Page 1 of 2

Testers Wanted: NoScript UX Overhaul by Simply Secure

Posted: Thu Jul 11, 2019 8:03 pm
by Giorgio Maone
Hi NoScripters.
SimplySecure is trying to enhance NoScript's user experience (including a UI overhaul and better documentation), and is looking for volunteers to test their prototypes live.
If you're interested, send me a PM and I'll be glad to provide more details.
Thank you all!

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Posted: Thu Sep 05, 2019 3:58 pm
by therube
Anything come of this?

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Posted: Tue Sep 17, 2019 5:37 am
by Giorgio Maone
We're almost done: Simply Secure is about to publish an extensive report on their work (including screenshots of their interation prototypes), and I'm prototyping the first functional alpha based on their input, hoping to have something to play with by London's MozFest in late October.

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Posted: Fri Sep 20, 2019 1:02 pm
by Giorgio Maone

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Posted: Fri Sep 20, 2019 3:48 pm
by therube
Oh wow, my head is spinning.
I literally couldn't finish reading through the examples.

red & green & black & blue & gray
checkmarks & underlines & dots
tabs & all & site
dropdowns
hieroglyphics

The "main" icon, & "good luck", seem amateurish & silly, not that that really matters.


Would something like that work, would it be "better"?
Oh, that's a very tough one to comment on without actually having it to bang on it.


As I see it (in 10)...

Wording, terminology, has never worked for me - counter intuitive
Icon status, likewise, has always twisted my brain
And the lack of a simply way (shortcut, Ctrl+Shift+\) to (Temporarily) Allow the "primary" domain


(And then, there is the total hampering of, well, everything, that Quantum & webextensions impose.
A click-click here, a click-click there, here a click, there a click, everywhere a click-click.
Clickity-click was a click, e-i-e-i-o.)

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Posted: Sat Sep 21, 2019 1:06 am
by barbaz
I don't feel that I can reasonably make many comments without having the new UI in front of me in a functional NoScript. But a couple things really jumped out at me:


1) Even as an experienced NoScript user, I have NO idea what "Allow affiliated scripts" means. Intuitively, and ignoring a lot of context, the wording suggests something like "allow all domains that 'belong' to this site, e.g. a site and its CDN, e.g. soundcloud.com + sndcdn.com". But that cannot be what was meant here, because it's not technically possible to automatically determine that type of affiliation.

So what is an "affiliated script"? Some user-defined relationship?

As this is intended to be a "'quick and dirty' option", it needs to be self-explanatory, easy to figure out and understand. Unless there is going to be an "Affiliated Scripts" section in the new NoScript Options where the user gets to decide what it means (by manually specifying like "site2.com and site3.com are affiliated with site1.com"), it would seem this wording has really missed the mark.
(A user-defined affiliation system would be pretty useful, and IIRC it has been requested by me and others before. So I hope that is what it'll mean.)


2) Is it intentional that in the proposed new NoScript logo, the snake looks disappointed, instead of continuing the "cartoonish fierce" look of the current logo? I didn't see any comment on this.

EDIT To be clear, I don't have a preference on the icon atm. I'm just wondering if this specific point was a deliberate design choice, and if so the thinking behind it?

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Posted: Sat Sep 21, 2019 6:46 am
by musonius
That's basically a different extension again...

I fully agree with barbaz on both points.

1) My best guess about that "Allow affiliated scripts" thing is, that it may be what the current "Set all on this page to Temporarily TRUSTED" is.

If my guess is correct, then the new wording won't be an improvement, because it suggests something different than what it actually does.

On the other hand, a new feature to allow affiliated scripts automatically would be fine. For example, vimeocdn.com is affiliated to vimeo.com. Automatically allowing such affiliated scripts may be a lot of work to be implemented. I guess, this cannot be done fully automated, but has to be defined by someone.

2) I prefer the old icon as well.

3) The new UI looks good in terms of modern UI design and may therefore feel more familiar to many new users. By and large, it may be easier for many.

As a user of Vim, I have never cared that NoScript looks like it was last updated a decade ago though.

4) I am wondering, if it's a good idea to have so much empty space. This certainly works with a handful of domains, but how does it work when there are some dozens of domains?

The option screen will work well on broad screens, but does the new UI work on tablets or small screens as well?

5) Obviously, I have not worked with the new UI yet and therefore it is hard to say, how good it works in use. I think, that there are a lot of open details which are to be solved and I am looking forward to see the first prototype mentioned above.

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Posted: Sat Sep 21, 2019 4:44 pm
by barbaz
musonius wrote:
Sat Sep 21, 2019 6:46 am
I fully agree with barbaz on both points.

[...]

2) I prefer the old icon as well.
Apparently I didn't make myself clear about the icon.

I wasn't expressing a preference about the icon. I'm not sure if I have a preference at this stage. I was just wondering if the specific change I pointed out was a design choice, and if so the thinking behind it?

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Posted: Tue Sep 24, 2019 8:51 am
by Giorgio Maone
Of course the sketches are subject to changes where appropriate on the way to a functional prototype.

Regarding "Affilated scripts", your best guess is the right one: it's gonna be an user-configurable feature, with sensible uncontroversial presets for popular sites (eg. facebook.com + fbcdn.net) to allow in one pass all and only the script sources needed for a certain website to operate.

The new icon (and the general theme/tone of the UI) has come after several iterations with professional artists and users with various degrees of experience (from 0 to power user) with NoScript, with the intention of being at the same time simpler and clean (hence the removal of the blue from the logo), still ironic but not as intimidating as the fanged version.

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Posted: Tue Sep 24, 2019 7:04 pm
by fatboy

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Posted: Wed Sep 25, 2019 5:31 pm
by barbaz
Giorgio Maone wrote:
Tue Sep 24, 2019 8:51 am
Regarding "Affilated scripts", your best guess is the right one: it's gonna be an user-configurable feature, with sensible uncontroversial presets for popular sites (eg. facebook.com + fbcdn.net) to allow in one pass all and only the script sources needed for a certain website to operate.
Sweet. Looking forward to trying it!
Giorgio Maone wrote:
Tue Sep 24, 2019 8:51 am
The new icon [...] with the intention of being [...] not as intimidating as the fanged version.
Thanks, that explains why the "cartoonish fierce" look wasn't continued. But I'm still not clear on the reasoning behind making the script snake express disappointment?
___________

Maybe I should explain more why this change jumped out at me so much.

When reading Simply Secure's blog post, the very first occurrence of the new icon is in the redesigned "privileged page" message. When I first saw that, my impression was something like, "Huh. The disappointed look of the snake in this modified NoScript logo is a nice way to help convey NoScript's inability to do its job. It's a little odd since the snake used to symbolise the *scripts*, rather than NoScript, but I can get my head around this. So they're going to change the emotion the NoScript icon expresses based on context?"

And then I read on, and saw the same disappointed look used in other mock-ups of unrelated features.. which was a bit jarring.

Making the script snake express disappointment at being blocked, might get users to subliminally think they're supposed to pity the blocked scripts. Which would be wrong. Users need to be analytical when making decisions about scripts.

Simply Secure's explanation of the icon change is just "The essential idea remains the same, but the log [sic] is now more readable as a menu icon". But having the script snake express disappointment makes for a somewhat different essential idea, for the reason stated. And I would like to better understand the thinking behind it?

(FWIW fatboy's "hybrid" logo does not express any emotion. This logo *would* keep the same essential idea as the current logo, while making it less intimidating and using Simply Secure's improved color scheme.)

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Posted: Wed Sep 25, 2019 7:55 pm
by fatboy
"When NoScript is turned off, the scrip snake escapes"
http://ipic.su/img/img7/fs/Turnedoff.1569440894.png

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Posted: Wed Sep 25, 2019 8:06 pm
by barbaz
fatboy wrote:
Wed Sep 25, 2019 7:55 pm
"When NoScript is turned off, the scrip snake escapes"
http://ipic.su/img/img7/fs/Turnedoff.1569440894.png
No, that would just bring back the problems A) red not consistently meaning blocked, B) conflating good security advice vs script state. It's also confusing with the old Image icon from NoScript Classic, which indicated zero script tags.

Better to stick with the script snake escaping out of a blue or grey circle.

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Posted: Wed Sep 25, 2019 8:29 pm
by fatboy
@ barbaz
Maybe you're right. But it seems to me that it would be like the "Restrictions disabled" icon.
_____________

1. Main screen
"There is nothing to block on this page" —
this phrase was on pages where there is really nothing to block (no scripts).
http://ipic.su/img/img7/fs/Privileged_p ... 526818.png

2. Scope of blocking and allowing
Script counter only (not fonts, objects, …)?

2.1 Too little space on the tab/site/all button.
tab
вкладка
onglet
tabblad
pestaña
scheda

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Posted: Sat Sep 28, 2019 6:08 pm
by skriptimaahinen
The case study is good, has some nice pointers and I can agree with most of it. I'm also happy that we finally get the site specific rule-sets.

However, my biggest worry is that there still does not appear to be easy way to check the "seen" tags. Personally I never use the allow all/tab options but prefer to manually select the minimum permissions for site to work. Unfortunately the current design (and apparently the new one too) still require to click open every domain to see what permissions it requests. Or is there any plans to make this easier?