#tor-meeting log

19:02:01 <isabela> #startmeeting ux and tb teams sync o/
19:02:01 <MeetBot> Meeting started Wed Apr 18 19:02:01 2018 UTC.  The chair is isabela. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:02:01 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:02:14 <isabela> last min change to the agenda :)
19:02:25 <isabela> we will do
19:02:26 <isabela> #25764
19:02:30 <sysrqb> :o
19:02:31 <isabela> instead of about:tor
19:02:34 <isabela> sysrqb: hahaha
19:02:38 <antonela> (:
19:02:53 <isabela> and security controls :)
19:03:03 <isabela> antonela: want to share about circuit displays?
19:03:05 <antonela> lets start with the "easy" one
19:03:06 <antonela> yes
19:03:12 * dmr mostly lurks but would like to be involved for any discussion on #24309 (filed a long comment there)
19:03:21 <antonela> I updated mocks based on last week comments and included UI for tablets
19:03:25 <isabela> dmr: oi
19:03:27 <dmr> so I guess possibly also #25764
19:03:53 <antonela> last week comments were around "we need a better button, and we missed learn more link"
19:04:11 <antonela> i noticed a thing between firefox on tablets and firefox on phones
19:04:26 <dmr> isabela: do we have a pad/etc. for this meeting?
19:04:57 <antonela> if you see the mocks, UI for tablets have tabs, which we dont have at mobiles
19:05:34 <isabela> dmr: no, we normally talk here and update the tickets
19:05:38 <antonela> sysrqb, igt0: do you think is a problem? could we have a dark theme at tablets and a light theme at phones?
19:05:42 <dmr> isabela: cool, thanks :)
19:05:45 <isabela> np
19:06:09 <antonela> in that case, i know it isn't consistent, but I'm following firefox's ui
19:06:33 <sysrqb> hmm
19:06:52 <antonela> imo i think we should have the same theme everywhere (dark of course)
19:07:07 <GeKo> like darknet
19:07:12 <sysrqb> shhhh :)
19:07:16 <antonela> :#
19:07:17 <GeKo> oops
19:07:24 <isabela> lol
19:07:43 <mcs> I don’t understand the light vs. dark issue.
19:08:04 <mcs> How is that related to tablets and tabs? (maybe I should use Android more)
19:08:14 <igt0> me neither
19:08:39 <antonela> nono, is not related with the browser UI, but with the OS when the app is running
19:09:02 <antonela> you can see it at the the status bar
19:09:08 <sysrqb> hmm, i wonder if that's related to the full-screen pref
19:09:16 <sysrqb> i'll need to experiment
19:09:16 <isabela> hmm
19:09:24 <isabela> do we control this or the user?
19:09:25 <sysrqb> but yes, i'd like having the same UI
19:10:01 <antonela> I think we control it, the app control it
19:10:11 <sysrqb> under Settings->General, there's a Full-screen browsing
19:10:20 <sysrqb> i wonder if that is enabled on phone and disabled on tablet?
19:10:29 <sysrqb> i don't know right now
19:10:46 <sysrqb> maybe that hides the tabs on phone by default (?)
19:10:56 <sysrqb> i'll do some testing and update the ticket
19:11:03 <igt0> ah got it.
19:11:04 <sysrqb> unless igt0 or mcs know?
19:11:27 <dmr> there's only limited space on the phone width, so I think the tabs logically should go under the [1] box to the right of the address
19:11:41 <mcs> I don’t know. But trying to be different than Firefox might be more work for us :)
19:11:50 <antonela> https://share.riseup.net/#U1QcfD8SIusj96uDSY5R_g
19:12:01 <antonela> ^ i'm taking about this
19:12:05 <isabela> hehe
19:12:07 <isabela> mcs: i agree
19:12:24 <arthuredelstein> For non-https sites (like http://cnn.com) is there an icon in the URL bar in Firefox Android already?
19:12:25 <antonela> oh are tabs a setting?
19:12:54 <antonela> mcs: yep, this is why i'm following them
19:13:52 <arthuredelstein> (I mean where the lock or onion is for https and .onion sites)
19:13:57 <sysrqb> i don't think we should spend much time on this, if being consistent is easy, then great
19:14:03 <sysrqb> if it's not easy, then it'll be okay :)
19:14:08 <isabela> :)
19:14:09 <isabela> agree
19:14:11 <antonela> cool
19:14:54 <sysrqb> arthuredelstein: cnn.com redirects to https (but mixed-content)
19:14:55 <antonela> just wanted to make a comment about that because the UI on tables is not the same as desktop and is not the same at phones
19:15:14 <isabela> but is following FF
19:15:17 <antonela> yep
19:15:19 <isabela> :)
19:15:19 <antonela> that
19:15:19 <sysrqb> there isn't an icon, but if i click on the tabs button, i see a cnn icon
19:15:28 <arthuredelstein> sysrqb: Oops, bad example. How about http://www.example.com
19:15:43 <sysrqb> :)
19:15:55 <sysrqb> antonela: yeah, no worries
19:16:07 <antonela> sysrqb: super
19:16:20 <arthuredelstein> sysrqb: What I'm saying is, if tapping the lock icon is how users see the Tor circuit, then we need an icon for non-https sites so users can see the circuit then as well.
19:16:25 * GeKo is in the "follow mozilla camp", too
19:16:27 <sysrqb> arthuredelstein: yes? there's a globe-thing as the favicon?
19:17:32 <sysrqb> ah
19:17:49 <sysrqb> arthuredelstein: okay,  yes (sorry, missed your last message)
19:17:52 <sysrqb> yes, there is an icon
19:17:52 <antonela> arthuredelstein: websites without padlock have [i] icon
19:18:03 <antonela> so, users can tap into it anyways
19:18:47 <arthuredelstein> antonela: That sounds good. Somehow I think I had the wrong impression. Sorry for the noise :)
19:19:28 <isabela> :) np!
19:19:31 <antonela> oh no worries, im checking just in case
19:19:36 <isabela> should we go to security controls?
19:19:52 <antonela> yes confirmed, they have right now something like a globe icon
19:20:09 <arthuredelstein> perfect
19:20:44 <sysrqb> security controls sound good :)
19:21:07 <isabela> alright! antonela whats new?
19:21:24 <antonela> well, i had an idea and i hope i can explain it in the right way
19:22:01 <antonela> last week we talked about the iconography and i tried a lot of those ideas ( i exported an artboard with them)
19:22:38 <antonela> some of them can be sucessfull some not, but in the middle i were wondering how users can understand the feature better
19:22:40 <isabela> :D
19:23:40 <antonela> as I said in the comment, the main idea is: can we simplify the choices?
19:23:50 <antonela> can we have instead of three levels, two?
19:24:26 <antonela> and of course, you are hating me now, because you worked a lot on the slider and on this feature but
19:24:39 <antonela> what if we make a feature that people can understand?
19:24:39 <isabela> hehe :)
19:25:01 <antonela> what if we find a way to make it customizable enough for heavy users but easy to understand for normal users?
19:25:58 <brade> antonela: I am concerned that users may think that they are toggling the security for only the current tab (rather than the whole browser)
19:26:10 <antonela> good point
19:26:15 <GeKo> antonela: what do you mean by "customizable enough"?
19:26:17 <mcs> Also, in the past, we have avoiding allowing per-user customization of these kind of settings due to fingerprinting risks (that’s why we have only a few choices).
19:26:27 <GeKo> just that
19:26:33 <mcs> and I would be concerned that two choices is too few
19:26:37 <mcs> but I don’t know
19:26:46 <GeKo> i tend to agree
19:26:47 <sysrqb> it might be nice knowing how many people actually use safest vs safer mode
19:26:57 <GeKo> that too
19:27:00 <sysrqb> but getting that information is nearly impossible
19:27:00 <antonela> sysrqb: yes
19:27:24 <arthuredelstein> I think one way to simplify would be to have two settings for http sites and two settings for https sites.
19:27:30 <sysrqb> (how many people choose disabling all javascript?)
19:27:42 <arthuredelstein> In this case 2 + 2 = 3 :)
19:27:48 <sysrqb> good math
19:27:55 <isabela> hehe
19:28:10 <arthuredelstein> That was my motivation behind #22981
19:28:41 * isabela would try not to remove high level security options even if very few ppl uses them
19:29:10 <GeKo> antonela: what speaks against going with the proposal we currently have and start a new one were we argue for just two options if we really want that?
19:29:15 <antonela> GeKo: by customizable enough im trying to say that if advanced users want to set more settings, then they could have chance to do it on advanced settings
19:29:28 <GeKo> we want to avoid exactly that
19:29:37 <antonela> why?
19:30:04 <GeKo> because then we have the problem again that the set of options you check might make you easier to fingerprint
19:30:16 <isabela> yes
19:30:38 <GeKo> because there is the risk that you activate options that *togethe* no one else has activated
19:30:41 <GeKo> or not many people
19:30:46 <isabela> i would split (keep the current proposal and then create a new one for the 2 options and do that one later maybe?)
19:30:47 <antonela> GeKo: re proposal -> yes sure, since we have someone thinking about this problem right now, i'm sharing this idea
19:31:00 <GeKo> that's exactly the problem with enabling random preferences in about:config
19:31:07 <antonela> i see
19:31:29 <GeKo> so, we should not have the checkboxes shown in one of your mockups
19:32:19 <antonela> because the list might grow up and having mixing preferences will broke everything
19:32:25 <antonela> got it
19:32:29 <arthuredelstein> One of the advantages of #22981 is that it makes it difficult to fingerprint medium vs high on http sites and low vs medium on https sites.
19:33:35 <GeKo> antonela: looking at the icons i think the shields showing empty, half-filled and fully filled look interesting to me
19:33:57 <antonela> GeKo: is the pospeselr idea :)
19:33:58 <GeKo> i wonder if that'd be a thing users would understand
19:34:03 <isabela> yes i like that too
19:34:23 * sysrqb makes a note to look at #22981
19:34:54 <antonela> I also wonder how much people understand the implications of having a safer/safest modes, besides the fact that the content is not loading
19:34:56 <isabela> GeKo: i think we can build that understanding with the onboarding and other stuff
19:35:00 <mcs> Another thing I like about the “fill” concept is that once users learn it, they can recognize it easily even with small icon sizes.
19:35:11 <isabela> yep
19:35:13 <GeKo> +1
19:35:31 <brade> +1
19:35:37 <GeKo> yes, my hope is that onboarding could be pretty helpful here
19:35:46 * isabela steps out for a 3min!
19:35:57 <antonela> yes, the filling can be reinforced with a microanimation (don't freakout, can be a gif)
19:36:13 <igt0> q.q. Why an user would like an empty shield? (How are we going to communicate that a empty shield is not "bad"?)
19:36:26 <antonela> indeed
19:36:45 <antonela> the problem with the icons is that the first icon (the default) always looks like something is not good
19:36:47 <GeKo> igt0: well, it's still a shield, right?
19:36:54 <GeKo> so, much better than nothing
19:37:17 <igt0> yep, however i am wondering if everyone wants a full shield and the few sites start to break
19:37:26 <GeKo> (i.e. better than anything else out there private browsing wise)
19:37:36 <antonela> ha yep
19:38:15 <GeKo> sure, everyone wants to get the full flavor, and the highest security mode and having a working internet :)
19:38:47 <antonela> allthethings!
19:38:54 <GeKo> and moar!
19:39:00 <sysrqb> if you break it, you can keep all the pieces
19:39:11 <dmr> antonela, GeKo, isabela, arthuredelstein: as a former "advanced user" who likes to customize things... I _definitely_ did so before the move to 3 settings. I agree that having 2 settings, and the second setting having a bunch of checkboxes... would be a bad move for "advanced" users who don't know better.
19:39:32 <sysrqb> yup
19:39:37 <antonela> yep
19:39:41 <GeKo> which is basically almost all of them
19:40:11 <antonela> our Persona = "advanced" users who don't know better
19:40:14 <antonela> i like it
19:40:25 <isabela> back
19:40:48 <sysrqb> heh, yeah, don't put that in writing :)
19:41:44 <isabela> did y'all decided everything already?
19:41:46 <isabela> :)
19:41:51 <antonela> anw, for sure we can think about it later, but adding icons + onboarding may solve some problems but i think that this feature can give more to users than that
19:42:10 <antonela> that said, i can continue working with the shield filling idea :)
19:42:23 <GeKo> yes, that sounds useful to me
19:42:25 <pospeselr> woo :)
19:42:47 <antonela> :D
19:42:54 <isabela> yes
19:43:04 <mcs> Do we think shield icons are more often associated with privacy (and lock icons with security)? Is that a problem?
19:43:23 <isabela> so i looked around
19:43:24 <mcs> e.g., Firefox uses a shield for tracking protection
19:43:26 <antonela> i didnt worked on about:tor this week yet, because i was reading a lot about our security slider but I'll have updates on that for this week
19:43:35 <isabela> and lock and shield seems to be used for privacy
19:43:38 <isabela> locks are more
19:43:43 <isabela> i guess cuz of https
19:43:47 <isabela> not sure
19:43:52 <dmr> antonela, sysrqb: well it is _in_ writing in our meeting notes now! but it's my words and I'm fine with that being attributed to me, haha
19:43:56 <antonela> i have a lot of screenshots here -> https://www.dropbox.com/sh/xh4x6yjc79otjif/AABMQvwzfKyyIlH8DgEoDvVXa?dl=0
19:44:02 <isabela> :)
19:44:22 <antonela> chrome for example is using shields for privacy and locks for security
19:44:29 <antonela> https://www.dropbox.com/s/rte8bc64r95l13n/myaccount-google-privacy.png?dl=0
19:44:35 <antonela> https://www.dropbox.com/s/4w3tk8ltqd7kp0a/myaccount-google-security.png?dl=0
19:44:35 <sysrqb> hrm
19:45:02 <sysrqb> we probably don't want to confuse privacy and security here
19:45:35 <antonela> android's security icon is a lock
19:45:43 <sysrqb> mcs: good point
19:46:24 <sysrqb> yeah, these are specifically security improvements, not privacy improvements :(
19:46:26 <GeKo> well, you could do the "filling trick" with locks, too
19:46:29 <sysrqb> silly icons for usability
19:46:40 <sysrqb> yeah, that might work
19:46:45 <isabela> yeah we can fill anything :)
19:46:55 <antonela> the lock for security seems associated with passwords, and then you have another security things besides passwords
19:47:25 <antonela> https://material.io/icons/
19:47:26 <isabela> i would say lock with privacy
19:47:38 <GeKo> yes, that was a good point mcs
19:47:39 <antonela> https://design.firefox.com/icons/viewer/
19:47:59 <arthuredelstein> What about some kind of helmet? :)
19:48:04 <dmr> I agree that the lock is used for security, but its use is probably overloaded now. (Think not just _browsers_, but also all the websites that put a lock in their content somewhere...)
19:48:15 <sysrqb> maybe large onion with lock inside? and then color the onion for high security
19:48:53 <antonela> arthuredelstein: can you elaborate that? i like it
19:48:59 <sysrqb> dmr: right, but what do users associate with security?
19:49:04 <isabela> what i did was random image searches for privacy or privacy icon, then security then anonymity.. privacy had mostly locks
19:49:11 <pospeselr> iirc, windows defender (microsoft's built in anti-virus) uses a shield icon
19:49:16 <pospeselr> as does the UAC prompt
19:49:24 <sysrqb> dmr: if we want a user to look at something and think "oh, thi is related to tmy security" what should that icon be?
19:49:29 <antonela> oh and have an slider -> https://www.dropbox.com/s/m5q96tknhqv3oer/ie-security-settings.gif?dl=0
19:49:36 <arthuredelstein> antonela: a safety helment or a knight's helmet, or something like that
19:49:44 <arthuredelstein> just to be different from both locks and shields
19:49:54 <pospeselr> if you're looking for prior art of shield implies security
19:49:54 <antonela> yes
19:49:54 <isabela> do we want them to associated it with security or privacy? I would say privacy
19:49:58 <GeKo> lol ie security settings
19:50:06 <antonela> is security
19:50:10 <isabela> hmm
19:50:13 <sysrqb> heh, sure :)
19:50:18 <isabela> is security slider the name yes
19:50:18 <antonela> arthur i like the knight's helmet
19:50:24 <isabela> but the security is to guarantee privacy
19:50:25 <isabela> right?
19:50:28 <antonela> i see isa
19:50:31 <antonela> 's question
19:50:35 <arthuredelstein> https://www.gettyimages.com/detail/illustration/safety-helmet-icon-royalty-free-illustration/636645202
19:50:57 <antonela> https://thenounproject.com/search/?q=knights%20helmet
19:51:00 <mcs> My random Google searches tell me that people use shields for security too… so maybe that is a fine choice :)
19:51:22 <dmr> sysrqb: I honestly think most users conflate "privacy" and "security", but there's also an argument that they're super-related
19:51:34 <sysrqb> as long as it doesnt confuse users, i think the shield is good
19:51:36 <antonela> arthuredelstein: looks like a builder :)
19:51:40 <sysrqb> but we simply must be careful about that
19:51:40 <brade> I’m not sure the safety helmet will be recognizable across various cultures; the “cuts” in the helmet are odd
19:52:15 <antonela> brave browser used to have a helmet somewhere
19:52:17 <isabela> yep
19:52:18 <GeKo> it seems google uses a lock inside a shield sometimes for security stuff, hm
19:52:19 <pospeselr> brade: same
19:52:21 <sysrqb> dmr: right, that's a tangential problem :)
19:52:24 <isabela> brade: +1
19:52:56 <antonela> so yes, between shields and locks is the situation
19:53:00 <sysrqb> hrm, should we bikeshed on a ticket or email thread?
19:53:18 <antonela> ticket maybe?
19:53:22 <isabela> sure
19:53:35 <antonela> i'm not sure when I should use the list and when update the ticket
19:53:36 <sysrqb> i guess we're almost at an hour :)
19:53:47 <dmr> I agree with the shield, but perhaps the choice should be put to user testing?
19:53:48 <sysrqb> so we can continue for another 5 min if everyone wants
19:53:58 <GeKo> heh
19:54:12 <antonela> dmr: yes, everything should pass user testing
19:54:35 <GeKo> looking at firefox's tracking protection stuff: it seems to me the shield is refering to the *protection* part
19:54:38 * isabela will have to leave in 5 for sure
19:54:46 <pospeselr> I'm not sure how you could indicate degree of security with a helmet icon, without resorting to color
19:54:55 <brade> +1
19:55:08 <antonela> well, is part of the process ha
19:55:09 <pospeselr> or like, 3 separate helmets, each with more crazy spikes and horns a la World of Warcraft :p
19:55:14 <antonela> lol
19:55:14 <brade> lol
19:55:22 <pospeselr> yeah
19:55:38 <isabela> lol
19:55:40 <mcs> “Do I want the one with horns or not?”
19:55:42 <dmr> antonela: sorry, I guess I meant... present both to user subsets for testing to see what they understand better
19:55:42 <GeKo> and the slider means to protect, too
19:55:45 <sysrqb> antonela: i think mailing lists are slightly better for discussion, and ticket for traking implmenetation
19:55:49 <antonela> okeyyy i think we are in the same line that we want three levels and we want icons. I'll continue working on it people and back to the ticket with updates
19:55:51 * isabela wonders if we could talk in the email list
19:55:58 <sysrqb> antonela: but "whatever you think is best" is usually good
19:56:04 <GeKo> so, i think i am not sold to the shield = privacy argument
19:56:06 <isabela> about the question of what we would like the user to understand that is about: security, protection, privacy?
19:56:10 <isabela> all the same?
19:56:20 <isabela> does that even matter ? :)
19:56:28 * mcs is coming around to GeKo’s point of view.
19:56:32 <GeKo> yes it does
19:56:33 <dmr> GeKo: I agree
19:56:40 <antonela> geko, me either
19:56:43 <isabela> k
19:56:43 <isabela> :)
19:56:53 <GeKo> we should definitely make a distinction between secuity and privacy
19:57:00 <isabela> ok
19:57:01 <GeKo> and there are good arguments for that
19:57:02 <antonela> we should
19:57:06 <antonela> yes
19:57:14 <GeKo> *security
19:57:17 <arthuredelstein> somehow we should make that distinction more clear for users I think
19:57:25 <mcs> I agree we should make a distinction but I also think a lot of people and products do not.
19:57:34 <arthuredelstein> because I think many users don't understand this distinction as it exists in Tor Browser.
19:57:36 <sysrqb> right. the icon doesn't matter as long as we get that point across to the user
19:57:42 <GeKo> and both things offer protection to get the third concept into the boat
19:57:43 * isabela would like to understand how folks would epxlain that
19:57:47 <isabela> *explain
19:57:48 <GeKo> albeit against different threats
19:58:09 <dmr> mcs: I agree; but this is largely tangential as sysrqb brought up
19:58:14 <pospeselr> this icon debate is about the button indicating the security slider level right?
19:58:14 <GeKo> sure i am all for making it more clear if we can
19:58:20 <GeKo> pospeselr: yes
19:58:22 <antonela> yes
19:58:24 <arthuredelstein> Next to the security slider we should say "this protects against security; privacy is already protected against)
19:58:27 <arthuredelstein> "
19:58:27 <flexlibris> [community team meeting is about to start my good people]
19:58:37 <dmr> flexlibris: o/
19:58:41 <isabela> !
19:58:43 <antonela> flexlibris: leaving now
19:58:43 <pospeselr> flexlibris: heyo!
19:58:44 <isabela> vixe maria ppl
19:58:45 <sysrqb> arthuredelstein: yeah, maybe maybe
19:58:46 <isabela> we need to go to ml
19:58:47 <isabela> :)
19:58:51 <flexlibris> lol sorry!
19:58:52 <isabela> i will kill the bot ok
19:58:53 <isabela> :)
19:58:54 <sysrqb> flexlibris: hi! :)
19:58:56 <flexlibris> hi!
19:58:57 <isabela> ?
19:59:10 <sysrqb> okay, we can continue on a mailing list
19:59:10 * isabela kills it!!
19:59:14 <isabela> #stopmeeting
19:59:15 <sysrqb> o/
19:59:17 <isabela> ops!
19:59:17 <antonela> oka
19:59:19 <isabela> #endmeeting