1. 17 Mar, 2021 1 commit
    • Richard Pospesel's avatar
      Bug 23247: Communicating security expectations for .onion · 3b0641f3
      Richard Pospesel authored and Matthew Finkel's avatar Matthew Finkel committed
      Encrypting pages hosted on Onion Services with SSL/TLS is redundant
      (in terms of hiding content) as all traffic within the Tor network is
      already fully encrypted.  Therefore, serving HTTP pages from an Onion
      Service is more or less fine.
      
      Prior to this patch, Tor Browser would mostly treat pages delivered
      via Onion Services as well as pages delivered in the ordinary fashion
      over the internet in the same way.  This created some inconsistencies
      in behaviour and misinformation presented to the user relating to the
      security of pages delivered via Onion Services:
      
       - HTTP Onion Service pages did not have any 'lock' icon indicating
         the site was secure
       - HTTP Onion Service pages would be marked as unencrypted in the Page
         Info screen
       - Mixed-mode content restrictions did not apply to HTTP Onion Service
         pages embedding Non-Onion HTTP content
      
      This patch fixes the above issues, and also adds several new 'Onion'
      icons to the mix to indicate all of the various permutations of Onion
      Services hosted HTTP or HTTPS pages with HTTP or HTTPS content.
      
      Strings for Onion Service Page Info page are pulled from Torbutton's
      localization strings.
      3b0641f3
  2. 29 May, 2020 1 commit
  3. 08 May, 2020 1 commit
  4. 27 May, 2020 1 commit
  5. 26 May, 2020 2 commits
  6. 18 May, 2020 3 commits
  7. 13 May, 2020 1 commit
  8. 11 May, 2020 1 commit
  9. 08 May, 2020 5 commits
  10. 07 May, 2020 1 commit
  11. 30 Apr, 2020 3 commits
  12. 29 Apr, 2020 2 commits
  13. 24 Apr, 2020 1 commit
  14. 23 Apr, 2020 2 commits
  15. 22 Apr, 2020 6 commits
  16. 24 Apr, 2020 1 commit
  17. 20 Apr, 2020 3 commits
  18. 18 Apr, 2020 1 commit
  19. 17 Apr, 2020 4 commits