Tails

#2 Updated by tailor 2015-06-11 02:54:34

Hello again BitingBird

“Hiding the disks would be a really bad user interface, and we would get many questions from users that would be lost.”

Really don’t see the problem there. LPS does it (or something similar) with no adverse effect on their user interface and it probably is one of their major “selling points”. To my way of thinking as a user I don’t need superfluous facilities that have no use to me, that have no objective and having the local drives shown in “safe mode” contrary to your opinion is a sign of bad design and usability. Redundancy is the key concept here.

As far as users are concerned it would simply be a question of re-educating them by placing the emphasis in your documentation on the safety aspects of using the DVD in the default “safe mode”. I see no reason why the document you refer to could not be renamed “Tails live system by default boots in safe mode” which to me seems more descriptive and to the point while actively promoting the “safe” aspects in its use without root privileges and as the preferred and recommended boot option.

Then to go on and explain what “safe mode” means and give reasons as to why allowing access to hard drives is not a good idea, is forbidden, disabled and therefore not displayed and then as you do offer the alternative should a need arise for it.

I for one in the past probably because I failed to read and understand the documentation erroneously and mistakenly thought that signing on with an admin password offered me more security and protection when in fact the opposite probably applies and possibly led to unscrupulous operators gaining access to my private data. And I would venture to say that I probably may not be the only one to have done so.

---

“They are shown, but can’t be mounted if you’re not root, so I don’t see the risk there.”

Apologies in advance if you choose to consider the following as insulting. You don’t make sense and your argument is illogical.

It’s not a question of risk but of consistency. If there is no risk and no availibity, why offer the choice if by default the facility is not available? IMO it makes no sense at all. I would go further and argue that hiding the internal drives to be more consistent with your goals and objectives than to show them.

---

“I, however, see the risk in forcing people to boot with admin password just to see things: it’s always bad to use increased privileges.”

To see what things precisely? But you’re revealing information that has nothing to do with the operation and use of the system in “safe mode” with the Disk Utility which I think is what you are referring to.

It states in the article you refer to “Tails doesn’t need to use your hard disk during the whole session. Be your hard disk absent or damaged, it wouldn’t prevent your computer to start Tails.” - so why even offer users information about it? It’s irrelevant, extraneous and inappropriate.

IMO the Disk Utility is a dangerous tool that should only be made available to root particularly in view of the potential harmful and damaging effects the use of its functions offer to the untrained, inexperienced and adventurous user.

Furthermore IMO, I would consider it even worse practice to have these functions seemingly available as I stated before by being highlighted when the mouse goes over the buttons. Far better and consistent with good practice interface design, if you still choose to make the local drives thing shown (in safe mode) is to have them greyed out so that there is no ambiguity about their availability.

Better still IMO would be to withdraw as with the file manager any reference to hard drives since access to them is impossible and redundant.

BTW I am offended and insulted that you chose to REJECT my suggestions as opposed to opening them to discussion. (only joking)

#3 Updated by intrigeri 2015-06-11 07:33:39

> It’s not a question of risk but of consistency. If there is no risk and no availibity, why offer the choice if by default the facility is not available? IMO it makes no sense at all. I would go further and argue that hiding the internal drives to be more consistent with your goals and objectives than to show them.

I can see your consistency point, that I would rephrase in my own words as “one should not even see what they won’t be able to access anyway”; when I zoom in on it, it totally makes sense to me — thanks for clarifying.

On the other hand:

1. there’s this nice thing called discoverability, that’s a pretty useful UX feature:
   1. as a user, if I want to access my internal hard drive, and when I try to do so in GNOME Disks I’m asked a password that I don’t know, then I have chances to try and learn how to set an admin password;
   2. if, on the contrary, I don’t see my hard drive at all, then I may believe that accessing them from Tails is totally impossible, and in turn I may choose to use a more dangerous solution to achieve my initial goals;
2. keeping on displaying internal drives is free (we already have it); hiding them requires development and long-term maintenance time.

So, it seems to be that we first have to make a UX decision here, regarding the discoverability vs. consistency topic. Feel free to raise this topic on the tails-ux@boum.org mailing-list. If someone takes care of leading this discussion there, then I’ll adjust this ticket’s properties accordingly.

And then, if (and only if) that decision says “we should hide internal drives when no admin password has been entered”, then this will become yet another coding task on the todo list; IMO this would be a low priority one (aka. “would be nice to have, patches are welcome but note that nobody on the current team has plans to implement it any time soon”) => be prepared to find someone to implement and maintain this feature.

#4 Updated by tailor 2015-06-12 07:40:51

Thanks intrigeri.

>Feel free to raise this topic on the tails-ux@boum.org mailing-list

Done. It should appear under the heading “Hide internal drives when no admin password has been entered”. Never done it before, hope it’s OK.

>there’s this nice thing called discoverability, that’s a pretty useful UX feature

Ignorant as to how this works, searched Disconnect.me for example to no effect.

>I’m asked a password that I don’t know, then I have chances to try and learn how to set an admin password

Presumably in the dialog box that comes up the user would be given an explanation and a link furnished that leads you to the relevant help pages.

May be complicating things.

>if, on the contrary, I don’t see my hard drive at all, then I may believe that accessing them from Tails is totally impossible, and in turn I may choose to use a more dangerous solution to achieve my initial goals;

Easily resolved as a commentator, not sure though for programmers how easy to implement. This an communications and marketing issue - use the KISS principle and lead people to make sensible decisions based of fact - make sure that your users (specially new ones) are aware of the flexible options accompanied with due precaution. No exaggeration, untruths or meaningless jargon.

In my reckoning protection from intrusions by hackers and other malevolent entities is as important an issue for users if not more so than preserving their privacy and anonymity. It’s one of your strong points so make it prominent.

Your home page says Privacy for anyone anywhere - add Safety, Choice and Flexibility

> leave no trace on the computer you are using unless you ask it explicitly;

As suggested before something like this may work - The Tails live system provides the best possible protection when booted without administrator privileges since it has no need to access your local hard drives to work - your precious data is safe.

The Tails live system is flexible to your needs. (For experienced users) Logging in as root (/as an administrator) allows you access to your local hard drives to perform a range of administrative tasks - use this with caution.

Hope that helps along with the other suggestions made previously.