Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-16T00:52:23Zhttps://gitlab.torproject.org/legacy/trac/-/issues/28163Make "new window" and "new tab" menu item labels consistent2020-06-16T00:52:23ZArthur EdelsteinMake "new window" and "new tab" menu item labels consistentThere are a few menu items in the UI that let the user open a new window. They have inconsistent names:
File menu: "New Tab" (Ctrl + T), "New Private Window" (Ctrl + N)
Hamburger menu: "New Window" (Ctrl + N)
Context menu on links: "Ope...There are a few menu items in the UI that let the user open a new window. They have inconsistent names:
File menu: "New Tab" (Ctrl + T), "New Private Window" (Ctrl + N)
Hamburger menu: "New Window" (Ctrl + N)
Context menu on links: "Open Link in New Tab", "Open Link in New Private Window"
We should make these names consistent, I think. Should it be "New Tab" and "New Window" or "New Private Tab" and "New Private Window"? All tabs and windows in Tor Browser are supposed to be private. :)https://gitlab.torproject.org/legacy/trac/-/issues/28111For about:tor, use a Tor Browser icon in identity box2020-06-16T00:52:14ZArthur EdelsteinFor about:tor, use a Tor Browser icon in identity boxRight now, the Firefox icon is displayed in the identity box. We should fix this. Antonela proposed the following design:
https://trac.torproject.org/projects/tor/attachment/ticket/27200/27200.pngRight now, the Firefox icon is displayed in the identity box. We should fix this. Antonela proposed the following design:
https://trac.torproject.org/projects/tor/attachment/ticket/27200/27200.pngrichardrichardhttps://gitlab.torproject.org/legacy/trac/-/issues/280932018 Tor Browser Android donation banner2020-06-16T00:52:11ZArthur Edelstein2018 Tor Browser Android donation bannerIn #23925 we are implementing a donation banner for the YE 2018 campaign. It would be great to have a donation banner for Tor Browser Android as well. We already have the text in https://gitweb.torproject.org/torbutton.git/tree/src/chrom...In #23925 we are implementing a donation banner for the YE 2018 campaign. It would be great to have a donation banner for Tor Browser Android as well. We already have the text in https://gitweb.torproject.org/torbutton.git/tree/src/chrome/locale/en/aboutTor.dtd#n30 getting translated.https://gitlab.torproject.org/legacy/trac/-/issues/28088User Needs Discovery: Kenya2020-06-13T17:07:40ZnyinzUser Needs Discovery: KenyaRegion: East Africa
Country: Kenya
Kenya is a developing country in EastArica which has an ethnic diversity that is sometimes a source of conflict. Social media is a widespread platform and many people use mobile devices to make social ...Region: East Africa
Country: Kenya
Kenya is a developing country in EastArica which has an ethnic diversity that is sometimes a source of conflict. Social media is a widespread platform and many people use mobile devices to make social connections and financial transactions. The price of data is high but affordable for the middle to upper class citizens. Other challenges include high unemployment, crime and poverty.
**Introduction/objective**
We conducted the needs discovery activity in September with different groups of users from Mombasa and Nairobi. We did this to get a better comparison about how people were feeling across the country. The aim of the activity was:
- see what needs/goals people had
- explore how Tor can help fulfill them
**
Participants**
We tested people aged 20-50 years from human rights backgrounds and civil society organizations. In total, we received feedback from 21 participants of whom most were women. Most of the participants had not used Tor before. They had knowledge about digital security and were using the internet for email and social media accounts. Generally, for this group the tech-level is medium.
**Methodology**
The trainer gave an explanation of the activity and asked them to write down responses to the following on post it notes:
- Who is your adversary?
- What is the attack from your adversary?
- How would you protect yourself from these attacks?
**Results**
(What they said)
**What is happening with Tor users?**
Most people consider the government and government agencies; cyber criminals; big telecoms and individuals they already know as adversaries.
That is, factors that may deter them from doing their jobs.
We saw that typically in all the groups, censorship, confiscation of devices and arrests are attributed to government and government agencies. Surveillance and tracking were also linked to the government but there was a sense that other adversaries were at play. For example, big telecoms and OR individuals.
Theft of devices;targeted malware attacks like finisher/pegasus;Identify theft and online financial fraud were mostly attributed to Individuals. 'Hacker' type people or persons with malicious intent.
**what are the users trying to do?**
As mentioned, most of the participants were women. The needs discovery shows that women want to communicate securely and fight cyber crime. They want to be active on social media without the threat of gender-based violence.
Most people had heard about encryption and want to take profit of this technology even though it's historically non user-friendly software. They want to use software that encrypts content.
Most participants were concerned about the safety of their personal files. They want to store and share data more safely.
Finally, this group is trying to browse securely and anonymously so they can freely work on human rights issues in the region.
https://storm.torproject.org/shared/3A7z6KkZ06WlbsLSegizbppuvcXd47yVZM7NohmlGClnyinznyinzhttps://gitlab.torproject.org/legacy/trac/-/issues/28086Usability Research: Onboarding - about:tor TB82020-06-13T17:07:40ZnyinzUsability Research: Onboarding - about:tor TB8**Contents**
1. Methodology
2. Results
3. User questions
4. Summary of data
5. Conclusions
**1. Methodology**
_Introduction_
The onboarding experience was designed to teach the user about Tor and set their expectations. The purpose of...**Contents**
1. Methodology
2. Results
3. User questions
4. Summary of data
5. Conclusions
**1. Methodology**
_Introduction_
The onboarding experience was designed to teach the user about Tor and set their expectations. The purpose of this test is to check whether these design objectives have been met.
_Sessions_
- We spoke to 5 users using an interview style.
- They were given a computer with the Tor Browser 8 `about:tor` open and asked a few questions.
- Each session lasted about 5 minutes.
- No dialogue was recorded, the interviewer took notes and participants also made comments on sticky notes.
_Participants_
- These were 5 users who have used Tor before.
- No gender was defined in these interviews
_Evaluation tasks/scenarios_
We asked them the following questions:
- What do you think about the content on this page?
- What do you think about the Illustrations?
- Did you find any challenges while navigating `about:tor`?
- What would you like to see here?
- Is there anything that does not belong on this site?
**2. Results**
_Colour’s and images_
Most users find the UI visually attractive. They feel that it is a friendly UI.
Quotes:
“The contrast is good”
“The bold purple makes its distinguishable from other websites”
_Content_
Most users said that the information is clear, brief but comprehensive.
Quote:
‘You can have you own learning process in a slow way’
_Challenges_ (Their journey through `about:tor`)
Most users complained about not knowing how to find the onboarding button.
>>>The next point was an additional discovery in these interviews
_What would you like to see?_ (user's suggestions)
- "Add more illustrations and screenshots in the TB manual"
- "Make the TB manual UI similar to the TB8 onboarding UI"
- "Maybe the onboarding launcher needs to be named"
**3. User questions**
- "Why do we have the user manual as well as the on boarding?"
- "Circuit display: I don’t understand why it goes to an onion page."
- "Why is the first node the guard? I did not understand the word ‘guard’."
**4. Summary of data**
- Most users like the visual aspects of the onboarding. The colours and illustrations.
- All users commented that they found the content readable and easy to understand.
- Users are having trouble finding the onboarding launcher.
- Most users want to see similar UI changes in TB manual.
**5. Conclusions**
This test did to ask questions like ‘how does this information make you feel about your security?' We only collected data on visual response and comprehension.
Most user’s understand the context of the onboarding. They appeared confident and glad that is was easy to understand.
All users were navigating through separate corners of the site therefore the onboard does give direction. Many users started to customize their experience and pose questions.
The onboarding helps them to engage with the browser.nyinznyinzhttps://gitlab.torproject.org/legacy/trac/-/issues/28044Integrate Tor Launcher into tor-browser2020-06-13T17:44:15ZGeorg KoppenIntegrate Tor Launcher into tor-browserWe need to move away from our XPCOM extensions, Tor Launcher being one of them. As for Tor Browser it might be hard/impossible, if we tried to reimplement everything Tor Launcher does with the WebExtensions API. Instead we plan to integr...We need to move away from our XPCOM extensions, Tor Launcher being one of them. As for Tor Browser it might be hard/impossible, if we tried to reimplement everything Tor Launcher does with the WebExtensions API. Instead we plan to integrate it tighter into the browser itself making use of its capabilities.
This ticket is the parent ticket for this plan.
We need probably a proposal making sure we have the plan right before going to implement it.Kathleen BradeKathleen Bradehttps://gitlab.torproject.org/legacy/trac/-/issues/28015Brainstorm improved ux for orgs that want to give bridges to their people2020-06-16T00:52:00ZRoger DingledineBrainstorm improved ux for orgs that want to give bridges to their peopleWe have the new moat feature in Tor Browser, which provide a usable way for people in censored areas to fetch bridges from bridgedb. Great.
There's another bridge distribution model though, where an org runs bridges for its own people, ...We have the new moat feature in Tor Browser, which provide a usable way for people in censored areas to fetch bridges from bridgedb. Great.
There's another bridge distribution model though, where an org runs bridges for its own people, and wants to get its custom bridge addresses into their people's tor browsers easily. Like, picture a human rights org wanting to help its own users in a given country.
I can imagine two ways that users might get these bridges with our current software:
(1) via email, and then manually clicking a bunch of things in Tor Browser and pasting the bridges into the right place.
(2) Getting a pre-populated Tor Browser from their org.
The first one is not great from a usability perspective, and the second one is not great from a "we taught them how to check the signatures but now their Tor Browser differs from the one we signed" perspective.
Is there a way in Tor Browser to help improve the usability flow for this goal?
One idea would be to essentially have a cheat code in our moat interface, where if you type in a secret password instead of the captcha solution, you get some secret bridges. We would still be "in the middle" in this scenario.
Another idea would be to make it easy for other orgs to run their own moat, and then add an interface option in Tor Browser to add your own moat url. We probably want some sort of authentication (so the domain name itself doesn't have to stay a secret), and maybe that's done by having a url with both a (fine if the adversary learns it) domain and a (should stay secret) path component.
Maybe there is some brilliant third idea?
We also want to ponder usability for mobile users, e.g. in the world where they get and scan a QR code.
[Ticket created based on discussions in https://trac.torproject.org/projects/tor/wiki/org/meetings/2018MexicoCity/Notes/BridgeDB]https://gitlab.torproject.org/legacy/trac/-/issues/28005Officially support onions in HTTPS-Everywhere2022-09-01T22:43:24ZGeorge KadianakisOfficially support onions in HTTPS-EverywhereThe plan:
A major UX issue for onion services is their huge addresses. We want to fix this issue because an address with 56 random characters confuses people, it makes it harder to pass the address around, and it also makes it much hard...The plan:
A major UX issue for onion services is their huge addresses. We want to fix this issue because an address with 56 random characters confuses people, it makes it harder to pass the address around, and it also makes it much harder to verify it.
There is a field of literature called "secure name systems" but none of the candidates are good enough for us right now. Hence, we present a hotfix that might offer a situational relief for users for the medium-term future, until we come up with something better, or while we experiment with more solutions. I suggest we keep this ticket focused to this idea, instead of debating why this and not that since we've already been doing this for far too long.
The plan is to use the HTTPS-Everywhere extension that we already have in Tor Browser, and encourage people to write their own rulesets for onions. We are talking about community-maintained rulesets and nothing that is officially maintained by The Tor Project or by HTTPS-Everywhere. This ticket is about making it easier for people to create, import and use this rulesets. We are talking about UI/UX improvements, writing blog posts and doing Q&A.
Here are some example of community rulesets we can imagine:
* The SecureDrop ruleset: where securedrop makes a ruleset with their whole directory. People can download that to quickly visit securedrop destinations, by going to securedrop-nyt.tor.onion .
* The Torproject ruleset: where torproject makes a ruleset with all their onions. We developers can use that to quickly visit Tor sites over onion, by going to tor-trac.tor.onion instead of remembering the onion.
* The Bitcoin ruleset: where a "trusted" bitcoin entity publishes a ruleset with various cryptocurrency-related rules that allow people to quickly visit them.
This approach has both positives and negatives (I assure you this is the case with every "secure naming" project out there):
* Positives: Good security if the ruleset is taken from a trusted source. No state keeping. Reachable engineering effort. No global names, hence no fear of name squatting. Easy to understand tradeoffs.
* Negatives: Terrible security if the ruleset is evil. No global names: If you want people to use your shorten onion name, you need to persuade them to use your ruleset.
Here are some HTTPS-Everywhere issues we need to solve based on my Mexico notes:
* Be able to stop update channels per-channel.
* Need good UI to easily look and understand rules.
* Need to implement file extension to install ruleset with one-click from web button.
Here are some issues we need to think about:
* We need good user text to make sure that people don't shoot themselves in the foot too often by installing bad rulesets and whatnot (they already do it daily when they open onions from "search enginers" or reddit).
* Which tld to use? If we use .tor we open ourselves to DNS leaks in normal browsers. If we use .tor.onion that might be confusing to people.
* Are there any issues with SSL?
More resources:
https://trac.torproject.org/projects/tor/wiki/org/meetings/2018MexicoCity/Notes/OnionV3ux
https://trac.torproject.org/projects/tor/wiki/org/meetings/2018MexicoCity/Notes/HTTPSEverywhereNotes
https://blog.torproject.org/cooking-onions-names-your-onionshttps://gitlab.torproject.org/legacy/trac/-/issues/27987Add setting for enabling/disabling flag_secure in Android browser2020-06-16T00:51:55ZTracAdd setting for enabling/disabling flag_secure in Android browserI believe it's set by default and there's no way to disable it. Problem is it blocks things like being able to take screenshots, be nice if I could just decide if I want flag_secure enabled or not via a setting rather than have to have a...I believe it's set by default and there's no way to disable it. Problem is it blocks things like being able to take screenshots, be nice if I could just decide if I want flag_secure enabled or not via a setting rather than have to have a different browser on my device that doesn't use it.
**Trac**:
**Username**: carbuncleohttps://gitlab.torproject.org/legacy/trac/-/issues/27952Using undo in the search reveals previous queries and sites visited2020-06-16T00:51:48ZanadahzUsing undo in the search reveals previous queries and sites visited**Tor Browser version**: `8.5a2 (based on Mozilla Firefox 60.2.0esr) (64-bit)`
Undo reveals all previous queries and URLs previously entered from all open or closed tabs in the current session.
Is this an expected behavior?**Tor Browser version**: `8.5a2 (based on Mozilla Firefox 60.2.0esr) (64-bit)`
Undo reveals all previous queries and URLs previously entered from all open or closed tabs in the current session.
Is this an expected behavior?https://gitlab.torproject.org/legacy/trac/-/issues/27831Add text to newsletter signup to say that this doesn't affect browsing2020-06-13T17:27:07ZirlAdd text to newsletter signup to say that this doesn't affect browsingI found the signup page for the newsletter through the banner in Tor Browser when it updated today. I expect to be anonymous in Tor Browser but then it asks me for my name and e-mail address. Can we update the copy to explicitly say that...I found the signup page for the newsletter through the banner in Tor Browser when it updated today. I expect to be anonymous in Tor Browser but then it asks me for my name and e-mail address. Can we update the copy to explicitly say that signing up for the newsletter doesn't affect browsing or allow tracking browsing and linking it to your details?
When I think about non-TBB things that ask for your name and email address it's things like Firefox Sync that do link your account with your browsing history.HiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/27830Update the newsletter.tpo layout2020-06-13T17:27:07ZirlUpdate the newsletter.tpo layoutThe *required at the top of the form was completely missed by me when I saw this page opening Tor Browser. This would make it more obvious those fields are not required and may improve conversion rate.
Personally I would prefer to not a...The *required at the top of the form was completely missed by me when I saw this page opening Tor Browser. This would make it more obvious those fields are not required and may improve conversion rate.
Personally I would prefer to not ask for a name at all. Additionally, the concept of first and last names is quite a Western idea as I understand it and may not translate well in other cultures where names work differently.
----
From antonela in comment:2:
hi people, let's use this PR to update the newsletter.tpo layout.
I made this mockup using one column and sorting information with better hierarchy.
https://marvelapp.com/4471ig9/screen/48224604
Let's wait for the communications team people approval for moving it into a PR.HiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/27747Usability Research: Onions - Nairobi (group 1)2020-06-13T17:07:38ZnyinzUsability Research: Onions - Nairobi (group 1)Methodology: See attached
Test: https://docs.google.com/document/d/1XYak7nQlqLFc1WhN3XoEr3Y_sP-J0DXciXoxvy-HNIk/edit
Where: Tor Training at Nairobi Garage, Nairobi, Kenya
Date: September 3rd, 2018
Participants: Three (3)
**Results**
1....Methodology: See attached
Test: https://docs.google.com/document/d/1XYak7nQlqLFc1WhN3XoEr3Y_sP-J0DXciXoxvy-HNIk/edit
Where: Tor Training at Nairobi Garage, Nairobi, Kenya
Date: September 3rd, 2018
Participants: Three (3)
**Results**
1.Summary of demographics
2.What users said
3.Conclusion
**1.**
The group consisted of 2 male users and 1 female user aged 20-50
Most users are technologists with a good understanding of how things work. They have not used Tor or Tor products before
**2.**
**Q0** Can you recognize the padlock? What do you think it means?
Most users say it means that the connection is secure
Quote:
‘Yes, it means my data is encrypted. Its safe to browse’
**Q1** What do you think the onion represents?
Most say it means that you are browsing on the Tor network
**Q2** Do you think these icons are different?
Most users see a difference. They mostly say the 2nd icon is more safe than the 1st.
Only one user sees the icons as the same
Quote:
‘yes, but i feel that they do the same things. The onion means a secure connection and the padlock also means this’
**Q3** What do you think this icon means?
Most users are less confident.
Most users say that there is a connection problem with this icon.
Quote:
‘it’s a secure connection but there are some files that are not secure’
**Q4** What do you think this icon means?
Most of the users feel that the connection is not secure at all and gave the same responses as in Qn 3. It is unclear whether they see a difference in the level of security for Qn 3 and Qn 4
Quotes:
‘somebody accessed a webpage in Tor’
‘this means that the website is not secure and doesn’t pass by the relays’
**Q5** Order these icons from more secure to less secure
Most of the users ordered the icons as follows:
3-----1------2
**
3.**
The group was active and engaged. The data on Qn 3 and 4 shows that the users face difficulty in distinguishing icons, and the icons’ level of security.nyinznyinzhttps://gitlab.torproject.org/legacy/trac/-/issues/27745Usability Research: Circuit Display: Nairobi (group 2)2020-06-13T17:07:38ZnyinzUsability Research: Circuit Display: Nairobi (group 2)Methodology:See attached
Test: https://docs.google.com/document/d/1DujPnFOhuHa-qDmLG3Bo0s21jpOkVkHOOoVS884Ys54/edit
Where: Tor Training at Nairobi Garage, Nairobi
Date: 4th September, 2018
Participants: Seven (7)
**Results**
1.Summary o...Methodology:See attached
Test: https://docs.google.com/document/d/1DujPnFOhuHa-qDmLG3Bo0s21jpOkVkHOOoVS884Ys54/edit
Where: Tor Training at Nairobi Garage, Nairobi
Date: 4th September, 2018
Participants: Seven (7)
**Results**
1.Summary of demographics
2.What users said
3.Conclusion
4.Recommendations
**1.**
The group consisted of 7 female users aged 20-50
Most users are day to day tech users who have not used Tor or Tor products before
**2.**
**Q1** Can you tell me what “Guard” means?
-Most of the users said that “guard” is a form of protection for one’s communications
Quote
‘protecting something’
**Q2** Can you identify which is your Guard?
Most users said Germany was their guard
**Q3**
=Do you know what a circuit means?
Most of the user’s describe a circuit as a way/ movement that one takes as they connect to websites using the Tor network
=Did you need a new circuit before? Why?
The majority have never needed a circuit because they have not used Tor before although they say (confidently) that they can ask for a new circuit
=Can you ask for a New Circuit now?
Most users replied ‘yes”
==Do you know what it means?
Most replied yes
Quote:
'Yes i know what a circuit means. A cycle, the process that something follows. I can try to ask for a new circuit. It’s like asking for a new protection'
**
Q4** Where can you find information about Guards?
Most users said that they would find this information on the Tor project website. However, some users had other suggestions...
Quote:
'Where it is written ‘guard’. I click on it'
**Q5** Can you identify if you are connected by a bridge?
Most of the users responded “yes” but with a lot of hesitation
**3.**
This group is composed of all female day to day tech users. Except for 1 user, all had never used Tor and so their perception of what the terminologies mean should be considered. Words like 'circuit' have a different meaning in the English language and users struggled to make sense of what it meant in this content
** 4.**
If it is possible, more time should allocated for UX testing in future trainingnyinznyinzhttps://gitlab.torproject.org/legacy/trac/-/issues/27744Usability Research: Circuit Display: Nairobi (group 1)2020-06-13T17:07:38ZnyinzUsability Research: Circuit Display: Nairobi (group 1)Methodology: See attached
Test: https://docs.google.com/document/d/1DujPnFOhuHa-qDmLG3Bo0s21jpOkVkHOOoVS884Ys54/edit
Where: Tor Training at Nairobi Garage, Nairobi, Kenya
Date: September 3rd, 2018
Participants: Five (5)
**Results**
1.Su...Methodology: See attached
Test: https://docs.google.com/document/d/1DujPnFOhuHa-qDmLG3Bo0s21jpOkVkHOOoVS884Ys54/edit
Where: Tor Training at Nairobi Garage, Nairobi, Kenya
Date: September 3rd, 2018
Participants: Five (5)
**Results**
1.Summary of demographics
2.What users said
3.Conclusion
**1.**
The group consisted of 2 male users and 3 female users aged 20-50
Most users are technologists with a good understanding of how things work
Most have not used Tor before
**2.**
**Q1** Can you tell me what “Guard” means?
Answers are verified and show that the concept of ‘Guard’ is not understood by this group. Most of the users do not know what ‘Guard’ means
Quote:
‘It’s the entry node to the tor network’
**Q2** Can you identify which node is your Guard?
Most users said ‘yes’ and picked ‘Germany’, the others did not know
**Q3**
==Do you know what a circuit means?
Most users replied ‘yes’ but with a some hesitation showing that the concept is not 100% understood
==Did you need a new circuit before? Why?
Only 1 user had used this feature
Quote
‘while changing the browser settings’
==Can you ask for a New Circuit now?
Most users replied ‘no’ to this question
==Do you know what it means?
All the users did not know what asking for a new circuit meant. It should be noted that they responded well on Qn 3 and seem to have some knowledge of circuits
**
Q4** Do you need more information about Guards? If yes, can you tell me how to find it?
Users did not discover the Guard link . All answers show that users perceive this information to be outside of the browser
Quote:
‘I would do a google search for the Tor support Q&A’
**
Q5** Can you identify if you are connected by a bridge?
Most users said ‘yes’ reluctantly. As if they were not sure, but felt that they ought to give a positive answer
**3.**
This was a well rounded group in terms of tech skill, gender and occupation. It was collection of people working with NGO and other civil society organisations. The outcome of this test shows that circuit display topic is not very well understood. However, basing on the interaction during interviews, the users seem confused by the terminology (guard/node/circuit) but generally understand the concepts behind.nyinznyinzhttps://gitlab.torproject.org/legacy/trac/-/issues/27743Usability Research: Circuit Display - Mombasa, Kenya2020-06-13T17:07:37ZnyinzUsability Research: Circuit Display - Mombasa, KenyaMethodology: See attachments
Test: https://docs.google.com/document/d/1DujPnFOhuHa-qDmLG3Bo0s21jpOkVkHOOoVS884Ys54/edit
Where: Tor Training at Swahili pot, Mombasa, Kenya
Participants: Six (6)
**Results**
1.Summary of demographics
2.W...Methodology: See attachments
Test: https://docs.google.com/document/d/1DujPnFOhuHa-qDmLG3Bo0s21jpOkVkHOOoVS884Ys54/edit
Where: Tor Training at Swahili pot, Mombasa, Kenya
Participants: Six (6)
**Results**
1.Summary of demographics
2.What users said
3.Conclusion
**1.**
The group consisted of 2 male users and 4 female users aged 20-50
Most users are day to day tech users who have not used Tor or Tor products before
**2.**
**Q1** Can you tell me what “Guard” means?
-Users had verifying responses to this question mostly mentioning words like ‘main’//’security’
-Most users think of the ‘Guard” as something that protects the user while browsing
Quotes:
”the main station where the circuit starts from or the source of your circuit
“ip that protects the user”
**Q2** Can you identify which is your Guard?
-Almost all the users said ‘’yes” and pointed to Germany on the circuit display image
-All the user’s hesitate on this question before responding
**Q3**
=Do you know what a circuit means?
All the users said they know what the circuit means
=Did you need a new circuit before? Why?
Most users said they needed one because of a security concern. However, as shown in the demographic data, they had not used Tor before. Therefore this might be a false positive which we can attribute to misunderstanding of the question
Quote:
“I needed to a new circuit for privacy and confidentiality”
=Can you ask for a New Circuit now?
Most user replied ‘yes”
==Do you know what it means?
50% understand what it means, the others replied “No”
**Q4** Where can you find information about Guards?
Most users said that they would find this information by clicking the onion icon
Quote:
“The info is found on the at the browser page onion icon”
Generally, users took a few seconds to discover the Guard link but only 1 user commented on Tor Browser User Manual explanation
**Q5** Can you identify if you are connected by a bridge?
Most users said they could identify this however their tone suggests that they are having trouble finding it
Most of the users responded “yes” but with a lot of hesitation and uncertainty
**3.** This group was made up of young participants, mostly students. They had a lot of curiosity and responded well to the threat modelling activity
The concept of circuit is fairly understood in this group. What remained unclear was the topic on bridges and Guards
Due to issues of time, the data was collected without enough one on one interaction between the interviewer and the interviewee
More time should allocated for UX testing in future training. The suggested time should be 5-10 minutes per participantnyinznyinzhttps://gitlab.torproject.org/legacy/trac/-/issues/27742Usability Research: Onions Mombasa, Kenya2020-06-13T17:07:37ZnyinzUsability Research: Onions Mombasa, KenyaMethodology: See attachments
Test: https://docs.google.com/document/d/1XYak7nQlqLFc1WhN3XoEr3Y_sP-J0DXciXoxvy-HNIk/edit?usp=drive_web&ouid=117758402685298679479
Where: Tor Training at Swahili pot, Mombasa, Kenya
Participants: Six (6)
**...Methodology: See attachments
Test: https://docs.google.com/document/d/1XYak7nQlqLFc1WhN3XoEr3Y_sP-J0DXciXoxvy-HNIk/edit?usp=drive_web&ouid=117758402685298679479
Where: Tor Training at Swahili pot, Mombasa, Kenya
Participants: Six (6)
**Results**
1.Summary of demographics
2.What users said
3.Conclusion
**1.**
The group consisted of 2 male users and 4 female users aged 20-50
Most users are day to day tech users who have not used Tor or Tor products before
**2.**
**Q0** Can you recognize the padlock? What do you think it means?
Most users can recognize the padlock and said it means that the connection is secure
Quote:
'Yes, it means my data is encrypted. Its safe to browse'
**Q1** What do you think the onion represents?
Most of the users relate the onion with Tor network
**Q2** Do you think these icons are different?
Most users say the icons are different. To them, the 2nd one is more secure
**Q3** What do you think this icon means?
Most of the users said there was a problem with the connection but did not give clear reasons why
**Q4** What do you think this icon means?
Generally for this icon, the users claimed there was some sort of blockage that would not allow the user to access information
Quotes:
‘You have been blocked’
‘Tor usage is prohibited’
**Q5** Order these icons from more secure to less secure
The most common order proposed was:
3….1….2
**3.**
The user group is unique because of their limited knowledge and usage of Tor and Tor products, However, their responses shed light on the implications of using icons with a similar shape and color scheme. We found that most users cannot correctly identify what each icon means; why and how they are different other than by color. However, in general, they were able to comment on the different levels of security.
This group represents a sample of the community who could benefit greatly from using Tor but are limited by the knowledge of its tools/products. A communications strategy aimed at this sort of community could deliver create more usagenyinznyinzhttps://gitlab.torproject.org/legacy/trac/-/issues/27691reset bootstrap progress when enough things change2020-06-13T15:31:22ZTaylor Yureset bootstrap progress when enough things changeRight now, setting DisableNetwork=1 doesn't reset the bootstrap progress indicator. It probably should, because all network connections to bridges or relays will close. This will improve the user experience once we have #27103 in place...Right now, setting DisableNetwork=1 doesn't reset the bootstrap progress indicator. It probably should, because all network connections to bridges or relays will close. This will improve the user experience once we have #27103 in place, because then the earlier progress shown will be the initial network connection that everything else depends on.
We probably also want to reset the bootstrap progress when a configuration change causes us to disconnect from all our guards.Tor: unspecifiedhttps://gitlab.torproject.org/legacy/trac/-/issues/27657Show .onion icon on Identity drop down?2020-06-16T00:51:05ZGeorg KoppenShow .onion icon on Identity drop down?As a follow-up to #23247 we thought about showing the respective .onion icon on the identity box as well (instead of a version of the lock icon). See: comment:66:ticket:23247 for the idea.
However, we should deal with the fact that the ...As a follow-up to #23247 we thought about showing the respective .onion icon on the identity box as well (instead of a version of the lock icon). See: comment:66:ticket:23247 for the idea.
However, we should deal with the fact that the HTTPS treatment in vanilla Firefox does not necessarily match the lock icons of the URL bar and the identity box 1:1.richardrichardhttps://gitlab.torproject.org/legacy/trac/-/issues/27636.onion indicator for non-self-signed but non-trusted sites2020-06-16T00:51:02ZTrac.onion indicator for non-self-signed but non-trusted sitesWith #23247 (really great addition btw!) implemented, I tried to visit https://www.ysp4gfuhnmj6b4mb.onion/
This page uses a custom CA, which is not trusted by tor browser (or any other browser by default) and is reachable through .onion...With #23247 (really great addition btw!) implemented, I tried to visit https://www.ysp4gfuhnmj6b4mb.onion/
This page uses a custom CA, which is not trusted by tor browser (or any other browser by default) and is reachable through .onion with a correct CN in the certificate.
Now currently with TB 8.0 I get a "Your connection is not secure" (SEC_ERROR_UNKNOWN_ISSUER), but at the same time a green onion+padlock indicator. This is quite confusing.
Reading through #23247 I am not sure what the intended behavior would be. But self-signed certificates are trusted when accessed through .onion. From that point of view it does not make much sense to handle certificates signed by untrusted CAs differently.
My expectation would be to not see the untrusted issuer warning and get the green onion *without* padlock indicator.
**Trac**:
**Username**: o--richardrichard