[Pkg-privacy-maintainers] Bug#886286: torbrowser-launcher: Tor Browser says .onion sites (like http://sejnfjrq6szgca7v.onion/) are not secure

Diederik de Haas didi.debian at cknow.org
Wed Jan 3 22:13:32 UTC 2018

Package: torbrowser-launcher
Version: 0.2.8-6
Severity: normal
Tags: upstream

If you go to http://sejnfjrq6szgca7v.onion/ (debian.org onion site) with
Tor Browser, obtained via torbrowser-launcher program, you don't see the 
green bar/lock like you see with https sites. If you click on the 'i' icon 
to get site information, it says 'Connection is Not Secure' and the 
'details' page says it's not private.

I'm guessing Tor Browser says so because Firefox sees an http, not
https, connection. But it's conclusion in the case of Tor Browser with
an .onion site seems incorrect to me.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (101, 'experimental'), (1, 'experimental-debug')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.0-2-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages torbrowser-launcher depends on:
ii  ca-certificates   20170717
ii  gnupg             2.2.3-1
ii  libdbus-glib-1-2  0.108-3
ii  python            2.7.14-4
ii  python-gtk2       2.24.0-5.1+b1
ii  python-lzma       0.5.3-3
ii  python-parsley    1.2-1
ii  python-psutil     5.4.2-1
ii  python-twisted    17.9.0-1
ii  python-txsocksx

Versions of packages torbrowser-launcher recommends:
ii  tor

Versions of packages torbrowser-launcher suggests:
ii  apparmor       2.11.1-4
ii  python-pygame  1.9.3+dfsg-2+b1

-- no debconf information

More information about the Pkg-privacy-maintainers mailing list