Show .onion icon on Identity drop down?

As a follow-up to #23247 (moved) we thought about showing the respective .onion icon on the identity box as well (instead of a version of the lock icon). See: comment:66:ticket:23247 for the idea.

However, we should deal with the fact that the HTTPS treatment in vanilla Firefox does not necessarily match the lock icons of the URL bar and the identity box 1:1.

added component::applications/tor browser owner::pospeselr parent::30025 points::6 priority::medium resolution::duplicate severity::normal sponsor::27-can status::closed type::enhancement ux-team labels

Mozilla are somewhat inconsistent in this area with the UI, too. As Richard mentioned in [ticket:23247#comment:67 the original ticket], when a website is loaded over TLS with active-loaded mixed content, the security indicator in the URL bar shows a gray lock icon with a yellow triangle overlaid on top of it. However, in the identity dropdown, the lock icon does not have the yellow indicator overlaid on top of it (the yellow triangle is moved down to the description).

I think the active-blocked mixed-content security indicator is a good example of how we should consider implementing this. The user is shown a green lock icon but there is a note in the dropdown mentioning some content was blocked (https://mixed-script.badssl.com/). Overall, I think we should continue giving the user the same assurance that their connection is onion-encrypted. I noticed the inconsistency today, and I was admittedly confused because I expected the Identity dropdown would show the onion icon, too.

Trac:
Sponsor: N/A to Sponsor27

Trac:
Parent: N/A to #30025 (moved)

Adjusting sponsor tag.

Trac:
Sponsor: Sponsor27 to Sponsor27-can

Trac:

Trac:

hi! Is hard for me to find a ticket that holds all these issues holistically, so I'll make my best try here:

We can unify the way we visually intent to associate the onion routing, the tor network, and the onionsite. I'm iterating our v1 version of onion security indicators (#23247 (moved)) using a plain-color version of the new Tor Browser icon.

Since EV certificates indicators are going to be removed from the URL bar, major browsers are using the identity dropdown to show certificates related information.

If we decide to remove the EV certificate name in #26491 (moved), I'm suggesting to keep the known lock for onions with issued certificates. In that case, the Tor Browser URL bar will have a [Lock] + [onion] icon. Self-signed certificates are being discussed at #13410 (moved).

I think Onionsites with mixed-content scenarios should follow Firefox treatment on HTTPS with mixed-content scenarios.


That said, Tor Browser identity dropdown could look like:

1/ 

2/ 

Is redundant having both sections at the identity dropdown with the same icon? What do you think?

---

PS > Do we have a list of onions for testing like this?

Trac:
Points: N/A to 6

Trac:
Owner: tbb-team to pospeselr
Status: new to assigned

This was implemented in #33707 (moved)

Trac:
Resolution: N/A to duplicate
Status: assigned to closed

closed

changed time estimate to 48h

mentioned in issue #33707 (moved)

mentioned in issue #30025 (moved)

moved to tpo/applications/tor-browser#27657 (closed)