Re: [Tails-ux] RFC: Phrasing for warning users when running …

Poista viesti

Vastaa
Lähettäjä: intrigeri
Päiväys:  
Vastaanottaja: Tails user experience & user interface design, austinenglish
Aihe: Re: [Tails-ux] RFC: Phrasing for warning users when running in a non-free VM
Hi,

I essentially agree with everything that sajolida said (and thanks for
the fast reply!).

Just a nitpick or two:

sajolida wrote (08 Aug 2015 13:32:29 GMT) :
> 2. Change the body into:


> "Both the host operating system and the virtualization software are
> able to monitor what you are doing in Tails.


> Additionally, only free virtualization software should be trusted.


It feels a bit patronizing to tell people what they should trust (we
do kinda the same on the virtualization doc page, but at least there
it's written "we believe [...] to be trustworthy", which makes the
subjective PoV clear).

I'd prefer an approach in which we give people the means to make
a security decision, by warning about the specific risks of non-free
virtualization software (as we do already, as quoted above, in the
general virtualization case; and as we do already on the
virtualization doc page).

Also, it feels weird to warn specifically about non-free
virtualization software, but not about non-free operating systems,
once we've made the step to assume that users of free OS use free
virtualization software (FTR, I think it's a OK assumption to simplify
this discussion).

So, I think we should merely give a hint here about the specific risks
of non-free virtualization software, and leave it to the existing
great doc page to explain the specifics, as it already does.

The only modification to that doc page that seems necessary to take
all this into account then would be something like:

Only run Tails in a virtual machine if the host operating system
is trustworthy.

with:

Only run Tails in a virtual machine if the host operating system
and virtualization software are both trustworthy.

> Consider using <a
> href='https://www.virtualbox.org/'>VirtualBox</a> instead.


I'd rather move this one to the doc page about virtualization (linked
below), which will give us more room to warn agains the non-free
extension pack that's featured quite prominently on their download
page. That would be the second modification needed there, to make it
consistent with what Austin English is implementing.

Thoughts?

Cheers,
--
intrigeri