Opened 2 years ago

Closed 4 months ago

#27657 closed enhancement (duplicate)

Show .onion icon on Identity drop down?

Reported by: gk Owned by: pospeselr
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ux-team
Cc: antonela, igt0 Actual Points:
Parent ID: #30025 Points: 6
Reviewer: Sponsor: Sponsor27-can

Description

As a follow-up to #23247 we thought about showing the respective .onion icon on the identity box as well (instead of a version of the lock icon). See: comment:66:ticket:23247 for the idea.

However, we should deal with the fact that the HTTPS treatment in vanilla Firefox does not necessarily match the lock icons of the URL bar and the identity box 1:1.

Child Tickets

Attachments (2)

O2A4 - 27657.png (134.6 KB) - added by antonela 11 months ago.
O2A4 - 27657.2.png (133.8 KB) - added by antonela 11 months ago.

Download all attachments as: .zip

Change History (10)

comment:1 Changed 22 months ago by sysrqb

Mozilla are somewhat inconsistent in this area with the UI, too. As Richard mentioned in the original ticket, when a website is loaded over TLS with active-loaded mixed content, the security indicator in the URL bar shows a gray lock icon with a yellow triangle overlaid on top of it. However, in the identity dropdown, the lock icon does not have the yellow indicator overlaid on top of it (the yellow triangle is moved down to the description).

I think the active-blocked mixed-content security indicator is a good example of how we should consider implementing this. The user is shown a green lock icon but there is a note in the dropdown mentioning some content was blocked (https://mixed-script.badssl.com/). Overall, I think we should continue giving the user the same assurance that their connection is onion-encrypted. I noticed the inconsistency today, and I was admittedly confused because I expected the Identity dropdown would show the onion icon, too.

comment:2 Changed 17 months ago by pili

Sponsor: Sponsor27

comment:3 Changed 16 months ago by pili

Parent ID: #30025

comment:4 Changed 16 months ago by gk

Sponsor: Sponsor27Sponsor27-can

Adjusting sponsor tag.

Changed 11 months ago by antonela

Attachment: O2A4 - 27657.png added

Changed 11 months ago by antonela

Attachment: O2A4 - 27657.2.png added

comment:5 Changed 11 months ago by antonela

hi! Is hard for me to find a ticket that holds all these issues holistically, so I'll make my best try here:

We can unify the way we visually intent to associate the onion routing, the tor network, and the onionsite. I'm iterating our v1 version of onion security indicators (#23247) using a plain-color version of the new Tor Browser icon.

Since EV certificates indicators are going to be removed from the URL bar, major browsers are using the identity dropdown to show certificates related information.

If we decide to remove the EV certificate name in #26491, I'm suggesting to keep the known lock for onions with issued certificates. In that case, the Tor Browser URL bar will have a [Lock] + [onion] icon. Self-signed certificates are being discussed at #13410.

I think Onionsites with mixed-content scenarios should follow Firefox treatment on HTTPS with mixed-content scenarios.

https://trac.torproject.org/projects/tor/raw-attachment/ticket/30025/O2A4.jpg

That said, Tor Browser identity dropdown could look like:

1/
https://trac.torproject.org/projects/tor/raw-attachment/ticket/27657/O2A4%20-%2027657.png

2/
https://trac.torproject.org/projects/tor/raw-attachment/ticket/27657/O2A4%20-%2027657.2.png

Is redundant having both sections at the identity dropdown with the same icon? What do you think?


PS > Do we have a list of onions for testing like this?

Last edited 11 months ago by antonela (previous) (diff)

comment:6 Changed 5 months ago by pili

Points: 6

comment:7 Changed 4 months ago by pili

Owner: changed from tbb-team to pospeselr
Status: newassigned

comment:8 Changed 4 months ago by pili

Resolution: duplicate
Status: assignedclosed

This was implemented in #33707

Note: See TracTickets for help on using tickets.