[tor-bugs] #21321 [Applications/Tor Browser]: .onion HTTP is shown as non-secure in Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jun 29 23:12:27 UTC 2017


#21321: .onion HTTP is shown as non-secure in Tor Browser
-------------------------------------------------+-------------------------
 Reporter:  cypherpunks                          |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:  new
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Blocker                              |     Resolution:
 Keywords:  ff52-esr, tbb-usability, ux-team,    |  Actual Points:
  TorBrowserTeam201706                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks):

 > This warning is misleading and half-baked. It's been designed so people
 get notified when they're submitting information and particularly
 passwords in plain text. Obviously not the case with .onion.

 If some likes to run tor on an another machine like a Tor router (eg on an
 OpenWRT-Router or Whonix in a VM) all the PCs or VMs in the same network
 could still capture all the http-packages before the packages enter the
 internet... Thereby, there are use cases in which using an onion-address
 is not sufficient and less secure than an onion-address + tls.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21321#comment:33>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list