Changes

Page history
Capture major problem and potential solution authored by intrigeri's avatar intrigeri
Show whitespace changes
Inline Side-by-side
VPN-support.md
View page @ b2e902da
...@@ -183,3 +183,53 @@ If we wanted to make captive portal work, we'd have 2 options: ...@@ -183,3 +183,53 @@ If we wanted to make captive portal work, we'd have 2 options:
the same fwmark set that wireguard is setting, so it ignores the `main` routing table. the same fwmark set that wireguard is setting, so it ignores the `main` routing table.
2. the unsafe browser becomes the VPN browser after the VPN has been started 2. the unsafe browser becomes the VPN browser after the VPN has been started
#### Q: How understandable is this setup for users?
In `<a9bb2de5-711c-4df9-8db2-a9e14cabf662@pimienta.org>` sajolida expressed
strong concerns about this approach from a UX standpoint:
> I'm really afraid that this approach will be very hard to understand for
> users. My guess is that people will think about *either using Tor or using
> a VPN*, not about *having a VPN before Tor*. The VPN Browser goes through the
> VPN. The Tor Browser goes through Tor, not a mix of both.
>
> For example, I understand that with this solution, if their VPN
> connection is flaky, then their Tor connection will become flaky. Or, if
> they replace (or start) their VPN connection after having started Tor,
> their ongoing Tor connections will get broken.
>
> I understand that it seems to be the cheapest option to implement, but
> it's hard for me to evaluate how much worse this will make the UX at
> this point and whether it's worth investing into this cheaper option.
> The cheapest purchase is not always the best value.
>
> Still, given that we should give priority to instant messaging, I don't
> think that it's worth investigating this more for now as we'd get into
> discussing tradeoffs between UX and tech. This would require diving more
> into design than research […].
To address this concern, one option would be to *not* route tor over the VPN:
- VPN managed by NetworkManager but only used by the VPN Browser
- Unsafe Browser only used for captive portals, does not go through the VPN
- Tor for everything else
That is, essentially the VPN Browser option, with the added
clarification that the VPN is managed by Network Manager (so we may
have to write a GUI to configure the VPN, possibly integrated into Tor
Connection, but at least we don't have to write the backend code to
manage WireGuard; and the VPN status is exposed by GNOME).
About which sajolida commented:
> It might still be tricky for users to understand how all this networking
> is wired, but if we have our own GUI to configure the VPN, it will be a
> much better place to form a correct understanding in people's mind.
>
> We can't really know more about how easy/hard it will be for people to
> understand this correctly without going into mockups and paper
> prototypes, but sounds like a much better starting point.
Next step: spend another few hours checking how hard it would be to avoid
routing tor nor the Unsafe Browser over the VPN.