Re: [Tails-dev] review'n'merge: feature/7976-disallow-lan-in…

Delete this message

Reply to this message
Author: sajolida
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] review'n'merge: feature/7976-disallow-lan-in-tor-browser
anonym:
> On 05/26/2015 09:52 AM, intrigeri wrote:
>> Hi,
>>
>> for the record, #8711 ("Investigate how we could improve the error
>> message when browsing LAN from usual Tor Browser") was initially seen
>> as blocking this work, and anonym's current proposal is to postpone
>> that part, and to treat with with a priority level "depending on how
>> much trouble it causes our front desk team".
>>
>> I'm personally fine with this proposal.


Me too.

>> Note that #8711 is about *investigating*, not about actually fixing
>> the problem. I suspect this investigation will show that fixing the
>> problem is non-trivial, and if that's the case, then IMO it should be
>> low-priority.
>
> I did my homework:
>
>     https://labs.riseup.net/code/issues/9466

>
> So, while not exactly trivial, it's not hard either. The most awkward
> parts will be:
>
> 1. Parse the URI and check if the destination address (the @u@ element)
>    is a local address so we don't show the error all the time, e.g. when
>    mistyping a domain. This is awkward because at least *I* do not know
>    of any library functionality present in this context to do that check
>    so we have to resort to a IPv4 regex (and IPv6? :S) or something
>    ugly like that.


Too bad.

> 2. To get this into Torbutton in time for the 1.4.1 release, which
>    includes reaching an agreement of how the error should be phrased so
>    it works for both of us.

>
> I guess we could see 1 as optional:
>
> * If we skip 1, then we can simply do what FoxyProxy does, i.e. add
> another bullet in the list of possible explanations for the
> connection error, e.g. "The Tor Browser blocks access to the local
> network bla bla".
>
> * If we do 1, then we could dynamically change the page completely
> to something more specific given that we now know exactly what the
> error is, e.g.:
>
>       The local network is blocked
>       ============================

>
>       The Tor Browser blocks access to the local network bla bla
>       ...

>
> In Tails we'd like to also refer users to the Unsafe Browser here,
> which of course doesn't make sense in general for Torbutton. I guess
> the Tor Browser folks may be fine with a
> extensions.torbutton.running_tails pref that, when true, adds an
> additional paragraph (and I'm sure we'll find other uses for such a
> pref in the future):
>
>       To access the local network, please use the Unsafe Browser bla bla

>
> where we even could link to the local docs we ship in Tails for the
> Unsafe Browser. Any way, this coordination/communication work will
> make 2 a bit more expensive as well.
>
> What do you think? I added tails-ux@ to Cc since they probably have some
> opinions on all this.
>
> Personally I suspect that most users are trained to ignore the "Unable
> to connect" page, and would miss any small bullet we add there, making
> all this pretty pointless.


Probably.

> Hence I suspect this will only be worth doing
> if we go all the way and do 1 + a custom error page for when a local
> address was blocked. However, I guess skipping 1 still is a viable
> *initial* goal for an incremental path to that, if time is scarce ("if",
> ha ha!).
>
> Lastly, my plate is really full for Tails 1.4.1, and I expect some of it
> to be post-poned to 1.5 and maybe even 1.5.1 (given my vacation plans),
> so if I'm to do anything more here it may have to wait until Tails 1.6.


I'd say we can maybe wait and do things properly which is doing 1 in
coordination with Tor.

The other error message I'd like to configure is the one saying "The
proxy server is refusing connections" when Tor is not ready. That's
related to #8061. So if we can find something that is partly reusable in
both cases, then that would be great.

--
sajolida