"Connection is Not Secure" warning.
Browsing to certain HTTPS-protected web pages using Tor Browser 6.5.1, with the Tor Browser Security Settings slider set to "High", results in a red diagonal bar being drawn through the padlock that sits to the left of the address bar. Here is a URL for such a web page:
https://www.cis.upenn.edu/~bcpierce/unison/download/releases/stable/unison-manual.html
Clicking the crossed-out padlock while visiting that web page in Tor Browser 6.5.1 results in a tooltip divided into three panes: top-left, top-right, and bottom. The top-left pane says:
www.cis.upenn.edu
Connection is Not Secure
You have disabled protection on this page.
The top-right pane has an arrow. Clicking on that arrow replaces the tooltip contents with this:
This website contains content that is not secure (such as scripts) and your connection to it is not private.
Information you share with this site could be viewed by others (like passwords, messages, credit cards, etc.). [https://support.mozilla.org/1/firefox/45.8.0/Linux/en-US/mixed-content Learn More]
At the bottom of the new tooltip contents, there is a button marked "Enable protection" and another button marked "More Information".
Clicking the "Enable protection" button appears to have no effect, except that it closes the tooltip and refreshes the page.
Clicking the "More Information" button launches the Page Info dialogue box.
It seems to me that, ideally:
-
The protection referred to by the "Enable protection" button should be enabled by default (at least when the security slider is set to "High", and maybe also for "Medium" and/or "Low"), thereby avoiding both the security risk and the corresponding warning.
-
Failing that, the protection referred to by the "Enable protection" button should at least take effect when that button is clicked, thereby avoiding both the security risk and the corresponding warning, at least for that website.
Trac:
Username: jonathanfemideer