Show .onion icon on Identity drop down?
As a follow-up to legacy/trac#23247 (moved) we thought about showing the respective .onion icon on the identity box as well (instead of a version of the lock icon). See: comment:66:ticket:23247 for the idea.
However, we should deal with the fact that the HTTPS treatment in vanilla Firefox does not necessarily match the lock icons of the URL bar and the identity box 1:1.
Activity
added component::applications/tor browser in Legacy / Trac owner::pospeselr in Legacy / Trac parent::30025 in Legacy / Trac points::6 in Legacy / Trac priority::medium in Legacy / Trac resolution::duplicate in Legacy / Trac severity::normal in Legacy / Trac sponsor::27-can in Legacy / Trac status::closed in Legacy / Trac type::enhancement in Legacy / Trac ux-team in Legacy / Trac labels
Mozilla are somewhat inconsistent in this area with the UI, too. As Richard mentioned in [ticket:23247#comment:67 the original ticket], when a website is loaded over TLS with active-loaded mixed content, the security indicator in the URL bar shows a gray lock icon with a yellow triangle overlaid on top of it. However, in the identity dropdown, the lock icon does not have the yellow indicator overlaid on top of it (the yellow triangle is moved down to the description).
I think the active-blocked mixed-content security indicator is a good example of how we should consider implementing this. The user is shown a green lock icon but there is a note in the dropdown mentioning some content was blocked (https://mixed-script.badssl.com/). Overall, I think we should continue giving the user the same assurance that their connection is onion-encrypted. I noticed the inconsistency today, and I was admittedly confused because I expected the Identity dropdown would show the onion icon, too.
Trac:
Parent: N/A to legacy/trac#30025 (moved)
hi! Is hard for me to find a ticket that holds all these issues holistically, so I'll make my best try here:
We can unify the way we visually intent to associate the onion routing, the tor network, and the onionsite. I'm iterating our v1 version of onion security indicators (legacy/trac#23247 (moved)) using a plain-color version of the new Tor Browser icon.
Since EV certificates indicators are going to be removed from the URL bar, major browsers are using the identity dropdown to show certificates related information.
If we decide to remove the EV certificate name in legacy/trac#26491 (moved), I'm suggesting to keep the known lock for onions with issued certificates. In that case, the Tor Browser URL bar will have a [Lock] + [onion] icon. Self-signed certificates are being discussed at legacy/trac#13410 (moved).
I think Onionsites with mixed-content scenarios should follow Firefox treatment on HTTPS with mixed-content scenarios.
That said, Tor Browser identity dropdown could look like:
1/ 
2/ 
Is redundant having both sections at the identity dropdown with the same icon? What do you think?
PS > Do we have a list of onions for testing like this?
-
This was implemented in legacy/trac#33707 (moved)
Trac:
Resolution: N/A to duplicate
Status: assigned to closed mentioned in issue legacy/trac#33707 (moved)
mentioned in issue legacy/trac#30025 (moved)
moved from legacy/trac#27657 (moved)
