Opened 2 years ago

Closed 2 years ago

#21831 closed defect (duplicate)

"Connection is Not Secure" warning.

Reported by: jonathanfemideer Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Browsing to certain HTTPS-protected web pages using Tor Browser 6.5.1, with the Tor Browser Security Settings slider set to "High", results in a red diagonal bar being drawn through the padlock that sits to the left of the address bar. Here is a URL for such a web page:

https://www.cis.upenn.edu/~bcpierce/unison/download/releases/stable/unison-manual.html

Clicking the crossed-out padlock while visiting that web page in Tor Browser 6.5.1 results in a tooltip divided into three panes: top-left, top-right, and bottom. The top-left pane says:

www.cis.upenn.edu
Connection is Not Secure
You have disabled protection on this page.

The top-right pane has an arrow. Clicking on that arrow replaces the tooltip contents with this:

This website contains content that is not secure (such as scripts) and your connection to it is not private.
Information you share with this site could be viewed by others (like passwords, messages, credit cards, etc.). Learn More

At the bottom of the new tooltip contents, there is a button marked "Enable protection" and another button marked "More Information".

Clicking the "Enable protection" button appears to have no effect, except that it closes the tooltip and refreshes the page.

Clicking the "More Information" button launches the Page Info dialogue box.

It seems to me that, ideally:

  • The protection referred to by the "Enable protection" button should be enabled by default (at least when the security slider is set to "High", and maybe also for "Medium" and/or "Low"), thereby avoiding both the security risk and the corresponding warning.
  • Failing that, the protection referred to by the "Enable protection" button should at least take effect when that button is clicked, thereby avoiding both the security risk and the corresponding warning, at least for that website.

Child Tickets

Change History (1)

comment:1 Changed 2 years ago by gk

Resolution: duplicate
Status: newclosed

This is a duplicate of #21323 where we are currently thinking about how to activate the mixed content blocking if at all.

Note: See TracTickets for help on using tickets.