Thank you for opening this issue consciousness0 I also have problem with the new SecurityLevel Behavior in Tor Browser 14.5.4
@donuts And thank you for relaying this issue to gitlab.
Sorry for my late feedback here But I think UX Team really need to revert the change back to previous version as soon as possible.
In Tor Browser 14.5.4, changing security level will automatic restart Tor Browser without my consent. It causes me losing all the tabs I opened. And the worst part is that it will disconnect my current bridge.
I think this is really a BAD decision, and please revert it. Here are my reason:
The First reason is that censored users have to use bridges, But This change in Tor Browser 14.5.4 disconnects bridges every time whenever the security level is changed. Which is really really bad. Normally It already takes a considerate amount of time to successfully connect a bridge and i think always reconnecting bridges will potentially alert the censor which will jeopardize personal security that potentially leading to cause physical harm to censored users. It might sounds exaggerating to some but State Surveillance is a real thing and I hope whoever made this change would understand it.
The second reason is that this kind of change actually breaks security in web browsing itself as others have mentioned.
The Third reason is that the statement is untrue in the following link
Quote:
When users change Tor Browser’s Security Level (i.e. Standard, Safer, Safest), the new settings will only be applied on the browser’s next section, however, this isn’t let clear. Consequently, it’s possible that a user changes the Security Level from Standard to Safer, for example, but keep browsing with Standard settings without knowing that they need to restart Tor Browser to apply the changes.
No you don’t have to RESTART the Tor Browser to apply the change. In previous versions there are 2 options to apply the change:
1: Refreshing the tab will apply the change in security level
2: If you don’t need to keep the opened taps, Resetting your identify can also apply the change of security fast.
Neither option would disconnect bridge connection and they worked fine.
I think the change made in Tor Browser 14.5.4 regarding security level is utterly unnecessary and very counterproductive, It also post security risk for censored user even in physical term.
My suggestion is just revert this change, And if you worry that users don’t know that they need to refresh page or reset identify to apply the change of security level (which I highly doubt that most users don’t know this already and I honestly don’t know from where the UX team get this notion), you can just add a notice/warning message in the security level option: for example:
Security
Security Level
Disable certain web features that can be used to attack your security and anonymity. Learn more (Add the warning after this) To apply the security level changes, you need to refresh web page or reset your identify.
And lastly on the side note I am concerned that it seems that tor browser UX team has been trying to move people towards more automated configurations lately and make users have less choice or consent. I find this trend and mindset really worrisome. Please let users make their own choices, As a censored user myself who already don’t have much choices I find this kind of borderline “It’s For Your Own Good” mindset very irritating and wanting.
Thank tor project devs for your hard works.