[tbb-bugs] #8686 [Applications/Tor Browser]: padlock or colored url bar for connections to hidden services
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Apr 15 19:24:19 UTC 2017
#8686: padlock or colored url bar for connections to hidden services
------------------------------------------+--------------------------
Reporter: proper | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-torbutton, tbb-usability | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------------------+--------------------------
Description changed by arma:
Old description:
> When connected to https protected websites, there is a nice looking
> padlock, sometimes if the website bought a Extended Validation
> Certificate, there is even a nice looking green bar.
>
> Most people are not aware, that connections to hidden services are
> encrypted end-to-end [1] by default, thanks to Tor. This is a nice
> security feature and argument for Tor, which has very little public
> awareness.
>
> Why not have a padlock or colored (black?) url bar for connections to
> hidden services?
>
> This would also be a good way to teach people, that when they are using
> services like tor2web or onion.to, that hose connections aren't encrypted
> end-to-end, while connections to hidden services using Tor Browser are.
>
> Credit:
> This is an original idea of mine. It has been discussed on
> [http://www.reddit.com/r/TOR/comments/1bxw2n/how_to_enable_sslhttps_for_onion_domains/
> reddit].
>
> ,,
> [1] To be pedantic, connections to hidden services are only encrypted
> end-to-end Tor to Tor, not exactly client (browser) to server.
New description:
When connected to https protected websites, there is a nice looking
padlock, sometimes if the website bought a Extended Validation
Certificate, there is even a nice looking green bar.
Most people are not aware, that connections to hidden services are
encrypted end-to-end [1] by default, thanks to Tor. This is a nice
security feature and argument for Tor, which has very little public
awareness.
Why not have a padlock or colored (black?) url bar for connections to
hidden services?
This would also be a good way to teach people, that when they are using
services like tor2web or onion.to, that those connections aren't encrypted
end-to-end, while connections to hidden services using Tor Browser are.
Credit:
This is an original idea of mine. It has been discussed on
[http://www.reddit.com/r/TOR/comments/1bxw2n/how_to_enable_sslhttps_for_onion_domains/
reddit].
,,
[1] To be pedantic, connections to hidden services are only encrypted end-
to-end Tor to Tor, not exactly client (browser) to server.
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8686#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list