A short while ago, I did a training for some activists from a country that is hostile to the Internet. These people were some of the more technical people from their community. There was a mix of Windows and OS X laptops in the session. English was their third language, for added fun.
I walked them through finding tor browser bundle, downloading it, verifying it, unzipping it, and starting it. Here was the first problem. They couldn't find tbb on the download page. Their comments were that all these files and releases on the page were confusing. They wanted just one thing to look at, pick their operating system, and go. And they wanted the one thing to automatically detect their language preferences for tbb.
I ended up pointing them at tpo/torbrowser, which they also thought was confusing. The aforementioned desires weren't satisfied on this page, but at least they could find their preferred language. They all commented that back home, a 24MB file was too big, and can't they get it via bittorrent or some other piecemeal way? A 24mb file would take hours to download.
Once they finally downloaded it, they all double clicked on their resulting zip file. In fact, all of the mac people ended up downloading the windows tbb and unzipped it correctly. In all cases, their operating system handled the zip file correctly. After fixing the mac people with mac tbb, we moved on to the next step.
None of them had pgp installed, and therefore no way to verify the .asc and zip file.
Most of them figured out to click inside the resulting folder and start the 'start tor browser' program. For all of the macs, the tbb didn't start. The people had to restart the system and then clicking on 'start tor browser' worked as expected.
As tbb was starting up, nearly all of them clicked on 'start tor browser' one to three times more, because they didn't see anything starting up. In fact, it was starting, it just wasn't instantaneous. I worry about forcing a splash screen that announces "I'm using Tor!" on the screen, but at the same time, it would let users know that tbb is starting.
Once vidalia started, no one waited for tbb firefox to start, but rather started their own browser and tried to use it. Once tbb firefox started up, in some cases, minutes later, they were confused. Why didn't tbb firefox start right away instead of this useless vidalia control panel?
A few of them felt the need to explore the vidalia control panel since we showed it to them. As if to say, 'there are buttons you are showing me, I just click and explore.'
Once tbb firefox started, they were ok with using firefox over tor just fine. The first thing many of them did was to login to facebook or gmail over tor to see if it was different. None of them verified the ssl cert presented for facebook or gmail logins. For those that did login to gmail, gchat didn't work due to the lack of Flash in tbb firefox.
We then tried to configure their chat clients for tor. Adium on the mac was fairly easy. The variety of clients on windows wasn't so easy. A few wondered about logging in over ssl, but never did because the services didn't offer it (aol, msn, gchat). I showed the windows people pidgin, but they liked their native apps and didn't see why one multi-protocol app was better.
The experience continued through pidgin with OTR, installing pgp for email and verifying files, and a general talk about openssl certificates, what they mean, and what verification of a cert entails.
The relevant tor experience was what I wanted to communicate and for us to start thinking through ways to address it. Perhaps Mike's desire for a anonymous browser is a correct path for usability and better anonymity for the user. I believe torfox and torora have both come to the same conclusion (at different times) as well.
On 2011-05-12 07:59, Andrew Lewman wrote:
A short while ago, I did a training for some activists from a country that is hostile to the Internet. These people were some of the more technical people from their community. There was a mix of Windows and OS X laptops in the session. English was their third language, for added fun.
I walked them through finding tor browser bundle, downloading it, verifying it, unzipping it, and starting it. Here was the first problem. They couldn't find tbb on the download page. Their comments were that all these files and releases on the page were confusing. They wanted just one thing to look at, pick their operating system, and go. And they wanted the one thing to automatically detect their language preferences for tbb.
Easily solved. A download page should be workflow based. You can lay it out as columns or successive pages. Example:
What is your OS? (pre-selected based on the browser string)-> drop down list -> download link. For the main recommended product only, alternative versions should not be suggested, but be available on a drill-down page. See next comment.
(You will also want an index page containing all downloadable versions, but that page should be linked from the bottom of the download page. "For alternative versions of our product, click here")
I ended up pointing them at tpo/torbrowser, which they also thought was confusing. The aforementioned desires weren't satisfied on this page, but at least they could find their preferred language. They all commented that back home, a 24MB file was too big, and can't they get it via bittorrent or some other piecemeal way? A 24mb file would take hours to download.
This is one of those rare situations where two entirely unrelated issues combine to confuse even some of the more experienced product managers.
The first issue is the UE problem, meaning page design bug, of giving the user choices inside the default work flow of having to select a particular product, such as tpo/torbrowser. There should only be one default choice per OS.
The other issue has too sub-issues. The first sub-issue is that users can be whiny, as they are here. How are those users with their shiny MacOS laptops getting OS updates? How large are those OS updates? How big was that last iTunes update? Oh, those updates are larger than 24 MB?
Granted, how users obtain other software is a follow-up question the PM must ask in this situation to either learn how to best adjust user expectation or learn which distribution mechanism to emulate.
The second sub-issue (only useful to know after having figured out the first) is which download options to offer as part of the regular work flow. http/our download manager/BT are common, but that doesn't necessary make them the correct choices for Tor.
None of them had pgp installed, and therefore no way to verify the .asc and zip file.
That is to be expected. (And I am confident was expected by Andrew).
Most of them figured out to click inside the resulting folder and start the 'start tor browser' program. For all of the macs, the tbb didn't start. The people had to restart the system and then clicking on 'start tor browser' worked as expected.
Bug of some sort. (Possibly in the installer not prompting the user for the required reboot).
As tbb was starting up, nearly all of them clicked on 'start tor browser' one to three times more, because they didn't see anything starting up. In fact, it was starting, it just wasn't instantaneous. I worry about forcing a splash screen that announces "I'm using Tor!" on the screen, but at the same time, it would let users know that tbb is starting.
You are striving for user notification of actions in 3/10th of a second. Anything more than that and the user will perceive lag. Note that 3/10 of a second is plenty of time to load a stub that reads "Please wait, Tor is loading". Take much longer after that notice is presented to the user for the final app to load and you'll want some visual indicator of progress, such as a spinning ball.
Once vidalia started, no one waited for tbb firefox to start, but rather started their own browser and tried to use it. Once tbb firefox started up, in some cases, minutes later, they were confused. Why didn't tbb firefox start right away instead of this useless vidalia control panel?
Again, multiple issues here. Clearly the browser is loading too slowly, which may be inherent to the browser. If so - and if it is not possible to make the browser load faster by stripping it down - you are using the wrong default browser. Obvious area to explore here is how fast the users' regular browsers are loading. Must be faster than tbb firefox or they wouldn't have been able to start their own browsers in the interim. Figure out why their default browsers are loading faster and go from there.
A few of them felt the need to explore the vidalia control panel since we showed it to them. As if to say, 'there are buttons you are showing me, I just click and explore.'
UE design bug. The user should only be presented with UI elements that the user needs to interact with to complete the task. Anything else should be buried in a "Tools" (think Chrome) menu or Tray icon. If what you are loading is a new browser, there shouldn't even be a Tray icon, but an additional button or sub-menu in the browser.
Once tbb firefox started, they were ok with using firefox over tor just fine. The first thing many of them did was to login to facebook or gmail over tor to see if it was different. None of them verified the ssl cert presented for facebook or gmail logins. For those that did login to gmail, gchat didn't work due to the lack of Flash in tbb firefox.
Expected behavior. No normal user verifies SSL server certs, knows they exist, or knows how to verify a cert even if they knew it existed. If the browser had reported an error with the cert the users would have clicked to ignore the mismatch. If the browser were to block access to the site due to a bad cert, the user would have switched to a browser that doesn't exhibit the blocking behavior. Human factor studies abound.
We then tried to configure their chat clients for tor. Adium on the mac was fairly easy. The variety of clients on windows wasn't so easy. A few wondered about logging in over ssl, but never did because the services didn't offer it (aol, msn, gchat). I showed the windows people pidgin, but they liked their native apps and didn't see why one multi-protocol app was better.
Unachievable scope combined with misguided user expectations.
The Tor Project would do well to not ADHD its activities into fixing all security ills of this world, such as email encryption, full disk encryption, or how to secure data once it leaves the exit node. All are real problems, but the one problem that is the core focus of Tor is difficult enough and you have barely enough resources to address even that.
There more interesting lesson that comes out of your experience is far from novel, but it bears repeating: absent other guidance, users expect security products, including anonymity products, to sprinkle security fairy dust over the user's existing work flow. We do not know how to achieve this goal given the present state of the art in computer science.
Consequently, providing anonymity services to the user requires work flow changes from the user. Users will not engage in work flow changes within their normal user environment. You have to change the environment to make the work flow changes acceptable and employed by the user. You still run the very real risk that the user will not accept the new environment, but at least it is possible to get the user to change behavior in a new environment, while it is not possible to get the user to change behavior in the old environment.
The conclusion from this is pretty straight forward, though perhaps not welcome: it is called a virtual machine.
The experience continued through pidgin with OTR, installing pgp for email and verifying files, and a general talk about openssl certificates, what they mean, and what verification of a cert entails.
Yikes. Talk about ambitious. :-)
The relevant tor experience was what I wanted to communicate and for us to start thinking through ways to address it. Perhaps Mike's desire for a anonymous browser is a correct path for usability and better anonymity for the user. I believe torfox and torora have both come to the same conclusion (at different times) as well.
Hope my comments help, they are based on decades in this industry and are intended to help. Feel free to contact me with any questions.
--Lucky
We should definitely translate Andrew's report and this commentary into tickets in the bug tracker, otherwise it will be forgotten..
Any volunteers? :)
Thus spake Lucky Green (shamrock@cypherpunks.to):
On 2011-05-12 07:59, Andrew Lewman wrote:
A short while ago, I did a training for some activists from a country that is hostile to the Internet. These people were some of the more technical people from their community. There was a mix of Windows and OS X laptops in the session. English was their third language, for added fun.
I walked them through finding tor browser bundle, downloading it, verifying it, unzipping it, and starting it. Here was the first problem. They couldn't find tbb on the download page. Their comments were that all these files and releases on the page were confusing. They wanted just one thing to look at, pick their operating system, and go. And they wanted the one thing to automatically detect their language preferences for tbb.
Easily solved. A download page should be workflow based. You can lay it out as columns or successive pages. Example:
What is your OS? (pre-selected based on the browser string)-> drop down list -> download link. For the main recommended product only, alternative versions should not be suggested, but be available on a drill-down page. See next comment.
(You will also want an index page containing all downloadable versions, but that page should be linked from the bottom of the download page. "For alternative versions of our product, click here")
I ended up pointing them at tpo/torbrowser, which they also thought was confusing. The aforementioned desires weren't satisfied on this page, but at least they could find their preferred language. They all commented that back home, a 24MB file was too big, and can't they get it via bittorrent or some other piecemeal way? A 24mb file would take hours to download.
This is one of those rare situations where two entirely unrelated issues combine to confuse even some of the more experienced product managers.
The first issue is the UE problem, meaning page design bug, of giving the user choices inside the default work flow of having to select a particular product, such as tpo/torbrowser. There should only be one default choice per OS.
The other issue has too sub-issues. The first sub-issue is that users can be whiny, as they are here. How are those users with their shiny MacOS laptops getting OS updates? How large are those OS updates? How big was that last iTunes update? Oh, those updates are larger than 24 MB?
Granted, how users obtain other software is a follow-up question the PM must ask in this situation to either learn how to best adjust user expectation or learn which distribution mechanism to emulate.
The second sub-issue (only useful to know after having figured out the first) is which download options to offer as part of the regular work flow. http/our download manager/BT are common, but that doesn't necessary make them the correct choices for Tor.
None of them had pgp installed, and therefore no way to verify the .asc and zip file.
That is to be expected. (And I am confident was expected by Andrew).
Most of them figured out to click inside the resulting folder and start the 'start tor browser' program. For all of the macs, the tbb didn't start. The people had to restart the system and then clicking on 'start tor browser' worked as expected.
Bug of some sort. (Possibly in the installer not prompting the user for the required reboot).
As tbb was starting up, nearly all of them clicked on 'start tor browser' one to three times more, because they didn't see anything starting up. In fact, it was starting, it just wasn't instantaneous. I worry about forcing a splash screen that announces "I'm using Tor!" on the screen, but at the same time, it would let users know that tbb is starting.
You are striving for user notification of actions in 3/10th of a second. Anything more than that and the user will perceive lag. Note that 3/10 of a second is plenty of time to load a stub that reads "Please wait, Tor is loading". Take much longer after that notice is presented to the user for the final app to load and you'll want some visual indicator of progress, such as a spinning ball.
Once vidalia started, no one waited for tbb firefox to start, but rather started their own browser and tried to use it. Once tbb firefox started up, in some cases, minutes later, they were confused. Why didn't tbb firefox start right away instead of this useless vidalia control panel?
Again, multiple issues here. Clearly the browser is loading too slowly, which may be inherent to the browser. If so - and if it is not possible to make the browser load faster by stripping it down - you are using the wrong default browser. Obvious area to explore here is how fast the users' regular browsers are loading. Must be faster than tbb firefox or they wouldn't have been able to start their own browsers in the interim. Figure out why their default browsers are loading faster and go from there.
A few of them felt the need to explore the vidalia control panel since we showed it to them. As if to say, 'there are buttons you are showing me, I just click and explore.'
UE design bug. The user should only be presented with UI elements that the user needs to interact with to complete the task. Anything else should be buried in a "Tools" (think Chrome) menu or Tray icon. If what you are loading is a new browser, there shouldn't even be a Tray icon, but an additional button or sub-menu in the browser.
Once tbb firefox started, they were ok with using firefox over tor just fine. The first thing many of them did was to login to facebook or gmail over tor to see if it was different. None of them verified the ssl cert presented for facebook or gmail logins. For those that did login to gmail, gchat didn't work due to the lack of Flash in tbb firefox.
Expected behavior. No normal user verifies SSL server certs, knows they exist, or knows how to verify a cert even if they knew it existed. If the browser had reported an error with the cert the users would have clicked to ignore the mismatch. If the browser were to block access to the site due to a bad cert, the user would have switched to a browser that doesn't exhibit the blocking behavior. Human factor studies abound.
We then tried to configure their chat clients for tor. Adium on the mac was fairly easy. The variety of clients on windows wasn't so easy. A few wondered about logging in over ssl, but never did because the services didn't offer it (aol, msn, gchat). I showed the windows people pidgin, but they liked their native apps and didn't see why one multi-protocol app was better.
Unachievable scope combined with misguided user expectations.
The Tor Project would do well to not ADHD its activities into fixing all security ills of this world, such as email encryption, full disk encryption, or how to secure data once it leaves the exit node. All are real problems, but the one problem that is the core focus of Tor is difficult enough and you have barely enough resources to address even that.
There more interesting lesson that comes out of your experience is far from novel, but it bears repeating: absent other guidance, users expect security products, including anonymity products, to sprinkle security fairy dust over the user's existing work flow. We do not know how to achieve this goal given the present state of the art in computer science.
Consequently, providing anonymity services to the user requires work flow changes from the user. Users will not engage in work flow changes within their normal user environment. You have to change the environment to make the work flow changes acceptable and employed by the user. You still run the very real risk that the user will not accept the new environment, but at least it is possible to get the user to change behavior in a new environment, while it is not possible to get the user to change behavior in the old environment.
The conclusion from this is pretty straight forward, though perhaps not welcome: it is called a virtual machine.
The experience continued through pidgin with OTR, installing pgp for email and verifying files, and a general talk about openssl certificates, what they mean, and what verification of a cert entails.
Yikes. Talk about ambitious. :-)
The relevant tor experience was what I wanted to communicate and for us to start thinking through ways to address it. Perhaps Mike's desire for a anonymous browser is a correct path for usability and better anonymity for the user. I believe torfox and torora have both come to the same conclusion (at different times) as well.
Hope my comments help, they are based on decades in this industry and are intended to help. Feel free to contact me with any questions.
--Lucky _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
On Wed, 18 May 2011 00:39:03 -0700 Mike Perry mikeperry@fscked.org wrote:
We should definitely translate Andrew's report and this commentary into tickets in the bug tracker, otherwise it will be forgotten..
On my todo list.
On Fri, 13 May 2011 00:25:00 -0700 Lucky Green shamrock@cypherpunks.to wrote:
Easily solved. A download page should be workflow based. You can lay it out as columns or successive pages. Example:
We have this, sort of, at https://www.torproject.org/download/download-easy
The first issue is the UE problem, meaning page design bug, of giving the user choices inside the default work flow of having to select a particular product, such as tpo/torbrowser. There should only be one default choice per OS.
If we used javascript to magically detect their preferred language, then we could default the page to that, for their OS too.
The other issue has too sub-issues. The first sub-issue is that users can be whiny, as they are here. How are those users with their shiny MacOS laptops getting OS updates? How large are those OS updates? How big was that last iTunes update? Oh, those updates are larger than 24 MB?
Assume for this set of users, everything is possibly not legally obtained. They swap cdroms and usb drives around. They may not be able to legally buy the software in their home country.
The second sub-issue (only useful to know after having figured out the first) is which download options to offer as part of the regular work flow. http/our download manager/BT are common, but that doesn't necessary make them the correct choices for Tor.
I was thinking of thandy/secure updater here. They download one tiny thandy-stub program, which then does the rest via https or bittorrent.
None of them had pgp installed, and therefore no way to verify the .asc and zip file.
That is to be expected. (And I am confident was expected by Andrew).
Yes, expected.
Most of them figured out to click inside the resulting folder and start the 'start tor browser' program. For all of the macs, the tbb didn't start. The people had to restart the system and then clicking on 'start tor browser' worked as expected.
Bug of some sort. (Possibly in the installer not prompting the user for the required reboot).
It's a bug. There is no installer for TBB by design. It should just unzip and work.
You are striving for user notification of actions in 3/10th of a second. Anything more than that and the user will perceive lag. Note that 3/10 of a second is plenty of time to load a stub that reads "Please wait, Tor is loading". Take much longer after that notice is presented to the user for the final app to load and you'll want some visual indicator of progress, such as a spinning ball.
Something optional that loads the first time, with a check box that says 'never load this message again' would also work.
Again, multiple issues here. Clearly the browser is loading too slowly, which may be inherent to the browser. If so - and if it is not possible to make the browser load faster by stripping it down - you are using the wrong default browser. Obvious area to explore here is how fast the users' regular browsers are loading. Must be faster than tbb firefox or they wouldn't have been able to start their own browsers in the interim. Figure out why their default browsers are loading faster and go from there.
This is firefox, stripped down already. I think the problem here isn't that firefox was a dog on OSX, because it loaded fast on the window's systems, but rather they didn't even know a browser was going to load.
UE design bug. The user should only be presented with UI elements that the user needs to interact with to complete the task. Anything else should be buried in a "Tools" (think Chrome) menu or Tray icon. If what you are loading is a new browser, there shouldn't even be a Tray icon, but an additional button or sub-menu in the browser.
I like what TAILS has done here. They strip out all of the configuration options from Vidalia, so you can't click to change any settings.
The Tor Project would do well to not ADHD its activities into fixing all security ills of this world, such as email encryption, full disk encryption, or how to secure data once it leaves the exit node.
If not us, then who? ;) Yes, I agree, but users invariably ask us about this stuff because we all use it daily.
We do not know how to achieve this goal given the present state of the art in computer science.
Well, I look at TAILS and Haven as two anonymous OSes that make strides towards this. Anonymous and mostly-secure by default enforce the 'power of the defaults'.
And yes, your comments are always welcome.
Hi,
Andrew Lewman wrote (18 May 2011 19:37:28 GMT) :
I like what TAILS has done here. They strip out all of the configuration options from Vidalia, so you can't click to change any settings.
FWIW, the Settings dialog is nevertheless reachable, in Tails, from the menu one get by right-clicking the Vidalia taskbar icon. Many users sometimes need it to workaround so-called Internet access with filtered egress, and our upcoming bridges support needs it as well.
Bye, -- intrigeri intrigeri@boum.org | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | So what?
On Thu, 2011-05-12 at 10:59 -0400, Andrew Lewman wrote:
A short while ago, I did a training for some activists from a country that is hostile to the Internet. These people were some of the more technical people from their community. There was a mix of Windows and OS X laptops in the session. English was their third language, for added fun.
I walked them through finding tor browser bundle, downloading it, verifying it, unzipping it, and starting it. Here was the first problem. They couldn't find tbb on the download page. Their comments were that all these files and releases on the page were confusing. They wanted just one thing to look at, pick their operating system, and go. And they wanted the one thing to automatically detect their language preferences for tbb.
As Torbutton has taught us, browsers send quite a bit of information with them. It seems like it would be helpful to automatically detect the user's language and operating system, via the User-Agent and Accept-Language headers.
I ended up pointing them at tpo/torbrowser, which they also thought was confusing. The aforementioned desires weren't satisfied on this page, but at least they could find their preferred language. They all commented that back home, a 24MB file was too big, and can't they get it via bittorrent or some other piecemeal way? A 24mb file would take hours to download.
Torrents are already auto-generated somewhere, though I can't seem to find the link at the moment.
Once they finally downloaded it, they all double clicked on their resulting zip file. In fact, all of the mac people ended up downloading the windows tbb and unzipped it correctly. In all cases, their operating system handled the zip file correctly. After fixing the mac people with mac tbb, we moved on to the next step.
None of them had pgp installed, and therefore no way to verify the .asc and zip file.
GPG4Win[1] somewhat usable, though it's still not as easy as Seahorse and such on Linux. Doesn't Microsoft have a built-in way to digitally sign binaries? [1]: http://www.gpg4win.org/
Most of them figured out to click inside the resulting folder and start the 'start tor browser' program. For all of the macs, the tbb didn't start. The people had to restart the system and then clicking on 'start tor browser' worked as expected.
As tbb was starting up, nearly all of them clicked on 'start tor browser' one to three times more, because they didn't see anything starting up. In fact, it was starting, it just wasn't instantaneous. I worry about forcing a splash screen that announces "I'm using Tor!" on the screen, but at the same time, it would let users know that tbb is starting.
This is a problem among many users, though one that is rather unrelated to anything Tor-specific. The solution to this is probably better startup notification systems, but that's very much out of scope for Tor.
Once vidalia started, no one waited for tbb firefox to start, but rather started their own browser and tried to use it. Once tbb firefox started up, in some cases, minutes later, they were confused. Why didn't tbb firefox start right away instead of this useless vidalia control panel?
A few of them felt the need to explore the vidalia control panel since we showed it to them. As if to say, 'there are buttons you are showing me, I just click and explore.'
Maybe Vidalia should just start in the background and display a little bubble at startup?
Once tbb firefox started, they were ok with using firefox over tor just fine. The first thing many of them did was to login to facebook or gmail over tor to see if it was different. None of them verified the ssl cert presented for facebook or gmail logins. For those that did login to gmail, gchat didn't work due to the lack of Flash in tbb firefox.
We then tried to configure their chat clients for tor. Adium on the mac was fairly easy. The variety of clients on windows wasn't so easy. A few wondered about logging in over ssl, but never did because the services didn't offer it (aol, msn, gchat). I showed the windows people pidgin, but they liked their native apps and didn't see why one multi-protocol app was better.
Google Chat, as it uses XMPP, has SSL support by default. Pidgin's better because it has OTR and SOCKS support (minus the XMPP DNS resolution thing), of course!
The experience continued through pidgin with OTR, installing pgp for email and verifying files, and a general talk about openssl certificates, what they mean, and what verification of a cert entails.
Trying to get anyone, let alone 'real people', to understand the SSL certificate model is futile.
The relevant tor experience was what I wanted to communicate and for us to start thinking through ways to address it. Perhaps Mike's desire for a anonymous browser is a correct path for usability and better anonymity for the user. I believe torfox and torora have both come to the same conclusion (at different times) as well.
On Fri, 13 May 2011 18:09:04 -0400 katmagic the.magical.kat@gmail.com wrote:
On Thu, 2011-05-12 at 10:59 -0400, Andrew Lewman wrote:
A short while ago, I did a training for some activists from a country that is hostile to the Internet. These people were some of the more technical people from their community. There was a mix of Windows and OS X laptops in the session. English was their third language, for added fun.
I walked them through finding tor browser bundle, downloading it, verifying it, unzipping it, and starting it. Here was the first problem. They couldn't find tbb on the download page. Their comments were that all these files and releases on the page were confusing. They wanted just one thing to look at, pick their operating system, and go. And they wanted the one thing to automatically detect their language preferences for tbb.
As Torbutton has taught us, browsers send quite a bit of information with them. It seems like it would be helpful to automatically detect the user's language and operating system, via the User-Agent and Accept-Language headers.
That would require either using JavaScript on www.torproject.org or running a script on the web server. The latter would make mirroring the website much harder, so we're stuck with JavaScript if we take that path.
This would break for people who already use Torbutton, but at least we can detect Torbutton's User-Agent string, time zone, and other characteristics when it is enabled.
I ended up pointing them at tpo/torbrowser, which they also thought was confusing. The aforementioned desires weren't satisfied on this page, but at least they could find their preferred language. They all commented that back home, a 24MB file was too big, and can't they get it via bittorrent or some other piecemeal way? A 24mb file would take hours to download.
Torrents are already auto-generated somewhere, though I can't seem to find the link at the moment.
Moritz Bartl generates them and hosts them somewhere on torservers.net. Unfortunately, the script currently puts each package's GPG signature in a separate torrent from the package it signs.
Once they finally downloaded it, they all double clicked on their resulting zip file. In fact, all of the mac people ended up downloading the windows tbb and unzipped it correctly. In all cases, their operating system handled the zip file correctly. After fixing the mac people with mac tbb, we moved on to the next step.
None of them had pgp installed, and therefore no way to verify the .asc and zip file.
GPG4Win[1] somewhat usable, though it's still not as easy as Seahorse and such on Linux. Doesn't Microsoft have a built-in way to digitally sign binaries?
GPA (the main GUI tool shipped in GPG4Win) doesn't provide a way to check detached signatures, and GPGEx (the shell extension shipped in GPG4Win) isn't compiled for 64-bit Windows. (I don't know whether GPGEx provides a way to check detached signatures on 32-bit Windows installations.)
Windows does provide a way to check signatures on .exe files, but it uses the SSL trust model (i.e. any member of the ‘Authenticode’ equivalent of the ‘SSL mafia’ can issue a code-signing certificate with any signer name). It is possible to verify the fingerprint of the certificate for the key which actually signed the program file, but users are unlikely to do that.
Most of them figured out to click inside the resulting folder and start the 'start tor browser' program. For all of the macs, the tbb didn't start. The people had to restart the system and then clicking on 'start tor browser' worked as expected.
As tbb was starting up, nearly all of them clicked on 'start tor browser' one to three times more, because they didn't see anything starting up. In fact, it was starting, it just wasn't instantaneous. I worry about forcing a splash screen that announces "I'm using Tor!" on the screen, but at the same time, it would let users know that tbb is starting.
This is a problem among many users, though one that is rather unrelated to anything Tor-specific. The solution to this is probably better startup notification systems, but that's very much out of scope for Tor.
We can't fix design flaws in the host operating system or desktop environment from within Tor Browser Bundle. But we can display a small splash screen the first time a user starts TBB, and allow the user to select a more discreet startup indicator or none at all for future use.
Robert Ransom
On Fri, 13 May 2011 18:09:04 -0400 katmagic the.magical.kat@gmail.com wrote:
As Torbutton has taught us, browsers send quite a bit of information with them. It seems like it would be helpful to automatically detect the user's language and operating system, via the User-Agent and Accept-Language headers.
For a long time, we at Tor have had a love/hate relationship with javascript. We want the website to work well without it, but at the same time, having it would make our site more usable to those with it enabled.
-
Andrew Lewman -
intrigeri -
katmagic -
Lucky Green -
Mike Perry -
Robert Ransom