Re: [Tails-ux] [Tails-testers] Running programs from the fil…

This message is part of the following thread:
M\the complete thread tree sorted by date
MMSusan at <-
Msajolida at ->
Delete this message

Reply to this message
Author: u
Date:  
To: tails-ux
Subject: Re: [Tails-ux] [Tails-testers] Running programs from the files manager [Was: Request for JavaFX on Tails 3.0]
Hi!

intrigeri:
> Collin Sullivan:
>> PS - Apologies to ask a support question here, but, is there an easy
>> way for the user to change the default in Tails' file manager
>> preferences to ensure that it asks every time an executable text file
>> is double clicked?

>> I think the default is just to open the text file
>> and not execute, which is great for security, but asking seems
>> similarly safe, no?
>
> From a purely technical point of view it would be similarly safe.
> But users tend to click through any warning that gets in the way of
> whatever they're trying to do, even if the phrasing is meant to be
> very explicit about the risks (many people simply won't actually
> *read* the text).
>
> I'm open to discussing adequate ways to ease executing custom
> programs, which can be useful e.g. for Martus users, but without
> putting all users at risk of doing something dangerous that they did
> not really mean to do. I'm not a designer, but one idea that comes to
> mind is to provide dedicated UI for the specific action we're talking
> about, i.e. allow the user to explicitly express "I want to execute
> the thing that's under my pointer as a program" whenever it is their
> intent (e.g. with something like "right click → Execute as
> a Program"). As opposed to asking for a confirmation after the user
> has requested a potentially totally unrelated action, I believe this
> solution would avoid, in most cases, undesired arbitrary
> code execution.

I agree fully with intrigeri's proposal of adding this as an explicit
option accessible via right-click.

Tails' target group are people who are not necessarily power users and
should IMO be protected from this kind of choice to make when clicking
on a text file. Power users on the other hand, are people who create
these executable text files, i.e. bash or python scripts and the like
and they are probably able to execute them by running them in a terminal
and don't need to be presented with such an option.

The default option should be a simple one: click and open. The
non-default behaviour should be accessible only to those few who need it
and not modify the simple behaviour for everybody else.

Cheers!

This message was posted to the following mailing lists:
tails-ux
Mailing List Info | Nearby Messages		<-Re: [Tails-ux] wifi/wifi hotspot[Tails-ux] Tails contributors meeting: Friday February 03->
lists.autistici.org administrated by postmasterLurker (version 2.3)