[tor-bugs] #21321 [Applications/Tor Browser]: .onion HTTP is shown as non-secure in Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jul 2 17:38:45 UTC 2017


#21321: .onion HTTP is shown as non-secure in Tor Browser
-------------------------------------------------+-------------------------
 Reporter:  cypherpunks                          |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:  new
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Blocker                              |     Resolution:
 Keywords:  ff52-esr, tbb-usability, ux-team,    |  Actual Points:
  TorBrowserTeam201706                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by asn):

 Replying to [comment:34 linda]:
 > Hi, the UX team has reviewed this ticket, and we recommend removing the
 warnings as soon as possible and working on messaging thereafter.
 >
 > I think that there are two problems to solve, 1) the password and
 padlock warnings are misleading users, telling them that something is
 insecure when it isn't 2) educating users on what secure means. I think
 that we can, and should, solve these issues independently. Getting rid of
 the warnings will be a much better improvement than leaving them up, even
 if there is no explanation.
 >
 > Of course, it would be good to educate users on why .onion sites are
 secure. When we onboard users to Tor, we should mention .onion sites and
 other features on first use, and show information on .onion sites when
 they first visit an onion website. Additionally, we can also put a message
 when you click on or hover over the "secure" indicator (something like
 [https://share.riseup.net/#fi-f_QKZqY8pV8Kf0BXR9g this]) that says why
 .onion sites are safe, for people who are wondering why it is safe.
 >

 I think this is a very reasonable course of action. +1

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21321#comment:37>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list