[Tails-ux] Running programs from the files manager [Was: Req…

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: Collin Sullivan, tails-ux
Old-Topics: Re: [Tails-testers] Request for JavaFX on Tails 3.0
Subject: [Tails-ux] Running programs from the files manager [Was: Request for JavaFX on Tails 3.0]
hi,

[moving this part of the discussion to a dedicated thread on
tails-ux@, as IMO it reaches further than a support question, i.e.
we need to decide how we want Tails to behave; it's rather about UX
than about implementation details so I'm not adding -dev@ to the loop
at this point.]

Collin Sullivan:
> PS - Apologies to ask a support question here, but, is there an easy
> way for the user to change the default in Tails' file manager
> preferences to ensure that it asks every time an executable text file
> is double clicked?


I'll assume this is about running a custom setup script *once*, and
running the application set up by that script will be done in nicer
ways, via the Overview or Applications menu.

> I think the default is just to open the text file
> and not execute, which is great for security, but asking seems
> similarly safe, no?


>From a purely technical point of view it would be similarly safe.

But users tend to click through any warning that gets in the way of
whatever they're trying to do, even if the phrasing is meant to be
very explicit about the risks (many people simply won't actually
*read* the text).

I'm open to discussing adequate ways to ease executing custom
programs, which can be useful e.g. for Martus users, but without
putting all users at risk of doing something dangerous that they did
not really mean to do. I'm not a designer, but one idea that comes to
mind is to provide dedicated UI for the specific action we're talking
about, i.e. allow the user to explicitly express "I want to execute
the thing that's under my pointer as a program" whenever it is their
intent (e.g. with something like "right click → Execute as
a Program"). As opposed to asking for a confirmation after the user
has requested a potentially totally unrelated action, I believe this
solution would avoid, in most cases, undesired arbitrary
code execution.

Thoughts?

Cheers!