Lähettäjä: Michael Gerstacker Päiväys: Vastaanottaja: Tails user experience & user interface design Aihe: [Tails-ux] #15635 The Unsafe Browser allows to retrieve the public
IP address by a compromised amnesia user with no user interaction
Hi,
i would like to give my thoughts about that ticket too.
I dont know how big the risk of a compromised amnesia user really is so i
need to assume that its a high risk.
I think enabling the unsafe browser by default IF there is a risk is
somehow inconsequent to the rest of Tails behavior.
Normally Tails in its default settings is safe but now the user need to do
an extra interaction to be safe.
The Tails Greeter even say "Normally the default settings are safe in most
situations." but thats not true then anymore because now the average user
need to do an extra step to be safe again.
With enabling the unsafe browser by default you put ALL users under risk
even these user who need to connect to a captive portal and expect ALL
users to weighten the risk of using the default settings or disabling the
unsafe browser.
And ALL of them need to remember that they are under risk as long as the
unsafe browser is enabled.
I dont really agree with sajolidas comment in note-18.
Its pretty likely that you will mostly interview people who already needed
to login into a captive portal because these are the people who travel.
Its less likely that you will interview people who use Tails only at home
and therefore will never need to login into a captive portal.
I for example did not travelled since 9 years but i boot Tails every day.
I think most of the time its pretty obvious if you need to login into a
captive portal.
But with that decision you put these users at risk who forgot to disable
the unsafe browser, you put these users at risk who dont know that they
should disable the unsafe browser and that decision is not a real benefit
for these users who would remember to enable the unsafe browser before
booting Tails because you save these users only two clicks.
The only group you support are these users who would forget to enable the
unsafe browser but the worst thing what could happen is that those group
need to reboot.
Lets compare that with how you handle bridges right now.
Because of UX reasons Tails decided to directly connect to Tor by default.
So there you put all users under risk who live in a country where using Tor
can lead to punishment and these users need to care for themself to
remember to edit the default settings. This group is perhaps very small if
even existing so i think that decision is the right one.
If someone now choosed the wrong settings and actually wanted to connect to
Tor directly the worst thing what could happen is that he need to reboot.
But if someone acidentially choosed the wrong settings about the unsafe
browser then he is under risk!
So with that decision you put ALL users under a potentially risk for only
saving a reboot for that small userbase who is booting Tails at a place
where a login into a captive portal is necessary and who would forget to
enable the unsafe browser.
And i think that group is not much bigger than the userbase who would have
a benefit of changing the default behavior to use a bridge by default.
So that decision seems inconsequent to how Tails is for example handling
bridges setup and inconsistent with the statement "The defautl settings are
safe in most situations." and i think the unsafe browser should be disabled
by default.