Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Treat HTTP onion services as secure origins #1135

Open
tildelowengrimm opened this issue Sep 15, 2018 · 7 comments
Open

Treat HTTP onion services as secure origins #1135

tildelowengrimm opened this issue Sep 15, 2018 · 7 comments
Assignees
Labels
feature/tor OS/Desktop priority/P3 The next thing for us to work on. It'll ride the trains. QA/Yes release-notes/include

Comments

@tildelowengrimm
Copy link
Contributor

Tor onion services don't have an HTTPS transport. But the onion services protocol provides more substantial confidentiality, integrity, and authenticity guarantees than HTTPS (in addition to anonymity). We should treat these connections as at least as secure as HTTPS origins, and provide an appropriate connection status indicator.

@tildelowengrimm tildelowengrimm added feature/tor design A design change, especially one which needs input from the design team design/needs-mock-up needs-mockup A feature which needs design mockup to be implemented. labels Sep 15, 2018
@tildelowengrimm tildelowengrimm modified the milestones: 2.x Backlog, 1.x Backlog Sep 15, 2018
@tildelowengrimm tildelowengrimm added the priority/P4 Planned work. We expect to get to it "soon". label Oct 30, 2018
@rebron rebron removed this from the 1.x Backlog milestone Feb 7, 2019
@riastradh-brave
Copy link
Contributor

Relevant Tor Browser discussion: https://trac.torproject.org/projects/tor/ticket/23247

@ProofOfKeags
Copy link

Why is this marked as P4? It definitely blocks the ability to use the subtle crypto API on onion sites which is pretty limiting. Especially since SSL certs are onerous to set up and in this case unnecesary, since onions are self authenticating.

@kn0wmad
Copy link

kn0wmad commented Jun 16, 2021

Bump - would really like to use Brave more, but this is a major blocker for me and I know I'm not alone. Any updates?

@kn0wmad
Copy link

kn0wmad commented Jul 24, 2022

2nd annual bump - this issue seems to get mentioned a lot, any traction?

@ProofOfKeags
Copy link

Yeah this feels like it'd be a small change, I know there was a branch for it a while back. Maybe if the maintainers had some advice on how to tackle this as an outside contributor that could be really helpful for anyone watching this thread.

@diracdeltas diracdeltas added priority/P3 The next thing for us to work on. It'll ride the trains. and removed priority/P4 Planned work. We expect to get to it "soon". design A design change, especially one which needs input from the design team design/needs-mock-up needs-mockup A feature which needs design mockup to be implemented. labels Oct 11, 2022
@ffejb
Copy link

ffejb commented Jan 12, 2023

I literally have to stop using Brave because of this issue. Please address it!

@jaw-sh
Copy link

jaw-sh commented Apr 25, 2023

My service is impacted by this issue and it is forcing me to recommend the Tor browser over Brave, which I would prefer not to.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature/tor OS/Desktop priority/P3 The next thing for us to work on. It'll ride the trains. QA/Yes release-notes/include
Projects
None yet
Development

Successfully merging a pull request may close this issue.

9 participants