Improve security warning when downloading a file

A Tor friend shared this feedback:

When users are downloading a file, Tor Browser will display this message:

Tor Browser cannot display this file. You will need to open it with another application.

Some types of files can cause applications to connect to the Internet without using Tor.

To be safe, you should only open downloaded files while offline, or use a Tor Live CD such as Tails

We could iterate with users and improve this message. For example, it is also best to have the title of the dialog be something like "️ Security Alert". Which users can take it more seriously.

added UX User Feedback labels

@nah @duncan I think this one could be part of Sponsor30 feedback.

I grabbed a quick screenshot of the full UI for reference, but I fully agree – the wording is pretty cumbersome and could use a support link for further explanation.

To be safe, you should only open downloaded files while offline, or use a Tor Live CD such as Tails

This is also advice I think very few people would ultimately follow in 2021 (except for those in high risk scenarios).

added Roadmap::Future label

changed milestone to %Sponsor 131 - Phase 2 - Privacy Browser

changed milestone to %Sponsor 131 - Phase 5 - Ongoing Maintenance

changed milestone to %Sponsor 131 - Phase 2 - Privacy Browser

added Sponsor 131 label

added UX Team label

Are there certain file types that trigger this warning? Or the inverse, are there certain file types that are always allowed?

You should see this warning every time when you download/save a file.

Thanks, I see that now. I must have clicked the checkbox previously.

changed milestone to %Sponsor 30 - Objective 3.5

removed Sponsor 131 label

added Sponsor 30 - FINISHED label

removed Roadmap::Future label

added Backlog Q4 labels

assigned to @duncan

We can work on new descriptions for this dialog and include it in the next round of Tor Browser's testing (Q1 2023).

changed title from Improve UI security dialog prompt when downloading a file to Improve security warning when downloading a file

added Feature label

added Desktop label

added Q1 label and removed Q4 label

removed Backlog label

added Next label

added Backlog label and removed Next label

Since I was in the neighborhood taking care of some unrelated dialogues, I decided to look into this one too. I discovered that:

• In Firefox ESR 102.6.0, Always ask you where to save files and Ask whether to open or save files are both off by default.
• In Tor Browser 12.0.1 (based on the same Firefox ESR) both settings are on by default.

This results in Tor Browser users receiving three dialogues in succession when attempting to download a file with Tor Browser's default settings applied, plus the wingpanel for the download itself:

Show screenshots:

That's not great! Also, there isn't a way to toggle the first warning on/off in about:preferences#general > Files and Applications either.

In addition to updating the copy itself, I think we should also consider:

• Flipping one or both Firefox prefs off by default, unless we've got a good privacy reason not to.
• Merging our warning into either the Open/Save As dialogue, or the Ongoing Downloads wingpanel.

added Next label and removed Backlog label

mentioned in issue tpo/ux/research#89 (closed)

@richard In the spirit of modernization/making TB less frustrating to use, what do you think about:

• Flipping Always ask you where to save files and Ask whether to open or save files off by default to match Firefox.
• Killing the existing "Download an external file type?" warning.
• And adding a short warning to the Downloads wingpanel instead, like so:

Or with a button instead maybe:

That would decrease the number of dialogs users need to fight their way through to download a file from 3 + the wingpanel, to just the wingpanel.

@donuts There is keyboard navigation between the list of downloads (#downloadsListBox) and the button (#downloadsFooterButtons). So having the dialog between them is not going to work with that. Do you want to move it to the top or bottom of the panel instead?

Also, @dan can you CC me for the review because I suspect that this might need some extra "aria" attributes to be accessible.

Top would be preferable please, if it needs to change (so the Show all downloads action can remain the last thing on the wingpanel).

However if we shift it to the top it may be better to replace the "X" with a button to dismiss the warning instead, so the "X" isn't confused as a button to dismiss the entire panel. There's an alternative design featuring a micro button in Figma already you can use @dan :)

removed Next label

added Needs Review label

assigned to @richard and unassigned @duncan

ah geez, I hate having my files auto go to ~/Downloads. Buuuut sticking the warning in the downloads drop down does seem nice. Let's plan on doing this after 12.5a4.

ah geez, I hate having my files auto go to ~/Downloads. Buuuut sticking the warning in the downloads drop down does seem nice.

Good thing you'll still be able to opt back in! :P

On a serious note, this is one of these things we should trust the user research and/or data behind Mozilla's decisions.

yeah you're right I know

marked this issue as related to tor-browser-build#40759 (closed)

assigned to @donuts and unassigned @richard

removed Needs Review label

added Doing label

Ready for dev handoff here: Figma link

assigned to @dan and unassigned @donuts

removed Doing label

added Next label

Are we going to want to backport this?

Not from my pov, we can wait until 12.5 (i.e. after the usability testing has been concluded) before releasing these fixes.

mentioned in issue #41600 (closed)

mentioned in issue tpo/ux/research#107 (closed)

marked this issue as related to tpo/ux/research#107 (closed)

added Doing label and removed Next label

removed the relation with tpo/ux/research#107 (closed)

@donuts was this envisioned for tor-browser only or Base browser and descendants as well?

Hrm that depends, is the external file warning already present in the base browser? Or is it in Tor Browser only?

oh cool it's part of toolkit/torbutton so I guess that answers that also solves my question on IRC as to where to put the new translations: torbutton

Perfect! After thinking about it properly, it really doesn't make sense for the privacy browser anyway.

So 'Ask whether to open or save file' maps to browser.download.always_ask_before_handling_new_types which seems not defined, but false by default. but i can add it to browser/app/profile/000-tor-browser.js as false.

the "Download an external file type?" warning is part of the tor button code, so I can disable it if we think we might want it later, or alternately remove and delete it. thoughts?

Since it's been superseded by the new warning in the downloads wing panel the old dialog is no longer needed, and I don't see us resurrecting it either. We could still dig it out of the version history if we wanted to anyway :)

mentioned in merge request !595 (merged)