 9 months ago by gk

Keywords: tbb-8.5 added

Tickets on our radar for 8.5

comment:7 Changed 9 months ago by gk

Status: newneeds_information

antonela: Any suggestions on how this should get exposed to mobile users?

Changed 8 months ago by antonela

Attachment: tba-trash.png added

comment:8 Changed 8 months ago by antonela

Hi, I have been thinking about the New Identity feature also for desktop, and I have some notes made back for an OTF proposal. Maybe is time to sharing those here :)

For readers, the documentation available about what the New Identity feature does and how we are communicating this to users is here.

https://www.torproject.org/projects/torbrowser/design/#new-identity

Also, this StackExchange questions illuminated me about where this feature name is coming from

https://tor.stackexchange.com/questions/13981/new-identity-vs-reopening-browser/13986#13986

TL;DR: Design goal: "All linkable identifiers and browser state MUST be cleared by this feature."

If we trace a user journey map, we can see how the need of a new identity is triggered by some specific situations defined by previous browsing activities that not necessarily imply a new user but sometimes does. In other words, users with technical background rely on a new identity when they want to clean back their previous activity. And they want to be sure about it.

During our global south travels, we quickly learned that our target demographic did not understand why they would want to use such a feature. They did not understand what a new identity would affect, why it would be essential to use, and what risks they were facing if they didn’t use the new identity feature. The feature did not include enough information to guide them through the process or tell them when and why to use a new identity.

Often, users asked us what a difference between asking for a new circuit vs. a new identity vs. open a new tab is. Users click on New Identity when they want to clean all that they have been doing before, like sensible searching.

My goal with this redesign is changing the perspective of the experience of the feature from “what the browser is doing” to “how a user benefits from it.”

If users are using new identity when they want to clean previous activity and also to have a new fresh tab, why we don't rename this feature as something that can recall on users for the immediate action?

I think we can rename this feature using terms/icons like "Fire," “Forget,” “Trash,” “Delete,” or “Clean” to indicate 1. the clean of previous identifiers and, 2. creation of a fresh tab.

We could make it consistent with other browsers too. Language consistency with other major browsers that users may be familiar with--like Chrome, Safari, and Firefox--should make it more clear that clicking the button will close the user’s tabs, clear all cookies, and reset the browser’s connection to the Tor network.

Since we are also removing cookies, we need to educate users on their first time experience about how sessions will expire and tabs will close.

The new identity feature improvement is especially critical for mobile users. Ephimerous sessions for sensible searches are a core feature for a sharing device context like we discovered in Colombia with activists collectives. This presentation and this paper talk about these contexts deeply.

Proposed new user flow

  1. User clicks on the icon. This action is global, so the icon should be placed at the toolbar.
  2. All tabs get closed, and all cookies get cleared (logged sessions will expire)
  3. about:tor is open

TBA Concept
https://trac.torproject.org/projects/tor/attachment/ticket/28800/tba-trash.png

Questions for development

  • Do you have a better label to rename this feature that recalls what the user wants to do immediately instead of what the browser will do later?
  • Can we offer ephemeral sessions per tabs? Is this possible?
  • Will TBA replicate the same behavior TB has on the desktop?
  • The design doc says "Finally, a fresh browser window is opened, and the current browser window is closed (this does not spawn a new Firefox process, only a new window)."
    • Can we do it without closing the window? Can we use another visual feedback for users to explain that the action has been done?

What other browsers are doing?

DDG for Mobile
https://share.riseup.net/#WnqvMynmrlSOVhzhz-mdjg
https://share.riseup.net/#w9IJcEhOLNOu_nuHs5mNhw

Firefox Focus (sorry for the spanish version, Borrar=Clean)
https://share.riseup.net/#2fMSGTg_JZpYjWMat5-QKg

comment:9 Changed 8 months ago by gk

Keywords: tbb-parity added

Introducing tbb-parity.

comment:10 Changed 8 months ago by gk

Keywords: TorBrowserTeam201904 added; TorBrowserTeam201903 removed

Moving tickets to April.

comment:11 Changed 6 months ago by pili

Sponsor: Sponsor9

comment:12 in reply to:  8 Changed 2 months ago by gk

Replying to antonela:

[snip]

Questions for development

  • Do you have a better label to rename this feature that recalls what the user wants to do immediately instead of what the browser will do later?
  • Can we offer ephemeral sessions per tabs? Is this possible?
  • Will TBA replicate the same behavior TB has on the desktop?
  • The design doc says "Finally, a fresh browser window is opened, and the current browser window is closed (this does not spawn a new Firefox process, only a new window)."
    • Can we do it without closing the window? Can we use another visual feedback for users to explain that the action has been done?

Copying part of my comment in comment:16:ticket:27511 over for posterity:

I think that comment makes sense to me. I am totally fine with renaming that feature as "New Identity" might be a concept that's too hard to grasp. So, anything that's easier here to understand and does the same under the hood is a win in my opinion.

For the remaining dev questions:
1) ephemeral tabs: that could be an idea but we should discuss it in a different ticket, not one related to new identity as I would assume both might live together in the browser (i.e. the ephemeral tabs would not replace New Identity)

2) New Identity on TBA: Yes, TBA should replicate the behavior as we have it on desktop (although that's not relevant for this bug)

3) New Identity without closing the window: I am afraid it's already hard to get rid of all browser state the way we are doing it right now. So, to be sure we get rid of all window state the only option we have so far is closing the window and create a new one. We might get away from that requirement if we audited all the relevant parts properly but that's a tricky task and would definitely be something for a new ticket.

[snip]

Note: See TracTickets for help on using tickets.