18:59:39 <asn> #startmeeting onion UX 18:59:39 <MeetBot> Meeting started Wed Nov 22 18:59:39 2017 UTC. The chair is asn. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:59:39 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 18:59:49 <asn> hey people 18:59:51 <isabela> legit 19:00:18 <asn> i admit i havent done lots of homework for today. i read the tickets on the pad. but havent thought muc habout them 19:00:20 <asn> https://pad.riseup.net/p/z39LXihQ6DB6_ux_onions 19:01:08 * asn waits for more people 19:01:39 <isabela> i read them 19:01:55 <asn> i tried to prioritize them on the pad as well 19:02:10 <isabela> yes 19:02:15 <isabela> i like that prioritization as well 19:02:19 <asn> who is tom on #23247 btw? 19:02:26 <asn> i think his suggestions are pretty good and well thought of 19:02:32 <isabela> mozilla 19:02:33 <isabela> i think 19:02:40 <isabela> yes 19:02:46 <asn> ah tjr? 19:02:53 <isabela> i stop working on it right by the time he commented 19:02:57 <isabela> so i never applied them 19:03:05 <isabela> asn: i think so 19:03:09 <asn> ack 19:03:29 <isabela> that was the next step 19:03:39 <isabela> apply his suggestions 19:03:59 <asn> apply them where? 19:04:02 <asn> on tor browser? 19:04:08 <asn> or on the google docs thing? 19:04:13 <isabela> to the doc where we were organizing how everything behave 19:04:16 <asn> ack 19:04:26 <isabela> then from there we would work on copy etc 19:04:26 * tjr is here, that's me yea 19:04:37 <isabela> for the behavior we want it to have 19:04:44 <isabela> tjr: ! :) 19:04:47 <tjr> "mozilla" :( 19:04:53 <isabela> aww :( sorry 19:05:02 <asn> tjr: i really like your recommendations 19:05:03 <tjr> I was tor first you know, for a long time ;) 19:05:04 <tjr> It's fine 19:05:12 <asn> i'd even suggest we can roll with them straight away 19:05:12 <isabela> :) 19:05:24 <asn> what's the benefit of putting them on the google docs first? 19:05:38 <asn> seems like lots of work to even make those screenshots 19:05:41 <asn> talkin about https://docs.google.com/document/d/1KHkj2DpmFMB0mjHEfehD5ztY2L0lQzKNtZqct1TXbmg/edit 19:06:14 <isabela> for working on the copy that would go with it? 19:06:23 <asn> what do you mean by copy? 19:06:43 <isabela> click on the padlock 19:07:08 <asn> ah, you mean the text that appears when u click on padlock 19:07:09 <asn> ? 19:07:11 <isabela> yes 19:07:23 <asn> ok that's important indeed 19:07:27 <isabela> hehehe 19:07:29 <asn> not sure why you call it a copy, but sounds good 19:07:45 <isabela> so yes 19:07:47 <asn> agreed that we should figure that out for sure 19:08:00 <isabela> create a table with the states listed and think of what copy goes with what, what repeats 19:08:03 <isabela> etc 19:08:10 <asn> agreed 19:08:14 <isabela> so update that google doc with it 19:08:17 <asn> seems like a fine first step 19:08:20 <isabela> we can pick that up easily 19:08:21 <asn> or well second step 19:08:59 <isabela> i can add that to our roadmap on december 19:09:05 <isabela> *for december 19:09:07 <asn> sounds good 19:09:14 <isabela> my english is messed up today 19:09:41 * isabela makes a note on the pad 19:09:56 <isabela> so 19:09:58 <antonela> do we need any mockup for it? or the spreadsheet/doc will be fine for the implementation 19:10:02 <isabela> what about those related tickets? 19:10:14 <isabela> asn: should we care about that? 19:10:29 <asn> havent thought too much about the children ticket im afraid 19:10:33 <isabela> k 19:10:35 <asn> #13410 and #21537 19:11:17 <asn> tjr: do u think these are important? 19:11:49 <tjr> 13410 is a specific sub-item of 23247 19:12:22 <tjr> 21537 is one of several fix-ups we will need to do for 23247 to function correctly in non-UI sense 19:12:53 <isabela> ah 19:12:58 <asn> do we know what's The Right Thing to do for both of those tickets? 19:13:09 <asn> (i don't. not good with web.) 19:13:17 <tjr> I have my opinions :) 19:13:32 <GeKo> ugh 19:13:36 <GeKo> sorry for being late 19:13:40 <isabela> oi GeKo ! 19:13:48 <isabela> is alright 19:13:50 <asn> tjr: ok, so it's sorta controversial, eh? 19:14:09 <asn> GeKo: o/ 19:14:11 <tjr> For 13410 it's "Close as a dupe of 23247" because in 23247 I say 'Onion over HTTP: Green' - that would remove the self-signed warning 19:14:14 <GeKo> let me read backlog 19:15:06 <tjr> For 21537 it's "HTTP .onion should be treated the same as HTTPS, therefore we should enable powerful browser APIs restricted to HTTPS, send and set cookies with the Secure attribute, and other subtle browser behaviors I'm not calling to mind right now" 19:16:12 <asn> tjr: these two suggestions make sense to me, without much pre-thinkng. 19:16:39 <isabela> yep 19:16:49 <GeKo> tjr: +1 19:16:58 <asn> great 19:17:16 <asn> seems like we know how to proceed with #23247 et al. 19:17:21 <isabela> yes 19:17:27 <isabela> tx tjr o/ 19:17:52 <asn> should we move to #21952, or more discusssion for #23247? 19:17:55 <GeKo> asn: fwiw i liked your prioritization (as well) 19:18:23 <isabela> asn: i think we should do just highlevel next steps and catch up in another meeting 19:18:25 <GeKo> re #23247 19:18:39 <asn> isabela: agreed 19:18:45 <GeKo> i think we should not mess with TLS indicators in the url bar or somewhere else 19:18:58 <GeKo> not sure if that came up or not already 19:19:08 <asn> what's TLS indicator? isn't that the padlock? 19:19:13 <GeKo> yes 19:19:15 <asn> (which we are gonna mess up with?) 19:19:21 <isabela> yes 19:19:23 <isabela> hehe 19:19:43 <GeKo> it seems e.g. showing a green padlock for some .onion is highly misleading 19:20:04 <GeKo> i liked the idea of having kind of an onion icon instead 19:20:09 <isabela> ah 19:20:10 <isabela> yes 19:20:14 <isabela> we will do that for sure 19:20:22 <GeKo> okay, good 19:20:23 <isabela> it will be a whole behavior for .onion 19:20:23 <asn> hmmm 19:20:44 <antonela> +1 with the onion icon for .onions 19:20:45 <asn> wait an onion icon is a whole different thing 19:20:46 <isabela> to make sure users understands that this is when you are on .onion only 19:20:52 <GeKo> we could have agreen .onion for a .onion domain with an ev cert if we want 19:21:12 <GeKo> asn: good that i brought it up then, i guess :) 19:21:15 <asn> im no ux expert, but isn't an onion icon gonna confuse people? 19:21:16 <isabela> asn: sorry that was not clear 19:21:31 <asn> whereas the padlock is part of web DNA by now 19:21:32 <isabela> asn: no, will validate they are connected via .onion 19:21:40 <isabela> because i am not just on web 19:21:56 <isabela> i am on tor with .onion and this will be helpful for the user 19:22:16 <isabela> they are using something they know is not the same as .com 19:22:24 <antonela> is a good feedback for users 19:22:28 <asn> ok 19:22:43 <asn> i dont think this is what tjr had in mind in his #23247 comment 19:22:50 <asn> except maybe he did 19:23:04 <asn> but anyhow, either padlock or onion is good with me 19:23:09 <isabela> i think we can still use those states 19:23:27 <isabela> and communicate it with another icon and copy 19:23:46 <tjr> Hm. I did not have an onion in mind, but I think it could work... 19:24:04 <asn> ack sounds good 19:24:08 <isabela> that is where antonela comes to play 19:24:09 <isabela> :) 19:24:15 <asn> so we will need to design various onion icons and stuff 19:24:42 <antonela> :) 19:24:43 <antonela> yes 19:24:44 <asn> sounds good to me 19:24:46 <GeKo> yes 19:24:51 <antonela> I can work on some options 19:25:12 <GeKo> and i think this would make upstreamingg patches into e.g. firefox much easier 19:25:21 <GeKo> if we want that 19:25:42 <antonela> +1 geko 19:25:48 <GeKo> while there would be a ton of resistance if we messed with the padlock and TLS indicators 19:26:20 <asn> ack 19:26:24 <isabela> agree 19:28:51 <isabela> onion everwhere? 19:28:54 <asn> ok 19:28:55 <isabela> *everywhere 19:28:59 <asn> next topic #21952 19:29:21 <asn> #21952 is not entirely onion everywhere 19:29:30 <asn> it's more about sites easily redirecting people to their onions 19:29:47 <asn> #19812 is about onion everywhere (a firefox addon like https eveyrwhere for onions) 19:29:47 <isabela> yes 19:29:57 <asn> i wrote a proposal for #21952: https://lists.torproject.org/pipermail/tor-dev/2017-November/012595.html 19:30:06 <asn> there are some needed fixes based on feedback 19:30:15 <GeKo> i wonder if we should start with a tbb-spec thing and your proposal could be no. 1 in it 19:30:26 <asn> we could 19:30:29 <GeKo> err tbb-proposal thing 19:30:38 <asn> does not seem to be tor-spec material, but perhaps it is 19:30:49 <GeKo> no, i don't think this is tor-spec material 19:30:58 <GeKo> let me think a bit about that 19:31:03 <asn> i havent heard much resistance about the proposal, except from alec's counter proposal 19:31:14 <asn> but i think alec's counter proposal is kinda orthogonal, and something that could be done in the future as well 19:31:22 <asn> and harder to do than our proposal 19:31:38 <isabela> i havent read this 19:31:49 <GeKo> i think we should not use the alt-svc header 19:31:55 <asn> GeKo: yep we shouldn't 19:32:03 <asn> GeKo: we should probably introduce our own 19:32:41 <GeKo> i am not sure about that. i don't feel strongly about it right now 19:32:50 <GeKo> but what i think we should do is 19:33:08 <GeKo> a) update the state in the url bar domain, so that a users sees where they are 19:33:19 <GeKo> b) start with making this opt in 19:33:47 <antonela> i do - 3.1 -> instead of auto-redirecting, why dont we ask? "Tor Browser found a secure .onion site, do you want to go there?" Of course, we need a better copy. 19:33:50 <GeKo> like showing a notification about a possible opportunity to visit a .onion domain instead 19:34:08 <isabela> yes 19:34:11 <antonela> yes! 19:34:38 <asn> sounds good to me 19:34:52 <asn> perhaps opt-in (like antonela suggested) is a better design for now 19:35:09 <antonela> i think geko wrote the same idea 19:35:12 <asn> yep yep 19:35:16 <GeKo> if users get annoyed by the notification bar we could give them a pref to flip 19:35:24 <asn> agreed 19:35:27 <isabela> yes 19:35:31 <antonela> yes 19:36:29 <asn> and all these based on some sort of HTTP header that we havnet yet decided fully 19:36:33 <asn> right? 19:36:48 <GeKo> what exactly are the pros for an own header? 19:36:55 <GeKo> why can't we just use Location? 19:37:40 <GeKo> let me reread tjr's mail... 19:37:46 <asn> if we use Location 19:37:51 <asn> then the sites have to also auto-detect Tor users 19:37:56 <asn> otherwise they will redirect even normal users to onions 19:38:10 <asn> whereas with Onion-Location (or whatever), TorBrowser will be the only consumer of that hader 19:38:56 <GeKo> hrm 19:39:13 <GeKo> so you assume they send the header to anybody and just .onion aware browsers react? 19:39:40 <asn> ye... i guess that's what im assuming 19:39:43 <asn> doesnt sound very good tho 19:39:52 <asn> perhaps for bandwidth reasons 19:40:00 <GeKo> yes 19:40:08 <GeKo> i think i am with alec in that regard 19:41:14 <GeKo> hm, okay. i think i need to think more about that particular point 19:41:18 <asn> agreed 19:41:26 <asn> probs now is not the time to do it 19:41:40 <asn> (i also have to disappear in a bit) 19:41:44 <GeKo> yes 19:41:54 <asn> anything else to talk about here? 19:42:05 <isabela> so we do just the first item that was prioritized for now 19:42:12 <isabela> i will ping ppl about following up on this 19:42:12 <asn> aha 19:42:16 <asn> ok 19:42:17 <GeKo> anyway that should not stop us from planning the ux work 19:42:23 <isabela> yes 19:42:29 <isabela> we can start that part too 19:42:31 <GeKo> as this is orthogonal to which header we use 19:42:33 <asn> i'm fine with doing another meeting btw, perhaps next week. there seem to be a whole lotta things we can discuss... 19:42:43 <GeKo> works for me 19:42:46 <isabela> GeKo: as long something works in the back end hehehe 19:42:54 <isabela> we can come up with the notification and copy 19:43:27 <isabela> meeting next week works for me too 19:43:31 <isabela> same time? 19:43:45 <antonela> works for me :) 19:43:48 <asn> sounds good 19:44:23 <asn> ok great :) 19:44:39 <isabela> :) 19:44:51 <asn> so i guess we done here (closing meetbot in a sec) 19:44:53 <GeKo> i try to get the bus earlier i guess :) 19:45:08 <GeKo> s/get/catch/ 19:45:16 <asn> #endmeeting