[tor-bugs] #32645 [Applications/Tor Browser]: Update URL bar onion indicators

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Dec 2 22:59:19 UTC 2019 

#32645: Update URL bar onion indicators
--------------------------------------+---------------------------
 Reporter:  antonela                  |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  ux-team                   |  Actual Points:
Parent ID:  #30025                    |         Points:
 Reviewer:                            |        Sponsor:  Sponsor27
--------------------------------------+---------------------------

Comment (by pospeselr):

 So having read the above documents and playing around with what browsers
 are doing these days, I have some thoughts.

 With Firefox and Chrome not giving a visual indication of DV/EV certs I
 think we should follow suit. As such, I think the Onion + CA Issued DV/EV
 Cert should just drop the lock icon, and just show the Onion icon.

 For mixed content Firefox uses the HTTPS lock icon with a red slash
 through it, while chromium based browsers don't have an icon but instead
 red 'Not Secure' text in the address bar. By default it looks like Firefox
 blocks HTTP content from HTTPS pages and has to be explicitly loaded by
 the user via the (I) icon drop-down so most users wouldn't even see this.

 If we're going to have a separate Onion icon for onion URLs, perhaps we
 should follow Firefox here and do a Onion with a red slash.

 ----

 Though that said, what is the purpose of communicating to the user that
 they are using an onion service? Firefox is using the lock there to
 indicate that your connection is secure, while Chromium et al are going
 further and using the space to explicitly indicate when a connection **is
 not** secure.

 I'm kind of inclined to agree with the idea behind this trend being that
 the more information we try to cram up there, the less useful it is and
 the more probable it is that important info is ignored. I'd actually
 really like to see Firefox go the route Chromium is and explicitly put in
 a flashing red {{{Not secure}}} label on unencrypted HTTP sites.

 ----

 Ok, on to the hanger. I think the Onion service should probably keep the
 lock icon for 'Connection Secure with Tor'. Using the same icon in two
 separate sections is a bit weird.

 teor and arma mention in #23875 that there isn't a way to determine how
 many relays there are after your half of the circuit to a hidden service,
 so rather than hard-coding 3 'Relay' we need something else. I'm partial
 to arma's suggestion of having a nebulous 'cloudy' thing there.

 We should also try and pick a themed color for the 'New Circuit for this
 Site' button, rather than the hard-coded blue we currently use. With the
 built-in Dark theme it doesn't look the best.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32645#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list