Opened 3 months ago

Last modified 2 months ago

#27590 new defect

Display .onion alt-svc route in the circuit display

Reported by: mahrud Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-circuit-display, ux-team
Cc: arthuredelstein, nicoo, notifier Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Now that #24553 has re-enabled alt-svc, the Circuit Display should probably indicate when the connection was made via an .onion alt-svc. Currently it doesn't.

Feel free to use this for testing: https://perfectoid.space/test.php
When the page turns green, click on the green https lock to see the circuit.

Child Tickets

Attachments (1)

2018-09-09-041041_2560x1440_scrot.png (75.9 KB) - added by mahrud 3 months ago.
Current behavior

Download all attachments as: .zip

Change History (9)

Changed 3 months ago by mahrud

Current behavior

comment:1 Changed 3 months ago by gk

Keywords: tbb-circuit-display added

comment:2 Changed 3 months ago by nusenu

I'm not sure if that should be a separate ticket but I would find it important to see that the page has been fetched via .onions directly from the URL bar without having to expand anything.

What do you think about using the onion-behind-a-lock icon for pages that are fetched via .onion (due to Alt-Svc)?

comment:3 Changed 3 months ago by mahrud

The trouble is that the connection is not consistently via .onion, only opportunistically. And besides, displaying one of the 10 .onions that, say, Cloudflare owns is kinda pointless.

comment:4 in reply to:  1 Changed 3 months ago by fuckingcf

Replying to gk:
Hey, gk! This ticket is primarily not about circuit display, but

What do you think about using the onion-behind-a-lock icon for pages that are fetched via .onion (due to Alt-Svc)?

and even more correct:
Why the hell doesn't it inform about using plain text .onion connections on https sites?!!! (No questions for https .onion alternate routes.)
Example of cf alt-svc: cflarexljc3rw355ysrkrzwapozws6nre6xsy3n4yrj7taye3uiby3ad.onion:443 (plain text (http)!!!)

comment:5 Changed 2 months ago by gk

So, here is an interesting issue: If you load the website the first time the circuit display actually shows part of the onion circuit (the one the client controls) *but* the website still says that the content got loaded over the regular Tor circuit. This is true. What happens is that a second request is issued for the favicon which uses the onion in the alt-svc header which then updates the circuit display even though the content did not get loaded over the .onion. What should the display show here?

comment:6 Changed 2 months ago by gk

Cc: nicoo added

#27949 is a duplicate.

comment:7 Changed 2 months ago by gk

Cc: notifier added

#28033 is a duplicate.

comment:8 Changed 2 months ago by antonela

Keywords: ux-team added
Note: See TracTickets for help on using tickets.