Re: [Tails-ux] Improving our Bluetooth trade-off

Delete this message

Reply to this message
Author: sajolida
Date:  
To: Tails user experience & user interface design, intrigeri
Subject: Re: [Tails-ux] Improving our Bluetooth trade-off
intrigeri:
> [deadline: September 23]
>
> Currently one can't use Bluetooth in Tails without going through
> manual operations that 1. are not documented; 2. can only be performed
> in the GNOME session (which implies that e.g. one can't use
> a Bluetooth keyboard in the Greeter anyway). So in short, we support
> Bluetooth usage neither officially, nor effectively (except for
> technical users who want to use things like Bluetooth speakers and
> will manage to make it work).
>
> But Bluetooth is not fully disabled at the lower level, so our users
> are exposed to security vulnerabilities in the Linux Bluetooth stack
> such as BlueBorne (https://www.armis.com/blueborne/), which forced me
> to think about this topic urgently today.
>
> I think this current trade-off is pretty bad for most Tails users: it
> makes them vulnerable, without providing them anything useful
> in exchange.
>
> I propose we:
>
> 1. Short-term: fully disable Bluetooth (#14655, I'll probably get my
>    branch merged today so 3.2~rc1 is safe vs. BlueBorne, but we can
>    revert this change in 3.2 final if it's not OK). As explained
>    above, this should not impact UX much.

>
> 2. Mid-term: document how to re-enable Bluetooth in the GNOME session
>    and with Additional Software Packages (see commits 4fa1c46,
>    613b14c, 3d53d2c and 9320ca7 for inspiration).

>
> 3. Long-term: better support Bluetooth (e.g. #10801 + persistence of
>    Greeter settings).

>
> Don't get me wrong! I'm convinced that at some point, we do need to
> support Bluetooth properly: our current userbase might be dedicated
> and motivated enough to deal with limitations like "I can't use my
> Bluetooth speakers and there's no wired speakers around so well I'll
> watch this video with my crappy laptop integrated speakers", but if we
> want Tails to have a greater impact we should probably make it work
> nicely for people who won't want to use a tool that breaks such common
> use cases.


Full ack on all this!