[tor-bugs] #8686 [Applications/Tor Browser]: padlock or colored url bar for connections to hidden services

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Apr 15 19:24:19 UTC 2017


#8686: padlock or colored url bar for connections to hidden services
------------------------------------------+--------------------------
 Reporter:  proper                        |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  Medium                        |      Milestone:
Component:  Applications/Tor Browser      |        Version:
 Severity:  Normal                        |     Resolution:
 Keywords:  tbb-torbutton, tbb-usability  |  Actual Points:
Parent ID:                                |         Points:
 Reviewer:                                |        Sponsor:
------------------------------------------+--------------------------
Description changed by arma:

Old description:

> When connected to https protected websites, there is a nice looking
> padlock, sometimes if the website bought a Extended Validation
> Certificate, there is even a nice looking green bar.
>
> Most people are not aware, that connections to hidden services are
> encrypted end-to-end [1] by default, thanks to Tor. This is a nice
> security feature and argument for Tor, which has very little public
> awareness.
>
> Why not have a padlock or colored (black?) url bar for connections to
> hidden services?
>
> This would also be a good way to teach people, that when they are using
> services like tor2web or onion.to, that hose connections aren't encrypted
> end-to-end, while connections to hidden services using Tor Browser are.
>
> Credit:
> This is an original idea of mine. It has been discussed on
> [http://www.reddit.com/r/TOR/comments/1bxw2n/how_to_enable_sslhttps_for_onion_domains/
> reddit].
>
> ,,
> [1] To be pedantic, connections to hidden services are only encrypted
> end-to-end Tor to Tor, not exactly client (browser) to server.

New description:

 When connected to https protected websites, there is a nice looking
 padlock, sometimes if the website bought a Extended Validation
 Certificate, there is even a nice looking green bar.

 Most people are not aware, that connections to hidden services are
 encrypted end-to-end [1] by default, thanks to Tor. This is a nice
 security feature and argument for Tor, which has very little public
 awareness.

 Why not have a padlock or colored (black?) url bar for connections to
 hidden services?

 This would also be a good way to teach people, that when they are using
 services like tor2web or onion.to, that those connections aren't encrypted
 end-to-end, while connections to hidden services using Tor Browser are.

 Credit:
 This is an original idea of mine. It has been discussed on
 [http://www.reddit.com/r/TOR/comments/1bxw2n/how_to_enable_sslhttps_for_onion_domains/
 reddit].

 ,,
 [1] To be pedantic, connections to hidden services are only encrypted end-
 to-end Tor to Tor, not exactly client (browser) to server.

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8686#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list