Opened 2 years ago
Closed 2 years ago
#21877 closed defect (duplicate)
HTTP only onion services are marked as insecure in TBB ff52 nightly
| Reported by: | blockflare | Owned by: | tbb-team |
|---|---|---|---|
| Priority: | Medium | Milestone: | |
| Component: | Applications/Tor Browser | Version: | |
| Severity: | Normal | Keywords: | |
| Cc: | gk | Actual Points: | |
| Parent ID: | Points: | ||
| Reviewer: | Sponsor: |
Description
Go to the onion service of torproject.org: http://expyuzz4wqqyqhjn.onion/
Click on the (i) icon in the left of expyuzz4wqqyqhjn.onion, this should appear:
Connection is Not Secure
Clicking further on ">":
Your connection to the site is not private. Information you submit could be viewed by others (like passwords, messages, credit cards, etc.)
Child Tickets
Change History (5)
comment:1 follow-up: 2 Changed 2 years ago by
| Keywords: | ff52-esr removed |
|---|
comment:2 follow-up: 3 Changed 2 years ago by
Replying to cypherpunks:
Yes, HTTP is not HTTPS.
But onion services are e2e encrypted, even if they don't have an EV Cert, they should not be marked as insecure and as "Information you submit could be viewed by others (like passwords, messages, credit cards, etc.)".
comment:3 Changed 2 years ago by
Replying to blockflare:
Replying to cypherpunks:
Yes, HTTP is not HTTPS.
But onion services are e2e encrypted, even if they don't have an EV Cert, they should not be marked as insecure and as "Information you submit could be viewed by others (like passwords, messages, credit cards, etc.)".
FF marks it as an insecure HTTP, but this is really not obvious.
(Also your ticket seems to be a duplicate of some earlier tickets.)
comment:4 Changed 2 years ago by
(Also your ticket seems to be a duplicate of some earlier tickets.)
Indeed! https://trac.torproject.org/projects/tor/ticket/21321
comment:5 Changed 2 years ago by
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
Yes. Resolving this as duplicate of #21321.
Yes, HTTP is not HTTPS.