Opened 8 years ago

Closed 7 years ago

#6096 closed project (fixed)

Perform TBB version check async on new tab

Reported by: mikeperry Owned by: mikeperry
Priority: High Milestone:
Component: TorBrowserButton Version:
Severity: Keywords: MikePerry201211
Cc: rransom, arma, erinn, g.koppen@… Actual Points: 2
Parent ID: Points: 2
Reviewer: Sponsor:

Description

Erinn was concerned that the async version check was not happening at the right points for a substantial segment of the userbase.

She suggested doing it on on new tab, too. We can do this, but then we'd have to do something crazy like pop up an out-of-date notice then, too.

The phishing risk related to this could be a nightmare, though. We do not want to train our userbase to follow urls from random popups instructing them to download binaries...

Child Tickets

Change History (14)

comment:1 Changed 8 years ago by mikeperry

Cc: erinn added; errinn removed

comment:2 Changed 8 years ago by arma

I think *some* alternate design is needed here.

The old design as I understand it was "when you start TBB, it doesn't give you your page until it has finished its version check. That makes users sad because it slows down the first page load."

The new design is "Users expect a version check at start, and when they get their first page they figure their version is ok. But in reality, if they never click 'new identity' or 'open a new window', they never learn the answer to the version check at all."

This is a big problem, yes?

comment:3 Changed 8 years ago by gk

Cc: g.koppen@… added

comment:4 Changed 8 years ago by mikeperry

Yes, there are lots of rocks and lots of hard places to get stuck between here. We're also trying to perfect a solution to update security known to be sub-optimal by its very nature. Every choice will suck. We need to decide which set of choices sucks the least, for the least effort.

I think the popup idea is out, unless we can make it look clearly like something you can trust. That seems hard, especially when the thing is ultimately just sending you to a web page to download code. But maybe we're already crossed the Rubicon on that with check.tp.o itself, so it's not really marginally worse?

We can clearly at least do the check more often, perhaps on every new tab. Or do we not like disclosing that new tabs are being opened to the exit node/network?

comment:5 in reply to:  4 ; Changed 8 years ago by arma

Replying to mikeperry:

We can clearly at least do the check more often, perhaps on every new tab. Or do we not like disclosing that new tabs are being opened to the exit node/network?

By 'do the check' do you mean have an interaction with check.torproject.org every time the user opens a tab? Or do you mean "every time the user opens a tab, check if the timer has expired and if so do the interaction"?

I am increasingly believing that when the user starts tbb, and it's out of date, they need to know. So some check at startup, in a way where they are notified if the answer is 'out of date', is needed.

I wonder if we should open two tabs, one which is a local file:/// that says "you're using tbb" or something, and the second of which goes to check.tp.o? Then they can start browsing while it does the fetch, if it's taking a long time.

Or is that too much like your phishing popup worries?

comment:6 in reply to:  5 ; Changed 8 years ago by mikeperry

Replying to arma:

Replying to mikeperry:

We can clearly at least do the check more often, perhaps on every new tab. Or do we not like disclosing that new tabs are being opened to the exit node/network?

By 'do the check' do you mean have an interaction with check.torproject.org every time the user opens a tab? Or do you mean "every time the user opens a tab, check if the timer has expired and if so do the interaction"?

The latter, and it would just be the AJAX version check query, not the page load.

I am increasingly believing that when the user starts tbb, and it's out of date, they need to know. So some check at startup, in a way where they are notified if the answer is 'out of date', is needed.

I wonder if we should open two tabs, one which is a local file:/// that says "you're using tbb" or something, and the second of which goes to check.tp.o? Then they can start browsing while it does the fetch, if it's taking a long time.

Or is that too much like your phishing popup worries?

Yeah, since normal web pages can open new tabs in some cases, this is a bad thing to train, I think.

I think perhaps we just create a XUL popup that looks and claims to be a Tor Browser window, but looks nothing like a web page. We'd have to create new Torbutton strings and get them translated, but it's probably the best option.

comment:7 in reply to:  6 ; Changed 8 years ago by arma

Replying to mikeperry:

Yeah, since normal web pages can open new tabs in some cases, this is a bad thing to train, I think.

So the thing that Noscript does after upgrade is right out, in your opinion?

comment:8 in reply to:  7 Changed 7 years ago by mikeperry

Replying to arma:

Replying to mikeperry:

Yeah, since normal web pages can open new tabs in some cases, this is a bad thing to train, I think.

So the thing that Noscript does after upgrade is right out, in your opinion?

Yeah, I think so. Note we also disable that "feature" in TBB.

Also, you're right about the "don't check more often than every H hours" timer. We should definitely add that in when we make the final decision here. Apparently we're also almost knocking check over (#6156). But hey, a large number of our users actually *do* know how to use New Identity, it seems.

comment:9 Changed 7 years ago by phobos

Keywords: SponsorJ added
Type: enhancementproject

comment:10 Changed 7 years ago by mikeperry

Keywords: tbb-bounty added

comment:11 Changed 7 years ago by mcs

As part of #6156, brade and I added a time-based check. For this issue, do we want a separate XUL window that pops up when a new TBB version is available? That will be disruptive to the end-user, but hard to ignore. Another option might be to place a notification along the top of the active window/tab.

comment:12 Changed 7 years ago by mikeperry

Hrmm.. I guess a third option could be some sort of icon hint in the Toolbar, but that is even more likely to get ignored.

From a usability standpoint, I think I like the idea of an ever-present notification ribbon/toolbar thing on *all* windows rather than a popup that appears only when the check interval expires, so long as it can't be confused with something from the content window.

Note, we'll also want to make sure that such a ribbon does not change the size of the resolution values from your CSS + window.screen patches... This might actually be fairly tricky in practice, due to there not being a lot of slack in the current window sizing code in Torbutton (https://gitweb.torproject.org/torbutton.git/blob/master:/src/chrome/content/torbutton.js#l4358). See also #6146, for example... We could handle this issue by simply giving a larger buffer for maxHeight in that function, though.

comment:13 Changed 7 years ago by mikeperry

Summary: Perform TBB version check async on new tab?Move update notification to browser chrome rather than check

Retitling this ticket. What we really want here is a more frequent, yet still rate limited (by #6156) check that causes the user to be informed via the browser UI itself rather than a webpage.

This ticket is still kind of a mess, though. We probably just want to create a new one to more succinctly describe a solution to #6156, #4238, and the UI issue.

comment:14 Changed 7 years ago by mikeperry

Actual Points: 2
Keywords: MikePerry201211 added; SponsorJ tbb-bounty removed
Points: 2
Resolution: fixed
Status: newclosed
Summary: Move update notification to browser chrome rather than checkPerform TBB version check async on new tab

Bleh. I forgot we still need to perform the version check per-tab. I just committed a fix to origin/master for this, and reduced the frequency to 1.5 hrs.

I've opened #7495 for the browser UI notification. Sorry for adding more mess to this ticket by the title change.

Note: See TracTickets for help on using tickets.