Improve UX of saving downloaded files from Tor Browser
During the user testing of the VeraCrypt beta, participants had to save a keyfile from Tor Browser and use it to unlock a USB stick:
- 2 participants saved it to ~/Tor Browser without problems.
- The other 3 participants had a very hard time finding how to save it:
- It took P2 2 minutes to find where it was possible to save it. He even tried "~/Tor Browser/" without realizing it would work and went ahead checking more folders.
- P3 dismissed the error message and saved it to the desktop but it was not save. Then she couldn't find it.
- P4 has an odyssey of 8 minutes and was unsuccessfully looking for her file under
/usr/local/lib/tor-browser/when I rescued her.
I had serious concerns about the seriousness of this UX issue since it was introduced but had never tested it with users. Now I did and the results are quite concerning...
- It's a clear proof that it's not because people don't complain about a problem through our help desk or Redmine that the problem is not real. Relying on reported issues is definitely not enough to find the real problems people have. You need user testing to go and find them.
- It's an example of a security/US thread off where we added a security measure without researching its UX impact first. In this kind of discussions, we often lack tools for decision making where we can put in balance the added security against the degraded UX and know what to do; and we have the tendency to go for the added security. How much added security for the crazy threat models of few users do we need to counterbalance pain and frustration for the vast majority of newer users? A solution would be to do more regular user testing and postpone such decisions until we have done some actually testing. I'll try to do this more.
Here are some ideas to breakdown this problem we can take to improve this UX problem:
- Notify better when the file is not saved. For example, click "Desktop", dismiss the error message, click "Save" and there's nothing telling you that the file was actually not saved.
- Remove the
/usr/local/lib/tor-browseras it cannot be useful and can only add to the confusion.
- Improve the labels of the Tor Browser and Tor Browser (persistent) shortcuts as proposed in #15028.
Some user quotes:
- P3: « I don't want to read. I want to save. » after getting the error message "Could not read the content of ..."
- P4: « I don't have permission to save anywhere. It's fucking useless. »
- P4: « Why am I using a computer I don't have permissions to use. »
- P4: « This is fucking kafkaesque... »
And video clips:
- P2: https://un.poivron.org/~sajolida/clips/Saving_in_Tor_Browser_P2_nosound.webm
- P3: https://un.poivron.org/~sajolida/clips/Saving_in_Tor_Browser_P3_nosound.webm
- P4: https://un.poivron.org/~sajolida/clips/Saving_in_Tor_Browser_P4_nosound.webm
I removed the sound on the public version for privacy reasons but please ask me for the full version if you're part of the team.