Description
Since Tor Browser 15.0 (and some of 14.5), Tor Browser requires a restart to change the security level. See the issue tracker on gitlab. The current SecureDrop banner that instructs visitors to change their security level is now outdated.
Steps to Reproduce
Set Tor Browser to the "Standard" or "Safer" security level and restart.
Visit https://securedrop.org/directory/washington-post/.
Expected Behavior
If you want any instructions, they should let the user know that they can change the security level in their browser security settings, and they may need to restart the browser and revisit the website.
Actual Behavior
The banner says
Your Tor security settings are too low!
Set your Tor security level to "Safest" for maximum protection
- Click the shield icon in the browser toolbar
- Click Advanced Security Settings
- Select Safest and close the Preferences tab
- Refresh the page
Note, there are a few problems with this:
- "Advanced Security Settings" does not existing in the UI.
- Changing security level will require a restart, which means the SecureDrop web page will be lost between sessions.
Comments
Note that we (tor browser developers and UX) are currently responding to changes in Firefox's settings design for the 16.0 release, so I wouldn't write your instructions in a way that depends too heavily on the current settings layout. However, it is generally expected for this to remain under "Security level".
Here's are some example instructions that currently work:
- Open your browser settings and navigate to the "security level" settings.
- Change your "security level" to "Safest" and restart Tor Browser.
- Reconnect to Tor and revisit this page.
Or
- Open your browser settings and search for "security level".
- Change your "security level" to "Safest" and restart Tor Browser.
- Reconnect to Tor and revisit this page.
Or
- Click the shield icon in the browser toolbar.
- Click "Settings…".
- Change your "security level" to "Safest" and restart Tor Browser.
- Reconnect to Tor and revisit this page.
Description
Since Tor Browser 15.0 (and some of 14.5), Tor Browser requires a restart to change the security level. See the issue tracker on gitlab. The current SecureDrop banner that instructs visitors to change their security level is now outdated.
Steps to Reproduce
Set Tor Browser to the "Standard" or "Safer" security level and restart.
Visit
https://securedrop.org/directory/washington-post/.Expected Behavior
If you want any instructions, they should let the user know that they can change the security level in their browser security settings, and they may need to restart the browser and revisit the website.
Actual Behavior
The banner says
Note, there are a few problems with this:
Comments
Note that we (tor browser developers and UX) are currently responding to changes in Firefox's settings design for the 16.0 release, so I wouldn't write your instructions in a way that depends too heavily on the current settings layout. However, it is generally expected for this to remain under "Security level".
Here's are some example instructions that currently work:
Or
Or