Opened 14 months ago

Last modified 2 months ago

#27657 new enhancement

Show .onion icon on Identity drop down?

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ux-team
Cc: antonela, igt0 Actual Points:
Parent ID: #30025 Points:
Reviewer: Sponsor: Sponsor27-can

Description

As a follow-up to #23247 we thought about showing the respective .onion icon on the identity box as well (instead of a version of the lock icon). See: comment:66:ticket:23247 for the idea.

However, we should deal with the fact that the HTTPS treatment in vanilla Firefox does not necessarily match the lock icons of the URL bar and the identity box 1:1.

Child Tickets

Attachments (2)

O2A4 - 27657.png (134.6 KB) - added by antonela 2 months ago.
O2A4 - 27657.2.png (133.8 KB) - added by antonela 2 months ago.

Download all attachments as: .zip

Change History (7)

comment:1 Changed 13 months ago by sysrqb

Mozilla are somewhat inconsistent in this area with the UI, too. As Richard mentioned in the original ticket, when a website is loaded over TLS with active-loaded mixed content, the security indicator in the URL bar shows a gray lock icon with a yellow triangle overlaid on top of it. However, in the identity dropdown, the lock icon does not have the yellow indicator overlaid on top of it (the yellow triangle is moved down to the description).

I think the active-blocked mixed-content security indicator is a good example of how we should consider implementing this. The user is shown a green lock icon but there is a note in the dropdown mentioning some content was blocked (https://mixed-script.badssl.com/). Overall, I think we should continue giving the user the same assurance that their connection is onion-encrypted. I noticed the inconsistency today, and I was admittedly confused because I expected the Identity dropdown would show the onion icon, too.

comment:2 Changed 8 months ago by pili

Sponsor: Sponsor27

comment:3 Changed 8 months ago by pili

Parent ID: #30025

comment:4 Changed 8 months ago by gk

Sponsor: Sponsor27Sponsor27-can

Adjusting sponsor tag.

Changed 2 months ago by antonela

Attachment: O2A4 - 27657.png added

Changed 2 months ago by antonela

Attachment: O2A4 - 27657.2.png added

comment:5 Changed 2 months ago by antonela

hi! Is hard for me to find a ticket that holds all these issues holistically, so I'll make my best try here:

We can unify the way we visually intent to associate the onion routing, the tor network, and the onionsite. I'm iterating our v1 version of onion security indicators (#23247) using a plain-color version of the new Tor Browser icon.

Since EV certificates indicators are going to be removed from the URL bar, major browsers are using the identity dropdown to show certificates related nformation.

If we decide to remove the EV certificate name in #26491, I'm suggesting to keep the known lock for onions with issued certificates. In that case, the Tor Browser URL bar will have a [Lock] + [onion] icon. Self-signed certificates are being discussed at #13410.

I think Onionsites with mixed-content scenarios should follow Firefox treatment on HTTPS with mixed-content scenarios.

https://trac.torproject.org/projects/tor/raw-attachment/ticket/30025/O2A4.jpg

That said, Tor Browser identity dropdown could look like:

1/
https://trac.torproject.org/projects/tor/raw-attachment/ticket/27657/O2A4%20-%2027657.png

2/
https://trac.torproject.org/projects/tor/raw-attachment/ticket/27657/O2A4%20-%2027657.2.png

Is redundant having both sections at the identity dropdown with the same icon? What do you think?


PS > Do we have a list of onions for testing like this?

Version 0, edited 2 months ago by antonela (next)
Note: See TracTickets for help on using tickets.