Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • T Tor Browser
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 979
    • Issues 979
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 5
    • Merge requests 5
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Applications
  • Tor Browser
  • Issues
  • #40319
Closed
Open
Created Jan 29, 2021 by Duncan@duncan✏Developer

Consider the UX/UI requirements of HTTPS by default

As part of the Collaborative ResistancE to Web Surveillance (CREWS)'s project with UCL we are going to build a prototype to understand of effectiveness of enhanced eavesdropping protection in Tor Browser.

The first phase is aimed at increasing individual resistance by offering HTTPS by default. The changes made in the prototype need to be legible, so users are aware of the implications of HTTP vs HTTPS; and provide agency, offering the option for users to proceed regardless.

In doing so we should consider the following:

  • Document the new user flows that will be introduced by this functionality, paying particular attention to pain-points caused by potential website breakage and/or mixed content (see this UMD study for reference) and options for error recovery.

  • Review Firefox's UI for HTTPS Only Mode [Option 1], HTTPS Everywhere's EASE-Mode [Option 2], Tor Browser's per-site settings and modify or provide new UI where appropriate.

  • Update about:preferences if necessary, and consider @antonela's proposal to tie HTTPS-Only Mode to a particular safety level.

  • Input into the testing plan to evaluate these changes to the prototype.

Edited Feb 17, 2021 by Duncan
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking