search

nvaccess / nvda

NVDA, the free and open source Screen Reader for Microsoft Windows
Other
2.02k stars 624 forks source link

Add a new settings category called "security and privacy" in NVDA settings pannel #16272

Open Adriani90 opened 4 months ago

Adriani90 commented 4 months ago

Is your feature request related to a problem? Please describe.

NVDA is still often perceived as having too less security related features, so I think we should raise the awareness for security and privacy topics in NVDA. I put these two things together because both are also directly related to each other.

Describe the solution you'd like

We could raise more awareness for this topic and make it more obvious what the current state in NVDA is. We could do this by creating a dedicated settings category for security and privacy. Following settings should be moved to this category:

Describe alternatives you've considered

None

Additional context

None

CyrilleB79 commented 3 months ago

@seanbudd I am quite surprised that this issue has been triaged without any comment.

I have not had the time to think to it more deeply but I have the feeling that the UX described in this issue is not very satisfactory.

Here is what I can already write:

NVDA is still often perceived as having too less security related features

Could you indicate on what is based this statement? It would help to find the most suitable solution to the issue. If there are too less security features, it would be useful to know which ones are missing or unsatisfactory and address them individually. The number of security features does not matter; what they do or do not is.

We could do this by creating a dedicated settings category for security and privacy.

I am not against it, but again, it would be worth clarifying the issue this solution addresses. E.g. have we some feedback that sysadmins or single users have difficulty to find options related to security and privacy?

  • Use NVDA during sign in (from general settings)
  • Use current settings during sign in and on secure screens (from general settings)

I doubt that these two settings are considered security / privacy by end users. IMO moving them would be more confusing.

  • The screen curtain grouping along with the settings under this grouping (from vision settings)

Yes, this would make much more sense to have it in a security/privacy category than in the Vision one. As I have already written elsewhere, screen curtains is not a visual aid at all, but on the contrary, it prevents us from seeing anything!

I wonder though if there is a technical limitation or difficulty to perform this move, i.e. moving the settings of a vision provider outside of the vision panel. Cc @LeonarddeR

  • Enabled logging categories (from advanced settings)
  • Enable custom code from scratchpad directory (from advanced settings)
  • Speak passwords in all enhanced terminals (from advanced settings)

These clearly belong to security / privacy. But when moving parameters out of the advanced settings, we must also take into account that these features are not considered advanced anymore and are not protected by the disclaimer checkbox. Is it the case for these two ones?

For example, I seem to remember that enabling all the debug log categories in some situations may lead to a clear loss of performances. I do not know if it is acceptable without the disclaimer checkbox.

Adriani90 commented 3 months ago

Could you indicate on what is based this statement? It would help to find the most suitable solution to the issue.

I think a solution is not trivial, e.g. you cannot block certain features from being used in NVDA as a system admin, there are alot of issues on Github requesting more sofisticated command line commands to administrate what NVDA users can do and more, there is no way in NVDA to create a sandbox like some other software can do (e.g. Jira etc.).

So I think the best thing we can do as of now is first to build awareness and build dedicated areas in documentation and GUI for security related settings and important notes.

E.g. have we some feedback that sysadmins or single users have difficulty to find options related to security and privacy?

Definitely yes. Settings related to security and privacy are splited in different parts of the GUI and merging them to a specific category will make it easier. I get a lot of questions especially in Germany from companies and users asking for an easier way to find such settings.

I doubt that these two settings are considered security / privacy by end users. IMO moving them would be more confusing.

I don't think so. Using secure screens while e.g. logging at debug level is enabled is directly related to security or privacy. So using current settings in secure screens is definitely related to this topic. The other setting "using NVDA on sign in" I agree is not really clear, but in general a screen reader processes informations received through accessibility APIs which actually could be listened by a malitious code anywhere. And since secure screens are deemed to be secure, using a screen reader within such a screen is related to security. We had lots of situuations in the past where NVDA for example was reading the password in the log in window (i.e. in some virtual environment setups). I think it is a very edge case when it happens, but the probability is there and changing this setting needs administrator priviledges. Anything that needs admin priviledges to be changed is related to security in my view.

I do not know if it is acceptable without the disclaimer checkbox.

A disclaimer checkbox could also be added to the security / privacy category, something like this: "I am aware that changing settings in this category might introduce vulnerabilities in data privacy and security. checkbox unchecked" tab "restore default values button"

Adriani90 commented 3 months ago

Actually, I added also "speak typed characters" and "speak typed words" from keyboard settings due to following reasons:

We will probably never be able to find all the cases out there but at least we can build awareness regarding these settings.

Adriani90 commented 3 months ago

@seanbudd I think a P5 is not the right priority for this, see my comments above.

Adriani90 commented 3 months ago

cc: @gerald-hartig

seanbudd commented 3 months ago

@Adriani90 please provide a reason why you think this should be a higher priority, either citing the documentation or providing an argument for changing our priority definitions:

https://github.com/nvaccess/nvda/blob/master/projectDocs%2Fissues%2Ftriage.md#priority

Our understanding is this is a small improvement for UX, that doesn't fix a particularly misleading or serious issue

seanbudd commented 3 months ago

At most this can be a p4 from our current definition, assuming this became a popular feature request rather than a small UX improvement

Adriani90 commented 3 months ago

@seanbudd I agree according to the definition this might diserve a P4 for the technical implementation, but I was thinking more about the impact of this change. It is not only a small change to the UX, it would imply the introduction of a new awareness checkbox same as for advanced settings. The technical part of it might be trivial, but I think the impact on user's behavior and awareness might be more significant than a small UX change. Assuming both technical and non technical impact of this request, maybe a P3 is more suitable. This is in line with the documentation where p3 can be assigned for cases of misleading information and misleading handling.

seanbudd commented 3 months ago

That description of p3 refers to cases where NVDA is reporting misleading information i.e. saying text is a link when it isn't a link. I don't think the grouping of current settings is misleading anyone of the actions or purpose of the settings, particularly while the user guide exists to explain the settings.

Adriani90 commented 3 months ago

Ok thanks for the clarifications.