[tor-bugs] #21877 [Applications/Tor Browser]: HTTP only onion services are marked as insecure in TBB ff52 nightly

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Apr 6 14:38:29 UTC 2017


#21877: HTTP only onion services are marked as insecure in TBB ff52 nightly
--------------------------------------+--------------------------
 Reporter:  blockflare                |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by cypherpunks):

 Replying to [comment:2 blockflare]:
 > Replying to [comment:1 cypherpunks]:
 > > Yes, HTTP is not HTTPS.
 >
 > But onion services are e2e encrypted, even if they don't have an EV
 Cert, they should not be marked as insecure and as "Information you submit
 could be viewed by others  (like passwords, messages, credit cards,
 etc.)".
 FF marks it as an insecure HTTP, but this is really not obvious.
 (Also your ticket seems to be a duplicate of some earlier tickets.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21877#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list