Opened 7 years ago

Closed 5 years ago

#7439 closed enhancement (fixed)

Reword Tor-specific download dialog box

Reported by: runa Owned by: mikeperry
Priority: High Milestone:
Component: TorBrowserButton Version:
Severity: Keywords: tbb-usability, tbb-helpdesk-frequent, MikePerry201404
Cc: runa, adrelanos@…, gk, mttp Actual Points:
Parent ID: Points: 2
Reviewer: Sponsor:

Description

When a user attempts to download a file with TBB, she will get a Tor-specific dialog box telling her that an external application is needed to handle the file and that such applications are not Tor safe by default. The user is then presented with two choices: to cancel or to launch the application.

The message is somewhat confusing and does not clarify that "launch application" really means "open the save file dialog that I am used to see". We should consider rewording this to something more user-friendly.

Child Tickets

Attachments (1)

Download.jpg (38.0 KB) - added by mikeperry 5 years ago.
New download dialog text (Linux version)

Download all attachments as: .zip

Change History (19)

comment:1 Changed 7 years ago by arma

I agree this would be very useful.

The ideal case would be to pop up the warning after the user clicks 'run' (i.e. after the "do you want to save or run it" question), but apparently that's really hard to make Firefox do.

comment:2 Changed 7 years ago by runa

The current text reads:

Load external content?

An external application is needed to handle:

NOTE: External applications are NOT Tor safe by default and can unmask you!

If this file is untrusted, you should either save it to view while offline 
or in a VM, or consider using a transparent Tor proxy like Tails LiveCD 
or torsocks.

Launch application	
Cancel
Always launch applications from now on

How about the following:

Download this file?

The Tor Browser Bundle is not able to handle this file. You will need 
to download it and open it with another application. 

You should be very careful when downloading files via Tor as these 
files can contain Internet resources that will be downloaded outside 
of Tor when you open them. This will reveal your real IP address.

If you do want to download this file, it is recommended that you use 
the Tails liveCD while doing so. See https://tails.boum.org/ for more 
information.

Download file
Cancel
Always download files from now on

comment:3 Changed 7 years ago by runa

Cc: runa added

comment:4 Changed 7 years ago by phw

I think that sounds better. I have two small suggestions (in bold) below since the pure act of downloading is no problem.

Download this file?

The Tor Browser Bundle is not able to handle this file. You will need to download it and open it with another application.

You should be very careful when downloading and opening files outside the Tor Browser Bundle as these files can contain Internet resources that could reveal your real IP address.

If you do want to download this file, it is recommended that you use the Tails liveCD while doing so. See https://tails.boum.org/ for more information.

Download file
Cancel
Always download files from now on

comment:5 Changed 7 years ago by proper

Cc: adrelanos@… added
Status: newneeds_review

What about?

Download this file?

The Tor Browser Bundle is not able to handle this file. You will need 
to download it and open it with another application. 

You should be very careful when downloading and opening files outside
the Tor Browser Bundle as these files can contain Internet resources
that will be downloaded outside  of Tor when you open them. This will
reveal your real IP address, thus be non-anonymous.

If you do want to download this file, it is recommended that you either
view it offline in a VM, use a transparent Tor proxy or a Tor Live CD,
such as [https://tails.boum.org/ Tails] while doing so.

Download file | Cancel | Always download files from now on

comment:6 Changed 6 years ago by mikeperry

Priority: normalmajor
Status: needs_reviewnew

Unfortunately the Firefox APIs we use to block external application launch do not allow us to easily differentiate between launch and download.

Maybe this situation has improved in FF24-ESR, or maybe we need to write a new API.

comment:7 Changed 6 years ago by arma

We should in any case fix the message to tell the user what's going on -- that should be doable before any new API and would help a lot of the user support requests.

comment:9 Changed 6 years ago by mikeperry

Dupped #10482 to this. The text fix here can be something like https://trac.torproject.org/projects/tor/ticket/9901#comment:74.

comment:10 Changed 6 years ago by gk

Cc: gk added

See #9973 for some input.

comment:11 Changed 6 years ago by gk

Cc: mttp added

Brought up again by #11012.

comment:12 Changed 6 years ago by mikeperry

Keywords: tbb-helpdesk-frequent added

In #11012, it was also mentioned that this is a frequently encountered helpdesk question.

comment:13 Changed 6 years ago by mikeperry

Are people happy with proper's suggested text? It is a bit long, but I think it captures all the issues in terms of the risk for the user. Will people understand it? Will it still cause trouble for people who hit that text when downloading a TBB update?

comment:14 Changed 6 years ago by mttp

I'm fine with the proposed text, and I think it should be used. If users are still confused by the new text, I'm sure they will let us know on the help desk, and we can continue improving as needed.

comment:15 Changed 5 years ago by mttp

With the old text, users think they are being asked to install a download manager, and wonder "isn't that unsafe?"

Will the new text be included in the next stable or the beta?

comment:16 Changed 5 years ago by cypherpunks

To make it shorter:

Download this file?

The Tor Browser cannot open this file. To view it, you will need to
download it and open it with another application.

Opening files may de-anonymize you by connecting to the Internet
without using Tor, thus revealing your real IP address.

To view this file, you should do so offline in a virtual machine.

Download file | Cancel | Always download files from now on

comment:17 Changed 5 years ago by mikeperry

Keywords: MikePerry201404R added

Changed 5 years ago by mikeperry

Attachment: Download.jpg added

New download dialog text (Linux version)

comment:18 Changed 5 years ago by mikeperry

Keywords: MikePerry201404 added; MikePerry201404R removed
Points: 2
Resolution: fixed
Status: newclosed

Ok, see the attached screenshot for what I went with:
https://trac.torproject.org/projects/tor/attachment/ticket/7439/Download.jpg

That screenshot is for Linux, and the Mac dialog will be similar. On Windows, the window titlebar text will read "Download an external file type?"

This new text will appear in the next 3.6 release, unless someone has a better suggestion.

Note: See TracTickets for help on using tickets.