[tor-bugs] #22545 [Applications/Tor Browser]: .onion sites are being labled with "insecure connection"

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jun 8 16:28:34 UTC 2017


#22545: .onion sites are being labled with "insecure connection"
------------------------------------------+--------------------------------
     Reporter:  mrphs                     |      Owner:  tbb-team
         Type:  enhancement               |     Status:  new
     Priority:  Immediate                 |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Blocker                   |   Keywords:  #ux-team #tbb-
                                          |  usabilty
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+--------------------------------
 After the recent update to TB 7.0 I noticed that the Tor Browser warns
 users that their connection to .onion sites are NOT secure with their
 "lock" icon crossed with a red line.

 And if the .onion site happens to have a password field, users gets a
 warning for entering their password on an insecure website.

 I believe this is due to recent UX changes in Firefox to warn users
 against website without TLS and seems like they haven't considered .onion
 usecase in their design.

 This terribly affects the experience of highly targeted users who might
 not have a clear understanding on the technology and are instructed to use
 .onion for their online and physical safety (eg for securedrop).

 I'm going to mark this ticket as "blocker" because I witnessed it blocked
 a user from using an .onion site and Tor Browser all together. They
 switched back to chrome on clearnet as they were worried they're doing
 things wrong and that it might have compromised their security.

 We should probably be a bit more careful with changes like that in future.
 Especially at a time like this.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22545>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list