GitLab

I think that the Tor Browser Bundle should aim to disable allowing connections to plaintext HTTP websites out the box by the end of the year 2016.

Content injection into MITM'd clearnet HTTP connections is the number one security threat to Tor users. It's incredibly easy to do and I'm certain that it happens all the time. (You can reproduce this easily by going to http://example.com in the latest TBB. https://example.com is completely valid, but the connection to the plaintext version is made).

Even without direct content injection, it's the obvious weak point in the overall privacy that Tor provides for a common TBB user.

It's 2016 - the vast majority of websites now serve pages over SSL. Thanks to projects like Let's Encrypt, it's now completely easy and free to run SSL out of the box with any important web server software package - there's really no excuse not to be running HTTPS.

Rather than making this change immediately, we could announce the intention to release the change by the end of the year, thereby giving any stragglers time to add SSL to their websites. We could look at how browsers like Chrome and Firefox degrade deprecated TLS ciphers in successive releases as an example - first a visual indication, then a confirmation warning, then a total block.

What do you think?

Trac:
Username: miserlou2