[tor-bugs] #32645 [Applications/Tor Browser]: Update URL bar onion indicators

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Dec 4 15:54:44 UTC 2019

#32645: Update URL bar onion indicators
 Reporter:  antonela                  |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  ux-team                   |  Actual Points:
Parent ID:  #30025                    |         Points:
 Reviewer:                            |        Sponsor:  Sponsor27-must

Comment (by Thorin):

 Replying to [comment:4 pospeselr]:
 > For mixed content Firefox uses the HTTPS lock icon with a red slash
 through it, while chromium based browsers don't have an icon but instead
 red 'Not Secure' text in the address bar.

 I'm not seeing that. The grey padlock with a red slash is for insecure
 (1st party) pages - e.g http://example.com

 Mixed content: Firefox only blocks insecure active content, not passive
 (by default)
  - `security.mixed_content.block_active_content` = true
  - `security.mixed_content.block_display_content` = false

 For example, using https://www.bennish.net/mixed-content.html - FF default
 (insecure active mixed content) displays a grey padlock with a yellow
 warning (triangle) overlay

 If passive content is also blocked, then
  - FF70+ just a grey padlock is displayed, also the info icon is gone,
 merged into the padlock
  - ESR68, FF69 - a green padlock

 Note: the blocking of subresources has a bug, and the padlock could be
 misleading: but we're only discussing the UX, so it's immaterial

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32645#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list