do not show onion names in URL bar; show optional petnames instead
Summary
Users of modern browsers are accustomed to using the URL bar (and the prevailing domain name system, complete with browser-installed trust anchors) to verify that the sites they are visiting are the ones they expect to be visiting. Onion names are cryptographically secure but should be opaque and should not be human-meaningful. Users cannot verify at a glance that they are correct, so they convey no useful information.
What is the expected behavior?
Users want the URL bar to be helpful. The inability to verify correctness of onion sites at a glance poses a de facto security risk. (It should go without saying that if onion site names begin with 'mined' vanity names, then other site administrators with similar or better computing power could generate similar names.) At best, the long onion name obscures more useful parts of the URL. Therefore, we should eliminate the onion name from the URL bar completely and replace it with something that can allow users to verify the correctness of the site.
We can provide a simple interface for this that strips the hostname part of the URL and replaces it with a yellow triangle icon by default, prompting the user to input a petname for the site:
A users can click on the triangle to get a blank text input box that can be used to create and assign a petname to this site (for example, 'New York Times'), and then, going forward, whenever the underlying onion site name for the site matches the one for this site, the petname will appear instead of the yellow triangle, like this:
Users should be able to opt to ignore this warning, and they may even be able to disable the yellow triangles entirely. Other useful data from the part of the URL to the left of the path, such as username, password, and TCP port, if applicable, can be directly prepended (using some appropriate syntax and delimiters) to the part of the URL that is shown, and the presence of HTTPS versus HTTP can be indicated by the onion icon.