Sweet! However I think this Wizard is a super-technical version of something that should be much simpler if we intend to be targeting non-technical users.
Feedback: http://trial.pearlcrescent.com/tor/torlauncher/2013-05-03/SetupWizard/screen...
Question 1 (this is literally the first thing a user will see when launching, right?) is a super-technical question. How is a user supposed to know if they're using a proxy? If we're targeting users who barely know what a browser is, I don't think these instructions are good enough. But any instructions would be wrong IMO. Surely there's some way to query this information from the system, no? On linux, looking at environment variables; on Windows there are system functions.
http://trial.pearlcrescent.com/tor/torlauncher/2013-05-03/SetupWizard/screen...
What percentage of users are a) affected by this question and b) understand it? I suspect it's very, very low, and therefore not worth dedicating a screen to. Every additional screen is a monumental amount of pain for a non-technical user to read, try to think through, and then ultimately guess at hoping they get something right. If something, anything, doesn't work - they will think back through all the screens they guessed at, and give up figuring it's way too hard to figure out.
What's the behavior of firewalls failing? Some drop packets (timeout) and others reject, right? If a connection on port 6-thousand-whatever hits one of those cases, retry on 80 or 443. Put up a cool animated gif that makes the user think their computer is fighting hard to get them online. Bonus points for having it actually represent the packet getting lost or being rejected.
http://trial.pearlcrescent.com/tor/torlauncher/2013-05-03/SetupWizard/screen...
I don't think this represents sufficiently that this is *Optional*. That (most) users will not need to fill this in.
I think we should think about the security and privacy implications of an approach that can be referred to technically as "try a bunch of shit".
1) If a user wants to use a proxy (e.g. an SSH tunnel) and we don't abide by that, they will leak network traffic, this is bad. It's also probably reasonably common for technical folks. 2) If a user must use a proxy - trying a non-proxied connection doesn't really matter, it'll just be dropped. It's very unlikely this will cause an alert or raise suspicions, especially when the net admin has created a chokepoint (the proxy) where she can do all the logging and analytics she wants.. (Anyone disagree?) 3) If a user must have their traffic exit on certain ports, and we try a different port - the firewall will drop it, and again, unlikely to cause an alert or raise suspicions. 4) If a user *wants* to have their traffic exit on a port, and we don't abide by it, that's bad. But I don't think this is super common. Well, maybe it is, maybe people prefer port 443.
So I think the best course of action would be to try and handle everything except to bridge screen automatically, with perhaps some [Advanced] button in the bottom left that these settings are hidden behind. Get the proxy settings automagically, and try some port probing.
-tom