wiki:org/meetings/2017Amsterdam/BrowserSecuritySettings

Let's identify the next steps to make Tor Browser Security Settings more useful *and* more usable

Tor Browser has Security Settings that allow users to disable some potentially dangerous functionality.

I see two major problems with the way this currently works.

1. UX is poor on higher security levels

Higher security levels break some websites without telling the user anything about it.

As a user
When the website I'm visiting is broken
I want to be given the means to make a good decision regarding the Security Settings

E.g. the way uBlock or NoScript do this i.e.: "I've blocked this as instructed, if it breaks anything you might want to unblock it, let me tell you about the consequences".

2. Security Settings are global

Most websites work fine with a medium security level, but some websites require a lower one.

But I have to choose the security level that works on *all* the websites I want to visit.

So in practice I visit most websites with lower security settings than necessary.

It would be great if the security settings could be adjusted to what each website really needs, so that I'm safer most of the time, and take additional risks only when needed.

So…

What can we do about it?

This session won't be about finding the solution or designing UI, it's about:

  • Checking if we agree these two things are problems, and how bad they are.
  • Checking feasibility: e.g. which ones, among the prefs controlled by the Security Settings, could be made per-tab or per-website without too much effort? Which ones are too deeply tight to Firefox internals, and rewire how it works so much that it can't be per-tab/per-website without putting lots of effort into it?
  • Discussing whether this work would be better done by Mozilla, or by Tor, or by both together :)
Last modified 19 months ago Last modified on Mar 23, 2017, 1:16:02 PM