Tor Browser Onion Security Indicator


Before Tor Browser 8, there was not any security indicator related to onion services. This was a problem because the security indicators when visiting .onion sites were confusing for users.

For instance, where our .onion address would provide a good level of security, the URL bar was displaying a red padlock as if it were insecure for the user.

To solve this problem, we decided to create a specific visual language for .onion states. The padlock icon displayed for the different https states (or HTTP) would behave following the same rules as for a .onion address. Additionally, we developed a little onion icon and combined it with other elements that were familiar to users to recognize whether a site is trustable or not.

Each combination of colors and icons aims to communicate the level of security the user has when visiting a particular .onion site. Based on Firefox 60 default security state icons, we introduced onion services security indicators to set up expectations to users about which onion site's security they are visiting.

Relevant ticket

#23247 - Communicating security expectations for .onion: what to say about different padlock states for .onion service

Old UI

There were no indicators when visiting onion sites in previous versions of the Tor Browser.

New UI

In pursuit of our intention to make onion services more accessible, we wanted to recognize onion services at the URL bar. We thought that adding an onion icon will help users to identify onion services. Also, keeping onion services security indicator icons close to the default security indicators will help users to recognize them and react accordingly based on their past experiences.

User testing research


The intention behind this user testing was to validate if the message we are trying to deliver with our icons was understood by the user.

We wanted to test user's comprehension​: Does our user understand the different levels of security from most to least risky?


As part of the global south initiative, we visited users from India, Uganda, Colombia, and Kenya to meet the people we are designing for and discover their needs. We ran a small-scale, short, qualitative, open-ended user test.

Why Global South?

If we can create a product that works successfully in contexts where the infra structure is precarious, then we will be offering a solution that reaches the extremes. And reaching the extremes defines what we are. Our users are taking care about they privacy. They are deeply believers and defenders about individual rights and universal freedom.

Why Global south?

  • Community and UX Team
  • Large mobile markets
  • Lite support

This immersion allowed us to understand users, needs, and context.

We are firm believers that the infrastructure defines the experience.



  • Ticket #1
  • Ticket #2

Candidates for Next Releases



Last modified 2 years ago Last modified on Nov 8, 2018, 3:22:29 PM