[tor-bugs] #29678 [Applications/Tor Browser]: "Insecure connection" icon display for non-HTTPS sites

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Mar 18 13:57:21 UTC 2019 

#29678: "Insecure connection" icon display for non-HTTPS sites
--------------------------------------+--------------------------
 Reporter:  cypherpunks               |          Owner:  tbb-team
     Type:  enhancement               |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by Thorin):

 > FYI? There is no information. Useless data only.

 Seriously? See #25660 , proposed by Arthur, where it is entirely
 conceivable that at some stage Tor Browser might flip the switch on the
 current position of starting in PB mode (because quite frankly almost it
 not everything disabled in PB mode can also be done with prefs, and
 sanitizing each New Identity is not affected, but there may be a couple of
 things that need to be looked at, and the benefits IMO are worth it, but
 that's a discussion for elsewhere - even if right now gk seems to think
 its a wontfix).

 Now imagine if in the meantime, Mozilla decide to turn on the pb mode only
 warnings, and this migrates to the Tor Browser. Now you'll find that your
 solution doesn't work. **It pays to look at the code and understand that
 another pref influences the one you listed**

 Additionally, the text prefs were added since they are also an option for
 gk et al to consider

 > https://groups.google.com/forum/#!topic/mozilla.dev.platform/xaGffxAM-
 hs/discussion%5B1-25%5D

 That's an almost **four** year old discussion. The upstream bug for the
 pref is https://bugzilla.mozilla.org/show_bug.cgi?id=1310447 (no need to
 provide the text one since its the same stuff, just one release later).
 Comment 59, currently the last one, says that "Chrome will be showing "Not
 Secure" for HTTP websites, starting in Chrome 68 (July 2018)" ... so I
 personally think that Mozilla have forgotten about this, and could be
 reminded to enable it, so it's handled upstream and would no longer need
 to be "patched" at this end once ESR68 is used - of course, flip the pref
 in the meantime.

 Here: https://bugzilla.mozilla.org/show_bug.cgi?id=1434626 (FF60+) it was
 enabled for Nightly only - and after that a quick search reveals nothing.
 So I definitely think that Nightly test should be over and a decision
 made.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29678#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list