#tor-meeting log

18:59:39 <asn> #startmeeting onion UX
18:59:39 <MeetBot> Meeting started Wed Nov 22 18:59:39 2017 UTC.  The chair is asn. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:59:39 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
18:59:49 <asn> hey people
18:59:51 <isabela> legit
19:00:18 <asn> i admit i havent done lots of homework for today. i read the tickets on the pad. but havent thought muc habout them
19:00:20 <asn> https://pad.riseup.net/p/z39LXihQ6DB6_ux_onions
19:01:08 * asn waits for more people
19:01:39 <isabela> i read them
19:01:55 <asn> i tried to prioritize them on the pad as well
19:02:10 <isabela> yes
19:02:15 <isabela> i like that prioritization as well
19:02:19 <asn> who is tom on #23247 btw?
19:02:26 <asn> i think his suggestions are pretty good and well thought of
19:02:32 <isabela> mozilla
19:02:33 <isabela> i think
19:02:40 <isabela> yes
19:02:46 <asn> ah tjr?
19:02:53 <isabela> i stop working on it right by the time he commented
19:02:57 <isabela> so i never applied them
19:03:05 <isabela> asn: i think so
19:03:09 <asn> ack
19:03:29 <isabela> that was the next step
19:03:39 <isabela> apply his suggestions
19:03:59 <asn> apply them where?
19:04:02 <asn> on tor browser?
19:04:08 <asn> or on the google docs thing?
19:04:13 <isabela> to the doc where we were organizing how everything behave
19:04:16 <asn> ack
19:04:26 <isabela> then from there we would work on copy etc
19:04:26 * tjr is here, that's me yea
19:04:37 <isabela> for the behavior we want it to have
19:04:44 <isabela> tjr: ! :)
19:04:47 <tjr> "mozilla" :(
19:04:53 <isabela> aww :( sorry
19:05:02 <asn> tjr: i really like your recommendations
19:05:03 <tjr> I was tor first you know, for a long time ;)
19:05:04 <tjr> It's fine
19:05:12 <asn> i'd even suggest we can roll with them straight away
19:05:12 <isabela> :)
19:05:24 <asn> what's the benefit of putting them on the google docs first?
19:05:38 <asn> seems like lots of work to even make those screenshots
19:05:41 <asn> talkin about https://docs.google.com/document/d/1KHkj2DpmFMB0mjHEfehD5ztY2L0lQzKNtZqct1TXbmg/edit
19:06:14 <isabela> for working on the copy that would go with it?
19:06:23 <asn> what do you mean by copy?
19:06:43 <isabela> click on the padlock
19:07:08 <asn> ah, you mean the text that appears when u click on padlock
19:07:09 <asn> ?
19:07:11 <isabela> yes
19:07:23 <asn> ok that's important indeed
19:07:27 <isabela> hehehe
19:07:29 <asn> not sure why you call it a copy, but sounds good
19:07:45 <isabela> so yes
19:07:47 <asn> agreed that we should figure that out for sure
19:08:00 <isabela> create a table with the states listed and think of what copy goes with what, what repeats
19:08:03 <isabela> etc
19:08:10 <asn> agreed
19:08:14 <isabela> so update that google doc with it
19:08:17 <asn> seems like a fine first step
19:08:20 <isabela> we can pick that up easily
19:08:21 <asn> or well second step
19:08:59 <isabela> i can add that to our roadmap on december
19:09:05 <isabela> *for december
19:09:07 <asn> sounds good
19:09:14 <isabela> my english is messed up today
19:09:41 * isabela makes a note on the pad
19:09:56 <isabela> so
19:09:58 <antonela> do we need any mockup for it? or the spreadsheet/doc will be fine for the implementation
19:10:02 <isabela> what about those related tickets?
19:10:14 <isabela> asn: should we care about that?
19:10:29 <asn> havent thought too much about the children ticket im afraid
19:10:33 <isabela> k
19:10:35 <asn> #13410 and #21537
19:11:17 <asn> tjr: do u think these are important?
19:11:49 <tjr> 13410 is a specific sub-item of 23247
19:12:22 <tjr> 21537 is one of several fix-ups we will need to do for 23247 to function correctly in non-UI sense
19:12:53 <isabela> ah
19:12:58 <asn> do we know what's The Right Thing to do for both of those tickets?
19:13:09 <asn> (i don't. not good with web.)
19:13:17 <tjr> I have my opinions :)
19:13:32 <GeKo> ugh
19:13:36 <GeKo> sorry for being late
19:13:40 <isabela> oi GeKo !
19:13:48 <isabela> is alright
19:13:50 <asn> tjr: ok, so it's sorta controversial, eh?
19:14:09 <asn> GeKo: o/
19:14:11 <tjr> For 13410 it's "Close as a dupe of 23247" because in 23247 I say 'Onion over HTTP: Green' - that would remove the self-signed warning
19:14:14 <GeKo> let me read backlog
19:15:06 <tjr> For 21537 it's "HTTP .onion should be treated the same as HTTPS, therefore we should enable powerful browser APIs restricted to HTTPS, send and set cookies with the Secure attribute, and other subtle browser behaviors I'm not calling to mind right now"
19:16:12 <asn> tjr: these two suggestions make sense to me, without much pre-thinkng.
19:16:39 <isabela> yep
19:16:49 <GeKo> tjr: +1
19:16:58 <asn> great
19:17:16 <asn> seems like we know how to proceed with #23247 et al.
19:17:21 <isabela> yes
19:17:27 <isabela> tx tjr o/
19:17:52 <asn> should we move to #21952, or more discusssion for #23247?
19:17:55 <GeKo> asn: fwiw i liked your prioritization (as well)
19:18:23 <isabela> asn: i think we should do just highlevel next steps and catch up in another meeting
19:18:25 <GeKo> re #23247
19:18:39 <asn> isabela: agreed
19:18:45 <GeKo> i think we should not mess with TLS indicators in the url bar or somewhere else
19:18:58 <GeKo> not sure if that came up or not already
19:19:08 <asn> what's TLS indicator? isn't that the padlock?
19:19:13 <GeKo> yes
19:19:15 <asn> (which we are gonna mess up with?)
19:19:21 <isabela> yes
19:19:23 <isabela> hehe
19:19:43 <GeKo> it seems e.g. showing a green padlock for some .onion is highly misleading
19:20:04 <GeKo> i liked the idea of having kind of an onion icon instead
19:20:09 <isabela> ah
19:20:10 <isabela> yes
19:20:14 <isabela> we will do that for sure
19:20:22 <GeKo> okay, good
19:20:23 <isabela> it will be a whole behavior for .onion
19:20:23 <asn> hmmm
19:20:44 <antonela> +1 with the onion icon for .onions
19:20:45 <asn> wait an onion icon is a whole different thing
19:20:46 <isabela> to make sure users understands that this is when you are on .onion only
19:20:52 <GeKo> we could have agreen .onion for a .onion domain with an ev cert if we want
19:21:12 <GeKo> asn: good that i  brought it up then, i guess :)
19:21:15 <asn> im no ux expert, but isn't an onion icon gonna confuse people?
19:21:16 <isabela> asn: sorry that was not clear
19:21:31 <asn> whereas the padlock is part of web DNA by now
19:21:32 <isabela> asn: no, will validate they are connected via .onion
19:21:40 <isabela> because i am not just on web
19:21:56 <isabela> i am on tor with .onion and this will be helpful for the user
19:22:16 <isabela> they are using something they know is not the same as .com
19:22:24 <antonela> is a good feedback for users
19:22:28 <asn> ok
19:22:43 <asn> i dont think this is what tjr  had in mind in his #23247 comment
19:22:50 <asn> except maybe he did
19:23:04 <asn> but anyhow, either padlock or onion is good with me
19:23:09 <isabela> i think we can still use those states
19:23:27 <isabela> and communicate it with another icon and copy
19:23:46 <tjr> Hm. I did not have an onion in mind, but I think it could work...
19:24:04 <asn> ack sounds good
19:24:08 <isabela> that is where antonela comes to play
19:24:09 <isabela> :)
19:24:15 <asn> so we will need to design various onion icons and stuff
19:24:42 <antonela> :)
19:24:43 <antonela> yes
19:24:44 <asn> sounds good to me
19:24:46 <GeKo> yes
19:24:51 <antonela> I can work on some options
19:25:12 <GeKo> and i think this would make upstreamingg patches into e.g. firefox much easier
19:25:21 <GeKo> if we want that
19:25:42 <antonela> +1 geko
19:25:48 <GeKo> while there would be a ton of resistance if we messed with the padlock and TLS indicators
19:26:20 <asn> ack
19:26:24 <isabela> agree
19:28:51 <isabela> onion everwhere?
19:28:54 <asn> ok
19:28:55 <isabela> *everywhere
19:28:59 <asn> next topic #21952
19:29:21 <asn> #21952 is not entirely onion everywhere
19:29:30 <asn> it's more about sites easily redirecting people to their onions
19:29:47 <asn> #19812 is about onion everywhere (a firefox addon like https eveyrwhere for onions)
19:29:47 <isabela> yes
19:29:57 <asn> i wrote a proposal for #21952: https://lists.torproject.org/pipermail/tor-dev/2017-November/012595.html
19:30:06 <asn> there are some needed fixes based on feedback
19:30:15 <GeKo> i wonder if we should start with a tbb-spec thing and your proposal could be no. 1 in it
19:30:26 <asn> we could
19:30:29 <GeKo> err tbb-proposal thing
19:30:38 <asn> does not seem to be tor-spec material, but perhaps it is
19:30:49 <GeKo> no, i don't think this is tor-spec material
19:30:58 <GeKo> let me think a bit about that
19:31:03 <asn> i havent heard much resistance about the proposal, except from alec's counter proposal
19:31:14 <asn> but i think alec's counter proposal is kinda orthogonal, and something that could be done in the future as well
19:31:22 <asn> and harder to do than our proposal
19:31:38 <isabela> i havent read this
19:31:49 <GeKo> i think we should not use the alt-svc header
19:31:55 <asn> GeKo: yep we shouldn't
19:32:03 <asn> GeKo: we should probably introduce our own
19:32:41 <GeKo> i am not sure about that. i don't feel strongly about it right now
19:32:50 <GeKo> but what i think we should do is
19:33:08 <GeKo> a) update the state in the url bar domain, so that a users sees where they are
19:33:19 <GeKo> b) start with making this opt in
19:33:47 <antonela> i do - 3.1 -> instead of auto-redirecting, why dont we ask? "Tor Browser found a secure .onion site, do you want to go there?" Of course, we need a better copy.
19:33:50 <GeKo> like showing a notification about a possible opportunity to visit a .onion domain instead
19:34:08 <isabela> yes
19:34:11 <antonela> yes!
19:34:38 <asn> sounds good to me
19:34:52 <asn> perhaps opt-in (like antonela suggested) is a better design for now
19:35:09 <antonela> i think geko wrote the same idea
19:35:12 <asn> yep yep
19:35:16 <GeKo> if users get annoyed by the notification bar we could give them a pref to flip
19:35:24 <asn> agreed
19:35:27 <isabela> yes
19:35:31 <antonela> yes
19:36:29 <asn> and all these based on some sort of HTTP header that we havnet yet decided fully
19:36:33 <asn> right?
19:36:48 <GeKo> what exactly are the pros for an own header?
19:36:55 <GeKo> why can't we just use Location?
19:37:40 <GeKo> let me reread tjr's mail...
19:37:46 <asn> if we use Location
19:37:51 <asn> then the sites have to also auto-detect Tor users
19:37:56 <asn> otherwise they will redirect even normal users to onions
19:38:10 <asn> whereas with Onion-Location (or whatever), TorBrowser will be the only consumer of that hader
19:38:56 <GeKo> hrm
19:39:13 <GeKo> so you assume they send the header to anybody and just .onion aware browsers react?
19:39:40 <asn> ye... i guess that's what im assuming
19:39:43 <asn> doesnt sound very good tho
19:39:52 <asn> perhaps for bandwidth reasons
19:40:00 <GeKo> yes
19:40:08 <GeKo> i think i am with alec in that regard
19:41:14 <GeKo> hm, okay. i think i need to think more about that particular point
19:41:18 <asn> agreed
19:41:26 <asn> probs now is not the time to do it
19:41:40 <asn> (i also have to disappear in a bit)
19:41:44 <GeKo> yes
19:41:54 <asn> anything else to talk about here?
19:42:05 <isabela> so we do just the first item that was prioritized for now
19:42:12 <isabela> i will ping ppl about following up on this
19:42:12 <asn> aha
19:42:16 <asn> ok
19:42:17 <GeKo> anyway that should not stop us from planning the ux work
19:42:23 <isabela> yes
19:42:29 <isabela> we can start that part too
19:42:31 <GeKo> as this is orthogonal to which header we use
19:42:33 <asn> i'm fine with doing another meeting btw, perhaps next week. there seem to be a whole lotta things we can discuss...
19:42:43 <GeKo> works for me
19:42:46 <isabela> GeKo: as long something works in the back end hehehe
19:42:54 <isabela> we can come up with the notification and copy
19:43:27 <isabela> meeting next week works for me too
19:43:31 <isabela> same time?
19:43:45 <antonela> works for me :)
19:43:48 <asn> sounds good
19:44:23 <asn> ok great :)
19:44:39 <isabela> :)
19:44:51 <asn> so i guess we done here (closing meetbot in a sec)
19:44:53 <GeKo> i try to get the bus earlier i guess :)
19:45:08 <GeKo> s/get/catch/
19:45:16 <asn> #endmeeting