Re: [Tails-ux] RFC: Phrasing for warning users when running …

Delete this message

Reply to this message
Author: sajolida
Date:  
To: Tails user experience & user interface design, austinenglish
Subject: Re: [Tails-ux] RFC: Phrasing for warning users when running in a non-free VM
Austin English:
> Howdy all,
>
> I've attached a patch to issue 5315 [1] to warn users when running in
> a non-free VM (VMWare/Oracle/etc.) I'd like to seek comments on the
> actual text of the warning. My draft patch has:
> "Both the host operating system and the virtualization software are
> able to monitor what you are doing in Tails. Additionally, non-free
> virtualization software cannot be independently audited or inspected
> for defects."
>
> For reference, free (speech) VM users will receive the same warning as
> they do now, which is:
> "Both the host operating system and the virtualization software are
> able to monitor what you are doing in Tails."


Hi, thanks for caring our phrasing as it's critical for this ticket
which is about displaying a warning.

Your sentence is well-written but I wonder about its objective. The
ticket says "suggest that the user switches to VirtualBox or some other
free software VM" which would be more actionable for the user. On top of
(or instead of) why the current situation is problematic ("cannot be
independently audited...") the idea here is to explain what people
should do to solve this ("use free software").

I guess that this message is targeted mainly at people running Windows
and Mac (people on Linux probably already have free software) so is
VirtualBox the only option free software option here? At least it's the
only one we document on the website that runs outside of Linux (I
think): https://tails.boum.org/doc/advanced_topics/virtualization.

In this documentation we already have a section about non-free solutions
and security in general.

Also, maybe we should also make it clear *why* this message appears to
them. Users might very well not know whether their virtualization
software is free or not.

But this starts being quite a few things to say for a small warning...

Maybe we could:

1. Change the title into "Warning: non-free virtual machine detected!"

2. Change the body into:

"Both the host operating system and the virtualization software are
able to monitor what you are doing in Tails.

Additionally, only free virtualization software should be trusted.
Consider using <a href='https://www.virtualbox.org/'>VirtualBox</a> instead.

"<a
href='file:///usr/share/doc/tails/website/doc/advanced_topics/virtualization.en.html#security'>Learn
more...</a>"

But that can probably be further improved. What do you think?