securedrop icon indicating copy to clipboard operation
securedrop copied to clipboard

Published 20 hours ago verified publisher icon freedomofpress

SI: Encryption Instructions in Hide/Show Div

Open ninavizz opened this issue 4 years ago • 3 comments

Problem

In today's SecureDrop there is more text between the H1 and the uploads/compose box, than most users are "trained" to read or process. As such, it is unlikely that many will. Secondly, the pre-encryption instructions are probably not clear, and miss an opportunity to educate Source users about the wonderful world of encryption.

Solution

Drafted some time ago, this CSS hide/show div solution is the running candidate. Content particulars, obvs negotiable.

In its initial development, the idea was that this would link to a TBD "Source User Guide." Such a guide does not yet exist, however, and I am also speculating this tweak could add value to the experience w/o such a guide to link out to.

ninavizz avatar Nov 13 '20 23:11 ninavizz

Hello,

I see that this issue has the "help wanted" tag and there hasn't been much activity on it. I would like to volunteer to resolve this issue.

My understanding is that resolving this issue means implementing the popup demonstrated in the invision link, but that the text should remain unaltered. As Tor Browser does not yet support the popup attribute, it seems like the best way to do this is to place the hidden attribute on the additional text by default, and use javascript to show or hide it when the corresponding button is clicked. Additionally, I will add more specific styling rules to match the style shown in invision, as well as styling rules for the box itself (I don't see any similar functionality to re-use in the rest of the site).

Please let me know if I have misunderstood anything or if anything relevant has changed in the 3 years since this issue was created.

Thanks, Skyler

skyvine avatar Sep 20 '23 20:09 skyvine

I looked at this a little bit more, and there's a problem. SecureDrop encourages sources to set TOR to the safest level, which disables scripts. I tried some CSS changes, but I don't see a way to make it display as shown in the invision with features supported by Tor Browser (in addition to popup, the :has selector would be useful). There is probably a way to default it to show when scripts are disabled, but this would effectively create no change for users who disable scripts, which is the recommended setting. So I don't think it makes sense to do this until the popup attribute is supported by Tor Browser, unless there is another way to do this with styling rules.

skyvine avatar Sep 24 '23 23:09 skyvine

Hi @skyvine, thanks for looking into this - you're right, SecureDrop encourages users to use it in Safest mode, which can be a bit limiting on the UX front! This is not a major priority (and honestly I think our approach/guidance to pre-encryption needs work anyway) so it's OK if there's not an immediate path to implementation.

zenmonkeykstop avatar Sep 25 '23 13:09 zenmonkeykstop