Opened 2 years ago

Last modified 3 months ago

#23247 closed project

Communicating security expectations for .onion: what to say about different padlock states for .onion services — at Version 3

Reported by: isabela Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ux-team, tor-hs, TorBrowserTeam201806R
Cc: asn, arthuredelstein, tor@…, phw, pospeselr, dmr, brade, mcs, tbb-team Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by linda)

Background

Firefox (and other browsers) have created a set of states a site can have in relationship with ssl certificates, and how to communicate that to the user.

Currently, Tor Browser doesn't communicate ideally to users that visit onion sites--i.e. http + onion looks really scary with lots of warnings! This is something that was discussed under #21321. We then realized that we should look at all the different state + .onion combinations, and carefully communicate what these mean to the user.

Objective

The work on this ticket is to map all the current states Firefox has for ssl certificates on the padlock, and from there start to build a new way to communicate these states when they are related to a .onion sites. We started mapping them here:

https://docs.google.com/document/d/1KHkj2DpmFMB0mjHEfehD5ztY2L0lQzKNtZqct1TXbmg/edit

Is still pending the most difficult part of the work, which is to define what to do for .onion sites on those states.

Child Tickets

Change History (3)

comment:1 Changed 2 years ago by linda

Related old ticket: #8686

comment:2 Changed 2 years ago by linda

Type: defectproject

I've switched this from a task to a project, for organizational purposes.

comment:3 Changed 2 years ago by linda

Description: modified (diff)
Summary: creating padlock states for .onion services on tool barCommunicating security expectations for .onion: what to say about different padlock states for .onion services
Note: See TracTickets for help on using tickets.