[tor-bugs] #21321 [Applications/Tor Browser]: .onion HTTP is shown as non-secure in Tor Browser
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 29 23:12:27 UTC 2017
#21321: .onion HTTP is shown as non-secure in Tor Browser
-------------------------------------------------+-------------------------
Reporter: cypherpunks | Owner: tbb-
| team
Type: task | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Blocker | Resolution:
Keywords: ff52-esr, tbb-usability, ux-team, | Actual Points:
TorBrowserTeam201706 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by cypherpunks):
> This warning is misleading and half-baked. It's been designed so people
get notified when they're submitting information and particularly
passwords in plain text. Obviously not the case with .onion.
If some likes to run tor on an another machine like a Tor router (eg on an
OpenWRT-Router or Whonix in a VM) all the PCs or VMs in the same network
could still capture all the http-packages before the packages enter the
internet... Thereby, there are use cases in which using an onion-address
is not sufficient and less secure than an onion-address + tls.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21321#comment:33>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list