[tbb-bugs] #23545 [Applications/Tor Browser]: UX improvement: Tor Browser should handle bogus HSv3 addresses
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Sep 16 14:25:02 UTC 2017
#23545: UX improvement: Tor Browser should handle bogus HSv3 addresses
-------------------------------------+-------------------------------------
Reporter: asn | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.3.x-final
Component: Applications/Tor | Version:
Browser | Keywords: prop224, ux, tor-
Severity: Normal | browser
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------+-------------------------------------
HS v3 addresses are big but also contain a checksum. This means that Tor
Browser could catch mistyped addresses and warn the user.
With current master and current Tor browser, if you mistype an hsv3
address you go to the ''Unable to connect'' page:
{{{
Unable to connect
Firefox can’t establish a connection to the server at
4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqeflock.onion.
The site could be temporarily unavailable or too busy. Try again in a
few moments.
If you are unable to load any pages, check your computer’s network
connection.
If your computer or network is protected by a firewall or proxy, make
sure that Tor Browser is permitted to access the Web.
}}}
In the logs you can see a parsing error:
{{{
[warn] Invalid onion hostname [scrubbed]; rejecting
}}}
which is a bit generic.
I wonder what's the best way to offer better UX here. How should the user
be warned?
Also how should we implement this? Should the Browser do the checksum
check itself? Or should Tor do the checksum check and inform Tor Browser
somehow?
How to do this best?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23545>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list