[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #32645 [Applications/Tor Browser]: Update URL bar onion indicators
#32645: Update URL bar onion indicators
--------------------------------------+---------------------------
Reporter: antonela | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ux-team | Actual Points:
Parent ID: #30025 | Points:
Reviewer: | Sponsor: Sponsor27
--------------------------------------+---------------------------
Comment (by pospeselr):
So having read the above documents and playing around with what browsers
are doing these days, I have some thoughts.
With Firefox and Chrome not giving a visual indication of DV/EV certs I
think we should follow suit. As such, I think the Onion + CA Issued DV/EV
Cert should just drop the lock icon, and just show the Onion icon.
For mixed content Firefox uses the HTTPS lock icon with a red slash
through it, while chromium based browsers don't have an icon but instead
red 'Not Secure' text in the address bar. By default it looks like Firefox
blocks HTTP content from HTTPS pages and has to be explicitly loaded by
the user via the (I) icon drop-down so most users wouldn't even see this.
If we're going to have a separate Onion icon for onion URLs, perhaps we
should follow Firefox here and do a Onion with a red slash.
----
Though that said, what is the purpose of communicating to the user that
they are using an onion service? Firefox is using the lock there to
indicate that your connection is secure, while Chromium et al are going
further and using the space to explicitly indicate when a connection **is
not** secure.
I'm kind of inclined to agree with the idea behind this trend being that
the more information we try to cram up there, the less useful it is and
the more probable it is that important info is ignored. I'd actually
really like to see Firefox go the route Chromium is and explicitly put in
a flashing red {{{Not secure}}} label on unencrypted HTTP sites.
----
Ok, on to the hanger. I think the Onion service should probably keep the
lock icon for 'Connection Secure with Tor'. Using the same icon in two
separate sections is a bit weird.
teor and arma mention in #23875 that there isn't a way to determine how
many relays there are after your half of the circuit to a hidden service,
so rather than hard-coding 3 'Relay' we need something else. I'm partial
to arma's suggestion of having a nebulous 'cloudy' thing there.
We should also try and pick a themed color for the 'New Circuit for this
Site' button, rather than the hard-coded blue we currently use. With the
built-in Dark theme it doesn't look the best.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32645#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs