[tor-bugs] #28005 [Applications/Tor Browser]: Officially support onions in HTTPS-Everywhere
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jan 29 09:32:23 UTC 2020
#28005: Officially support onions in HTTPS-Everywhere
-------------------------------------------------+-------------------------
Reporter: asn | Owner: tbb-
| team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tor-hs, https-everywhere, tor-ux, | Actual Points:
network-team-roadmap-november, |
TorBrowserTeam202001, network-team-roadmap- |
2020Q1 |
Parent ID: #30029 | Points: 20
Reviewer: | Sponsor:
| Sponsor27-must
-------------------------------------------------+-------------------------
Comment (by antonela):
Replying to [comment:17 acat]:
> Replying to [comment:16 antonela]:
> > Replying to [comment:14 acat]:
> > > 4. Via "some UX solution", show the human-memorable .tor.onion in
the urlbar even though the actual location is a "long" .onion.
> > >
> > Yes. We should show the memorable .tor.onion in the url bar and we
should rely on the circuit display for showing the long onion. I made some
props [https://trac.torproject.org/projects/tor/raw-
attachment/ticket/30024/30024%20-%20TB9%20-%20onions.png, here]. Look at
the image 4.0.
>
> What if the user wants to copy-paste or inspect the real address (the
.onion one)? Or is this not a use case we would need to support?
>
>
When we talked about having the onion address at the circuit display, we
also thought about making it available to copy with a click for users.
What do you think? Could we allow users to click and copy the origin onion
address from the circuit display?
> Besides, I was thinking that perhaps we should make it more noticeable
that we are displaying (just) a short `.tor.onion` local "alias" instead
of the actual `.onion` in the urlbar. In the current design, unless I'm
missing something, we would show it exactly as if the `.tor.onion` was the
real page address. I think that might lead to surprises for some users,
especially the more technical ones. For example, I would expect that the
hostname displayed in the urlbar is the actual origin of the page (e.g.
the one that is sent as `Host:` header in the page HTTP requests, etc.).
But that would not be the case here, since we would show `.tor.onion` in
the urlbar the but the true origin of the page would be `.onion` (the
`.tor.onion` urlbar replacement would be just "cosmetic").
>
>
Technical users might want to learn more about onion origin and how the
ruleset is being implemented. We could have more information about how it
happened on second level navigation. I'd like to talk during the next
meeting about this with the dev team. Nothing fancy is needed for this
release but we can see what we can do to stay in scope.
> I'm not completely sure how this could be done in terms of UI. Note that
now we already show the domain in a highlighted color in the urlbar
(Firefox change). Perhaps in these cases we could show the `.tor.onion`
domain in a different color, and when user clicks on the urlbar show the
real .onion so that it can be copy-pasted if needed? I'm not sure.
>
>
Highlight the url bar seems quite confusing for me. I think that if we
rely on the circuit display for showing the origin onion address and also
allow users to copy it from there is a good path to follow.
[[Image(https://trac.torproject.org/projects/tor/raw-
attachment/ticket/28005/O2A5.jpg, 700px)]]
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28005#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list