GitLab

After the recent update to TB 7.0 I noticed that the Tor Browser warns users that their connection to .onion sites are NOT secure with their "lock icon" crossed with a red line.

And if the .onion site happens to have a password field, users gets a warning for entering their password on an insecure website.

I believe this is due to recent UX changes in Firefox to warn users against website without TLS and seems like they haven't considered .onion usecase in their design.

This terribly affects the experience of highly targeted users who might not have a clear understanding on the technology and are instructed to use .onion for their online and physical safety (eg for SecureDrop).

I'm going to mark this ticket as "blocker" because I witnessed it blocked a user from using an .onion site and Tor Browser all together. They switched back to chrome on clearnet as they were worried they're doing things wrong and that it might have compromised their security.

We should probably be a bit more careful with changes like that in future. Especially at a time like this.