Skip to content

Update security level UI for new UX flow

henryrequested to merge
henry/tor-browser:security-level-ux-tb43782 into tor-browser-128.10.0esr-14.5-1

Merge Info

Issues

Resolves

Related

Merging

Target Branches

  • tor-browser - !fixups to tor-browser-specific commits, new features, security backports
  • base-browser and mullvad-browser - !fixups to base-browser-specific commits, new features to be shared with mullvad-browser, and security backports
    • ⚠️ IMPORTANT: Please list the base-browser-specific commits which need to be cherry-picked to the base-browser and mullvad-browser branches here

Target Channels

  • Alpha: esr128-14.5
  • Stable: esr128-14.0
  • Legacy: esr115-13.5 (will likely need a replacement of some CSS variables)

Backporting

Timeline

  • No Backport (preferred): patchset for the next major stable
  • Immediate: patchset needed as soon as possible (fixes CVEs, 0-days, etc)
  • Next Minor Stable Release: patchset that needs to be verified in nightly before backport
  • Eventually: patchset that needs to be verified in alpha before backport

(Optional) Justification

  • Security update: patchset contains a security fix (be sure to select the correct item in Timeline)
  • Censorship event: patchset enables censorship circumvention
  • Critical bug-fix: patchset fixes a bug in core-functionality
  • Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
  • Sponsor required: patchset required for sponsor
  • Localization: typos and other localization changes that should be also in the release branch
  • Other: please explain

Upstream

  • Patchset is a candidate for uplift to Firefox
  • Patchset is a backport from Firefox
    • Bugzilla link:
    • Upstream commit:

Issue Tracking

Review

Request Reviewer

  • Request review from an applications developer depending on modified system:
    • NOTE: if the MR modifies multiple areas, please /cc all the relevant reviewers (since Gitlab only allows 1 reviewer)
    • accessibility : henry
    • android : clairehurst, dan
    • build system : boklm
    • ci/cd: brizental, henry
    • extensions : ma1
    • firefox internals (XUL/JS/XPCOM) : jwilde, ma1
    • fonts : pierov
    • frontend (implementation) : henry
    • frontend (review) : donuts, morgan
    • localization : henry, pierov
    • macOS : clairehurst, dan
    • nightly builds : boklm
    • rebases/release-prep : brizental, clairehurst, dan, ma1, pierov, morgan
    • security : jwilde, ma1
    • signing : boklm, morgan
    • updater : pierov
    • windows : jwilde, morgan
    • misc/other : pierov, morgan

Change Description

Implement the designs from tpo/ux/design#162 (closed).

In addition, we drop the distinction between the security levels in the UI when the user has a custom security level. I.e. we always show shield as unfilled but with a yellow dot in the toolbar, and we just call it "Custom" rather than "Standard Custom", etc.

How Tested

Tested the UI at different security levels.

Still need to verify that the security level is as expected once the browser restarts.

Edited by henry

Merge request reports