[tbb-bugs] #22545 [Applications/Tor Browser]: .onion sites are being labled with "insecure connection"
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 8 16:28:34 UTC 2017
#22545: .onion sites are being labled with "insecure connection"
------------------------------------------+--------------------------------
Reporter: mrphs | Owner: tbb-team
Type: enhancement | Status: new
Priority: Immediate | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Blocker | Keywords: #ux-team #tbb-
| usabilty
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+--------------------------------
After the recent update to TB 7.0 I noticed that the Tor Browser warns
users that their connection to .onion sites are NOT secure with their
"lock" icon crossed with a red line.
And if the .onion site happens to have a password field, users gets a
warning for entering their password on an insecure website.
I believe this is due to recent UX changes in Firefox to warn users
against website without TLS and seems like they haven't considered .onion
usecase in their design.
This terribly affects the experience of highly targeted users who might
not have a clear understanding on the technology and are instructed to use
.onion for their online and physical safety (eg for securedrop).
I'm going to mark this ticket as "blocker" because I witnessed it blocked
a user from using an .onion site and Tor Browser all together. They
switched back to chrome on clearnet as they were worried they're doing
things wrong and that it might have compromised their security.
We should probably be a bit more careful with changes like that in future.
Especially at a time like this.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22545>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list