[tor-bugs] #28005 [Applications/Tor Browser]: Officially support onions in HTTPS-Everywhere

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jan 29 09:32:23 UTC 2020

#28005: Officially support onions in HTTPS-Everywhere
 Reporter:  asn                                  |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-hs, https-everywhere, tor-ux,    |  Actual Points:
  network-team-roadmap-november,                 |
  TorBrowserTeam202001, network-team-roadmap-    |
  2020Q1                                         |
Parent ID:  #30029                               |         Points:  20
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor27-must

Comment (by antonela):

 Replying to [comment:17 acat]:
 > Replying to [comment:16 antonela]:
 > > Replying to [comment:14 acat]:
 > > > 4. Via "some UX solution", show the human-memorable .tor.onion in
 the urlbar even though the actual location is a "long" .onion.
 > > >
 > > Yes. We should show the memorable .tor.onion in the url bar and we
 should rely on the circuit display for showing the long onion. I made some
 props [https://trac.torproject.org/projects/tor/raw-
 attachment/ticket/30024/30024%20-%20TB9%20-%20onions.png, here]. Look at
 the image 4.0.
 > What if the user wants to copy-paste or inspect the real address (the
 .onion one)? Or is this not a use case we would need to support?
 When we talked about having the onion address at the circuit display, we
 also thought about making it available to copy with a click for users.
 What do you think? Could we allow users to click and copy the origin onion
 address from the circuit display?

 > Besides, I was thinking that perhaps we should make it more noticeable
 that we are displaying (just) a short `.tor.onion` local "alias" instead
 of the actual `.onion` in the urlbar. In the current design, unless I'm
 missing something, we would show it exactly as if the `.tor.onion` was the
 real page address. I think that might lead to surprises for some users,
 especially the more technical ones. For example, I would expect that the
 hostname displayed in the urlbar is the actual origin of the page (e.g.
 the one that is sent as `Host:` header in the page HTTP requests, etc.).
 But that would not be the case here, since we would show `.tor.onion` in
 the urlbar the but the true origin of the page would be `.onion` (the
 `.tor.onion` urlbar replacement would be just "cosmetic").
 Technical users might want to learn more about onion origin and how the
 ruleset is being implemented. We could have more information about how it
 happened on second level navigation. I'd like to talk during the next
 meeting about this with the dev team. Nothing fancy is needed for this
 release but we can see what we can do to stay in scope.

 > I'm not completely sure how this could be done in terms of UI. Note that
 now we already show the domain in a highlighted color in the urlbar
 (Firefox change). Perhaps in these cases we could show the `.tor.onion`
 domain in a different color, and when user clicks on the urlbar show the
 real .onion so that it can be copy-pasted if needed? I'm not sure.
 Highlight the url bar seems quite confusing for me. I think that if we
 rely on the circuit display for showing the origin onion address and also
 allow users to copy it from there is a good path to follow.

 attachment/ticket/28005/O2A5.jpg, 700px)]]

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28005#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list