[Tails-ux] [review] Onion Circuits and Tor Status extension …

Poista viesti

Vastaa
Lähettäjä: Spencer
Päiväys:  
Vastaanottaja: tails-ux
Kopio: intrigeri
Aihe: [Tails-ux] [review] Onion Circuits and Tor Status extension strings
Hi,

>
> intrigeri:
> thanks a lot for spending time on this!
>


Ofc (:

>>>
>>> Spencer:
>>> difference between Onion Circuits and Tor Status
>>>
>>
>> sajolida:
>> I think there's an engineering difference only :)
>>


Word.

>
> tried to explain this on:
> https://tails.boum.org/doc/anonymous_internet/Tor_status/
>


Yes but not as explicitly as this:

>
> Tor Status is the software that handles the onion icon in the system
> tray.
>
> Onion Circuits is the software that [displays] Tor [network]
> connections.
>


These are wonderful!

>>>
>>> • Onion Circuit click
>>>
>>
>> The virtual keyboard [is a] leftover from before
>>


In with the new, then (:

>
> Alan (who was doing the actual work) picked the menu option
>


Word.

>>>
>>> • The log
>>>
>>
>> What do you mean by "log" here?
>>
>
> What do you mean with "the log"?
>


The Tor status record; the contents of the current network status
disclosure triangle in the 'Path' section.

The only defining function I am referring to is the ability to have a
record of both success and failure.

>>>
>>> fills up nicely but the info disappears. It would be great to have
>>> control
>>> over this, if not only to have enough time to read and understand.
>>>
>>
>> - *circuit* is a Tor circuit
>>
>> - *stream* [is a flow of packets]
>>
>> - *path* seems to mean *circuit or stream*
>>


If we choose one, I am in favor of 'Circuit' since it is more common in
Tor Browser.

'Path' implies the possibility for another route. The value in the
mental model of the 3-hop Tor circuit path is in the word 'circuit',
given it's presumed fixed nature in the tangible world of electrical
engineering.

>>
>> - *connection*
>>


This reservation might be due the the verbness of the word 'connection',
e.g., "The stream to this website is secure." doesn't work so well, as
it is more broadly ambiguous compared to 'connection'.

>
> Onion Circuits is a real-time view of the _current_ status, not a log.
>


Yes but when an error appears and disappears (from the current status
disclosure in the 'Path' section) it becomes difficult to troubleshoot.

>>>
>>> • Path section shows both circuits and log info.
>>>
>>
>> we already have indentation to mark the difference
>>


I did not notice, or see, this ... my bad ):

>>>
>>> • There are no details when clicking on [some] path[s]
>>>
>>
>> #11195 .. using a bridge
>>
>
> If you were using a bridge: can you retry without using a bridge?
>


No bridge.

I think this report is based on what is expected in the details section.
If a circuit path string is selected, the info for each node is
displayed in 'Details'. However, if a connection status string is
selected, there is no info displayed in 'Details'.

In the case of an error in a Tor network connection where no circuit was
built, the details of the error, whatever they may be, could be valuable
for troubleshooting if we can keep it from disappearing.

>>>
>>> • explicit log
>>>
>
> use case [&] value [please] :)
>


Troubleshooting and learning more about the network connections.

>>>
>>> • It is not clear what the one hop paths are. They eventually
>>> disappear.
>>> • Some are 2 hops. These also eventually disappear.
>>>
>>
>> filter some of the noise in the list
>>


Or label and organize it. Many people use Tor Browser and cannot select
from many paths like this, so it seems somewhat confusing to have all
the options. And when some are unfinished it isn't clear that they are
under construction.

Color coding could help aid in clarifying circuit status.

Segregating 'Circuits Under Construction' from 'Circuits Built' could
aid in clarifying what the options are.

>
> Should we display only 3 hops circuits
>


If it is made clear that the one and two-hop circuits are under
construction, this may be a resolution that both clarifies and informs.

>>>
>>> • Maybe country could be the path labels, moving the router name to
>>> the details
>>> section where country is.
>>>
>
> Why?
>


It seems like this is a common mental model: "I am at my computer
connecting to other computers before I get to my destination; which
country should I exit from?"

This experience is supported in a usable way by OrBot and in a less
usable way by Tor Browser.

Macro to micro ordering puts country of the router first, then the
IP/nickname of the router, and so on, with other details.

Tor Browser's Tor Circuit Visualization also does this.

>>>
>>> • Regarding the subtitle of the dialog, the difference between
>>> circuits and streams
>>> isn't clear.
>>>
>
> Tor's nomenclature
>


Word.

>
> that's exactly what Onion Circuits does ("Display Tor circuits and
> streams").
>


Onion Circuits doesn't display a stream, at least not in the way a
packet stream capture does.

We don't need to get as detailed as the typical packet contents but
having a more established log (circuit connection history) of what the
status was, how long it took to connect, and so on, would be nice. The
Tails installer log does a nice job of this.

If we keep the stream messages that do appear, that would be enough,
presuming clicking on them provides more detail in the 'Details'
section.

Also, Onion Circuits displays the status but that could clutter the
subtitle:

'Tor Circuits, Streams, and Status'

>
> instead find some more [clear but equally informative] technical
> information
>


'Circuits and Connection Details'

'Circuits and Connections'

'Tor Network Connection Details'

'Tor Connection Details'

'Tor Connections'

'Monitor Tor Network Status'

'Manage Tor Status'

'Connections & Crap'

'Tor Stuff'

Or others...

Maybe the title 'Onion Circuits' makes the need to use 'circuit' in the
subtitle redundant.

Maybe 'circuits' presumes 'streams', since many have a mental model of
computer networking, though many don't.

>
> [users can] learn more
>


I am all for this.

>>>
>>> • Status labels aren't clear: Extended?
>>>
>>
>> Did you get "Extended" as status label? I wonder what this means
>> indeed... I think these labels come directly from Tor.
>>
>
> I believe this is essentially the same topic as the 1-hop /
> 2-hops issue.
>


I did.

I am unfamiliar with 'Extended' in other Tor contexts, such as the
various forms of the Tor Browser. Details on these would help people
learn more.

Or clarification with more familiar concepts, such as, 'Searching' or
'Connecting' would do.

>>>
>>> • Maybe circuit visualization should accompany 'Open Onion Circuits'
>>> option in
>>> the dropdown.
>>>
>>
>> We should be able to find something more explicit than 'Open
>> Onion Circuits', maybe:
>>
>> - 'View Tor circuits and connections'
>> - 'Tor circuits and connections'
>> - 'Tor circuits'
>>


I like the word 'view' but it may be unnecessary. I like the action
word, though.

I think 'Tor' is necessary given that the onion icon and the word
'onion' is all that is explicitly Tor related during this experience.

>
> This was proposed, and then rejected for security & technical reasons
> in the aforementioned thread. Let's come back to it, if you want,
> after you've read it.
>


Will do.

The point is that a dropdown with one option is unexpected and could be
better with a second option or a bit of info; the macro level network
status seems logical.

>
> (I'm sorry I can't point)
>


No worries (:

>>>
>>> • Why are there these circuits? How are they determined? Can these
>>> be manual or is
>>> there value to automatic potential path generation?
>>>
>>
>> They are built automatically by Tor. Allow the user to choose them
>> would
>> make them less random
>>


The randomness is in the selection algorithm so it would be the same
upon selection, it seems.

>>
>> and less anonymous.
>>


Not to the sticky entry, which may log everything. As mentioned in some
other places, the ability to separate identities on the fly is a very
valuable function to preserve anonymity.

Although Tor uses (c/n)2 as the probability that entry and exit could
correlate traffic, it is an imaginary and impossibly known equation that
only says that there is some possibility of maliciousness.

If the entry guard is malicious there is a guarantee of maliciousness.

The only protection is knowing that guardA and guardB don't know of each
others' client connections, or knowing you have minimized the
possibility of maliciousness with the hopes that guardA and guardB
aren't cooperating, a equally likely possibility in single guard
selection.

This doesn't mean that the entries are forgotten, they can still be
listed as if they merely went offline.

But ignore this.

>
> From a UX PoV I don't know what I can do from these 3 questions of
> yours
>


I will get better at being more specific (:

>
> why exactly does it matter in _this_ discussion?
>


Usability.

It is an unexpected decision not present to many Tor users, as the path
is chosen by code. Here, people get to see potential paths and choose
for themselves.

Uncertainty and decisions don't mix so well.

Is TorinTails building a bunch of circuits each time? How many? Why?
Are these real or only potential paths? Does Tor Browser do this? How
does this handle custom entry and exits listed in torrc? Can I see
internet destinations for each circuit? and so on.

These are questions from users. No need to answer them here but the
interface would benefit from addressing some of these.

>
> not-too-technical
>


The more technical the better!

>
> trust
>


It is unclear what this means [rhetorical].



As always, keep what you like and ditch what you don't. The designer of
this did a great job!

Wordlife,
Spencer