[tor-bugs] #28005 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Officially support onions in HTTPS-Everywhere

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jan 27 19:14:54 UTC 2020 

#28005: Officially support onions in HTTPS-Everywhere
-------------------------------------------------+-------------------------
 Reporter:  asn                                  |          Owner:  legind
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  HTTPS Everywhere/EFF-HTTPS           |        Version:
  Everywhere                                     |
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-hs, https-everywhere, tor-ux,    |  Actual Points:
  network-team-roadmap-november,                 |
  TorBrowserTeam202001, network-team-roadmap-    |
  2020Q1                                         |
Parent ID:  #30029                               |         Points:  20
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor27-must
-------------------------------------------------+-------------------------

Comment (by acat):

 Replying to [comment:16 antonela]:
 > Replying to [comment:14 acat]:
 > > 4. Via "some UX solution", show the human-memorable .tor.onion in the
 urlbar even though the actual location is a "long" .onion.
 > >
 > Yes. We should show the memorable .tor.onion in the url bar and we
 should rely on the circuit display for showing the long onion. I made some
 props [https://trac.torproject.org/projects/tor/raw-
 attachment/ticket/30024/30024%20-%20TB9%20-%20onions.png, here]. Look at
 the image 4.0.

 What if the user wants to copy-paste or inspect the real address (the
 .onion one)? Or is this not a use case we would need to support?

 Besides, I was thinking that perhaps we should make it more noticeable
 that we are displaying (just) a short `.tor.onion` local "alias" instead
 of the actual `.onion` in the urlbar. In the current design, unless I'm
 missing something, we would show it exactly as if the `.tor.onion` was the
 real page address. I think that might lead to surprises for some users,
 especially the more technical ones. For example, I would expect that the
 hostname displayed in the urlbar is the actual origin of the page (e.g.
 the one that is sent as `Host:` header in the page HTTP requests, etc.).
 But that would not be the case here, since we would show `.tor.onion` in
 the urlbar the but the true origin of the page would be `.onion` (the
 `.tor.onion` urlbar replacement would be just "cosmetic").

 I'm not completely sure how this could be done in terms of UI. Note that
 now we already show the domain in a highlighted color in the urlbar
 (Firefox change). Perhaps in these cases we could show the `.tor.onion`
 domain in a different color, and when user clicks on the urlbar show the
 real .onion so that it can be copy-pasted if needed? I'm not sure.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28005#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list