single click by default is insecure

[adrelanos]

Since I have been a Windows user some time before in my life, I am accustomed to first left click a file, then right click on it to so something else. I would think many users are trained to work this way.

Recently I downloaded an untrusted PDF and wanted to open it in a disposable VM. Left clicked it. Boom. Opened. There are two usablity issues at work here.

• single click by default is insecure -> set to double click by default?
• Configuring AppVMs to double click is difficult. I - as a power user - failed for now. Because the systemsettings package/application is not installed by default. [How are normal users supposed to know the name of that package...] And after installing it, it does not appear under 'Add more shortcuts'. When manually starting it by running "systemsettings", it does not contain the usual menu for input devices.

(In Whonix this is solved by installing the https://github.com/Whonix/kde-mouse-doubleclick package during build before starting the desktop environment for the first time.)

[adrelanos]

(Talking about Debian based AppVMs here.)

[adrelanos]

(Talking about Debian based AppVMs here.)

[nrgaway]

I just checked my setting in Debian and the `Nautilis` `'click-policy` is set to `double-click`. Therefore to open a file requires a `double click`; a `single right click` will bring up context menu, then a `single click` to select menu option. Maybe I have additional packages install though, since I use Debian with gnome. Will look into it when I rebuild the next time

[nrgaway]

I just checked my setting in Debian and the `Nautilis` `'click-policy` is set to `double-click`. Therefore to open a file requires a `double click`; a `single right click` will bring up context menu, then a `single click` to select menu option. Maybe I have additional packages install though, since I use Debian with gnome. Will look into it when I rebuild the next time

[adrelanos]

This happened to me as a user of https://packages.debian.org/jessie/dolphin, which is the KDE default and fine file manager.

[adrelanos]

This happened to me as a user of https://packages.debian.org/jessie/dolphin, which is the KDE default and fine file manager.

[nrgaway]

Qubes installs the gnome `Nautilus` package as the default file manager. Did you manually install dolphin? Maybe we should consider also setting KDE defaults then? I wonder why they would default to a `single click` as per what you said that it is not what a user would expect.

[nrgaway]

Qubes installs the gnome `Nautilus` package as the default file manager. Did you manually install dolphin? Maybe we should consider also setting KDE defaults then? I wonder why they would default to a `single click` as per what you said that it is not what a user would expect.

[adrelanos]

Did you manually install dolphin?

Yes.

Maybe we should consider also setting KDE defaults then?

That's what I argue here.

I wonder why they would default to a single click as per what you said that it is not what a user would expect.

Speculation: I guess they have a different focus. It's not providing a great desktop environment to previous Windows users. That just happens by accident. Their focus also isn't hardcore security. And in their view, the historical double click approach is outdated and unnecessary. Their focus is to provide a great desktop environment with great usability. Boldly deprecating legacy ineffective designs (double click) in favor of usability.

[adrelanos]

Did you manually install dolphin?

Yes.

Maybe we should consider also setting KDE defaults then?

That's what I argue here.

I wonder why they would default to a single click as per what you said that it is not what a user would expect.

Speculation: I guess they have a different focus. It's not providing a great desktop environment to previous Windows users. That just happens by accident. Their focus also isn't hardcore security. And in their view, the historical double click approach is outdated and unnecessary. Their focus is to provide a great desktop environment with great usability. Boldly deprecating legacy ineffective designs (double click) in favor of usability.

[unman]

This seems wrong headed to me.
It's evident from the lists that many users have come from windows with little linux experience - I dont recall anyone complaining about this because the current default works for them.Anyone who takes the step toward installing a different program is probably going to be savvy enough to check and change kde settings if they want.
What about previous linux users? The proposal to change default behaviour would run counter to their previous kde experience.
What about users from android or Mac? Or those windows users who are used to using a single click to run - a feature available since at least XP.

[unman]

This seems wrong headed to me.
It's evident from the lists that many users have come from windows with little linux experience - I dont recall anyone complaining about this because the current default works for them.Anyone who takes the step toward installing a different program is probably going to be savvy enough to check and change kde settings if they want.
What about previous linux users? The proposal to change default behaviour would run counter to their previous kde experience.
What about users from android or Mac? Or those windows users who are used to using a single click to run - a feature available since at least XP.

[marmarek]

@bnvk any opinion on this? I think the issue here is whether to keep KDE default, or change it to something we think is more reasonable.
All this applies only to users manually installing dolphin, since default Fedora (and Debian) template uses Nautilus (with double-click by default) and Whonix have this already set to double-click.

[marmarek]

@bnvk any opinion on this? I think the issue here is whether to keep KDE default, or change it to something we think is more reasonable.
All this applies only to users manually installing dolphin, since default Fedora (and Debian) template uses Nautilus (with double-click by default) and Whonix have this already set to double-click.

[isislovecruft]

It would be great if Qubes gave users the same level of RSI as they're used to with Windows.

[isislovecruft]

It would be great if Qubes gave users the same level of RSI as they're used to with Windows.

[unman]

@andrewdavidwong Confirmed this issue still arises in 3.2 milestone.
As I commented, I think this approach is just wrong headed - there's nothing intrinsically insecure about using a single click to open a file. It's one of those cases where personal preference seems to guide policy.

[unman]

@andrewdavidwong Confirmed this issue still arises in 3.2 milestone.
As I commented, I think this approach is just wrong headed - there's nothing intrinsically insecure about using a single click to open a file. It's one of those cases where personal preference seems to guide policy.