jonathankingston / paranoidpanda Goto Github PK

Since level 1 (“low”) equals the same level of protection that Firefox already provides (other than the two hidden prefs), perhaps we should label it “off”?

Level 2 could be called “secure” or “more secure” – and level 3 “paranoid”.

Now, how to describe these levels?

We can either go with a technical description, like:

Secure

• Tracking Protection enabled on normal browsing
• HTTP header is trimmed
• DNS prefetching is disabled
• Insert bits about cookies here
• etc.

Or we can make it less technical, like:

Secure
Tracking protection is enabled everywhere, and sharing your personal browsing data is limited, but it won’t break many sites

Paranoid
All security settings enabled. Consequently, some sites will break.

Thoughts?

From #2 @TanviHacks

What is the path for users who uninstall or disable the addon? Can we change all prefs back on disable or uninstall? If users uninstall the addon after they have set security "Paranoid" and then not being able to recover and use broken webpages.

I thought about this a little bit and it's a bit of a tough response. When the user sets the preferences, we could choose to remember their pre-slider changes perhaps.

We would have to consider what to do with these preference changes:

• User has changed preferences prior to sliding
• User changed preferences with sliding
• User has changed preferences after sliding
• Does the browser ever decide to change it's defaults?

Perhaps the answer is we change them all back to system default for simplicity?

Feedback from @TanviHacks

UX

• The UI for the descriptions is sometimes a little slow to respond. When you cycle from High to Medium, it takes a second for the text to update. Not sure if there is a way to make the text update faster
• Color the background of Low/Medium/High. This way you can also see that they are each different buttons than it is with one background color.
• The mask looks nice, but we have to be careful not to confuse this with Private Browsing Mode. Or tracking protection (shield). The mask is fine for now, but perhaps Bram may have some ideas on another icon we could use. Raised as #3
• The text descriptions for High says: "High chance of breaking many sites. Disables prediction of URLs and low grade certs along with features which are easy to track users."
  I'm not sure exactly what this means. We should talk about the prefs changed and then update the text.

Prefs

There are a lot of prefs are your etherpad! Nice job hunting these down. I'm not sure what they all are, so maybe we can meet to go over that sometime. The difference between medium and high is substantial, so I wonder if it is worth having another value. So we could do a few things.

• We could have 4 levels, 1-4 where 1 is regular firefox (all defaults) and 4 is Paranoid.
• Or we could have 3 levels, where 1 is called low (but sets all the prefs set in medium right now), 2 is called medium (and sets all the prefs in medium right now plus some of the ones in paranoid), and 3 is paranoid. In addition to the 3 levels we could include a button in the drop down that says "browse with regular firefox settings" or something like that. Or it could say "disable secure fox" and that would put you in regular mode. You could also
• We could have 4 levels and call the first level "Disable secure fox", the second one "Low", third "Medium", forth "Paranoid", all on the same slider.

Code Questions

• What is the path for users who uninstall or disable the addon? Can we change all prefs back on disable or uninstall? If users uninstall the addon after they have set security "Paranoid" and then not being able to recover and use broken webpages. Raised as #4
• Is tracking protection on globally in low mode? I'm in low mode and tracking protection is enabled on cnn.com. Looking at your etherpad, it shows that all prefs have default values. Maybe all prefs except the tracking protection one? I also see that "always use private browsing mode is checked" and accept third party cookies is only accepted from visited. Maybe the switch from medium to low isn't working properly? Raised as #5

From #2 @TanviHacks

Is tracking protection on globally in low mode? I'm in low mode and tracking protection is enabled on cnn.com. Looking at your etherpad, it shows that all prefs have default values. Maybe all prefs except the tracking protection one? I also see that "always use private browsing mode is checked" and accept third party cookies is only accepted from visited. Maybe the switch from medium to low isn't working properly?

Will check, I think this is due to preferences not always having an impact whilst the browser is running (which is a case that we will need to cater for anyway). However will test if there is another issue here also.

There are a lot of prefs are your etherpad! Nice job hunting these down. I'm not sure what they all are,

Document what all preferences do (some may be old) I also can't take credit as most are from: https://github.com/pyllyukko/user.js

Consider having a documentation page etc.

From #2 @TanviHacks

The mask looks nice, but we have to be careful not to confuse this with Private Browsing Mode. Or tracking protection (shield). The mask is fine for now, but perhaps Bram may have some ideas on another icon we could use.

Yeah it was a result of me playing about, I thought the dev icon you suggested would be more confusing etc. As you mention if this project has legs a real identity for it would be important.