diff --git a/docs/images/manual/security-slider-high.png b/docs/images/manual/security-slider-high.png new file mode 100644 index 0000000000..9056447016 Binary files /dev/null and b/docs/images/manual/security-slider-high.png differ diff --git a/docs/source.rst b/docs/source.rst index 453d7b9d08..90a4a379b7 100644 --- a/docs/source.rst +++ b/docs/source.rst @@ -49,25 +49,49 @@ While using the Tor Browser on your personal computer helps hide your activity o Making your First Submission ---------------------------- -Open the Tor Browser and navigate to the .onion address for the SecureDrop Source Interface you wish to make a submission to. The page should look similar to the screenshot below, although it will probably have a logo specific to the organization you are submitting to. +Open the Tor Browser and navigate to the .onion address for the SecureDrop +Source Interface you wish to make a submission to. The page should look similar +to the screenshot below, although it will probably have a logo specific to the +organization you are submitting to. |Source Interface With Javascript Enabled| -If this is the first time you're using the Tor browser, it's likely that you have Javascript enabled. If you do, there will be a red warning banner at the top of the page that encourages you to disable it. +If this is the first time you're using the Tor browser, it's likely that you +have Javascript enabled and that the Security Slider that Tor browser provides +is set to "Low". If you do, there will be a red warning banner at the top of +the page that encourages you to disable Javascript and turn up the Security +Slider to "High". -Click the ``Learn how to disable it`` link in the warning banner and a message bubble will pop up explaining how to disable Javascript. Follow the instructions and the page should refresh automatically. Note that this will disable Javascript for every page in your Tor Browser, and this setting will persist across browser sessions. +|Security Slider| + +Click the ``Learn how to disable it`` link in the warning banner and a message +bubble will pop up explaining how to disable Javascript and turn up the Slider. +Follow the instructions and the page should refresh automatically. Note that +this will change the slider and disable Javascript for every page in your Tor +Browser, and this setting will persist across browser sessions. |Fix Javascript warning| -The page should now look similar to the screenshot below. If this is the first time you are using SecureDrop, click the ``Submit Documents`` button. +The page should now look similar to the screenshot below. If this is the first +time you are using SecureDrop, click the ``Submit Documents`` button. |Source Interface with Javascript Disabled| -You should now see a screen that shows the unique codename that SecureDrop has generated for you. In the example screenshot below the codename is ``sink los radium bcd nab privy nadir``, but yours will be different. It is extremely important that you both remember this code and keep it secret. After submitting documents, you will need to provide this code to log back in and check for responses. +You should now see a screen that shows the unique codename that SecureDrop has +generated for you. In the example screenshot below the codename is +``sink los radium bcd nab privy nadir``, but yours will be different. It is +extremely important that you both remember this code and keep it secret. After +submitting documents, you will need to provide this code to log back in and +check for responses. -The best way to protect your codename is to memorize it. If you cannot memorize it right away, we recommend writing it down and keeping it in a safe place at first, and gradually working to memorize it over time. Once you have memorized it, you should destroy the written copy. +The best way to protect your codename is to memorize it. If you cannot memorize +it right away, we recommend writing it down and keeping it in a safe place at +first, and gradually working to memorize it over time. Once you have memorized +it, you should destroy the written copy. -SecureDrop allows you to choose the length of your codename, in case you want to create a longer codename for extra security. Once you have generated a codename and put it somewhere safe, click ``Continue``. +SecureDrop allows you to choose the length of your codename, in case you want +to create a longer codename for extra security. Once you have generated a +codename and put it somewhere safe, click ``Continue``. |Memorizing your codename| @@ -145,6 +169,7 @@ Repeat these steps to continue communicating with the journalist. .. |Source Interface with Javascript Enabled| image:: images/manual/source-step1.png +.. |Security Slider| image:: images/manual/security-slider-high.png .. |Fix Javascript warning| image:: images/manual/source-step2.png .. |Source Interface with Javascript Disabled| image:: images/manual/source-step3-and-step7.png .. |Memorizing your codename| image:: images/manual/source-step4.png diff --git a/securedrop/source_templates/banner_warning_flashed.html b/securedrop/source_templates/banner_warning_flashed.html index cb2c2bf07d..da8e0a5e7a 100644 --- a/securedrop/source_templates/banner_warning_flashed.html +++ b/securedrop/source_templates/banner_warning_flashed.html @@ -1,6 +1,7 @@ {# these are flash messages that appear at the top and are really scary, like if you're using tor2web #} {% with messages = get_flashed_messages(with_categories=True, category_filter=["banner-warning"]) %} {% for category, message in messages %} -
{{ message|safe }}
++ {{ message|safe }}
{% endfor %} {% endwith %} diff --git a/securedrop/source_templates/flashed.html b/securedrop/source_templates/flashed.html index faa6e70581..578b87108d 100644 --- a/securedrop/source_templates/flashed.html +++ b/securedrop/source_templates/flashed.html @@ -4,9 +4,9 @@ {% if category != 'banner-warning' %}{% if category == 'notification' %} - + {% elif category == 'error' %} - + {% endif %} {{ message }}
diff --git a/securedrop/source_templates/generate.html b/securedrop/source_templates/generate.html index 94db0a1ac6..5b7c79c041 100644 --- a/securedrop/source_templates/generate.html +++ b/securedrop/source_templates/generate.html @@ -7,7 +7,8 @@{{ codename }}
+ +{{ codename }}
JavaScript is a widely used programming language for creating interactive web pages. Unfortunately, JavaScript is also the most common source of security @@ -10,8 +10,8 @@
We encourage SecureDrop users to disable JavaScript to protect themselves from malware that would use it to attack their browser and potentially de-anonymize them. There are other ways to get hacked, but given the use of JavaScript-based attacks recently, we believe it is prudent to disable it at this time.
-The Tor Browser comes with an add-on called NoScript that can be used to completely disable JavaScript by default, and to only enable it for sites that you trust.
+The Tor Browser comes with a security slider that will disable Javascript as well as protect against other methods that can be used to reveal your true identity.
-To disable JavaScript in Tor Browser, click the NoScript icon to the left of the address bar above and choose "Forbid Scripts Globally (advised)".
+To turn up the security settings, click the Tor icon to the left of the address bar, select Privacy and Security Settings, and turn the slider to High.
{% endblock %} diff --git a/securedrop/source_templates/index.html b/securedrop/source_templates/index.html index a561348e51..292a531c99 100644 --- a/securedrop/source_templates/index.html +++ b/securedrop/source_templates/index.html @@ -13,7 +13,7 @@ {% endassets %} -If this is your first time submitting documents to journalists, start here.
- Submit Documents + Submit DocumentsIf you have already submitted documents in the past, log in here to check for responses.
- Check for a response + Check for a responseYou appear to be using the Tor Browser. You can disable Javascript in 3 easy steps!
+You appear to be using the Tor Browser. You can disable Javascript and turn the Security Slider to High in 4 easy steps!
A journalist has been waiting for you to log in again so SecureDrop can generate a crypto key for you. Now that you have logged in, they are able to write you a reply. Check back later for replies.
+A journalist has been waiting for you to log in again so SecureDrop can generate a crypto key for you. Now that you have logged in, they are able to write you a reply. Check back later for replies.
{% endif %}