riastradh-brave
commented
5 years ago Relevant Tor Browser discussion: https://trac.torproject.org/projects/tor/ticket/23247
Open tildelowengrimm opened 5 years ago
riastradh-brave
commented
5 years ago Relevant Tor Browser discussion: https://trac.torproject.org/projects/tor/ticket/23247
ProofOfKeags
commented
3 years ago Why is this marked as P4? It definitely blocks the ability to use the subtle crypto API on onion sites which is pretty limiting. Especially since SSL certs are onerous to set up and in this case unnecesary, since onions are self authenticating.
kn0wmad
commented
3 years ago Bump - would really like to use Brave more, but this is a major blocker for me and I know I'm not alone. Any updates?
kn0wmad
commented
1 year ago 2nd annual bump - this issue seems to get mentioned a lot, any traction?
ProofOfKeags
commented
1 year ago Yeah this feels like it'd be a small change, I know there was a branch for it a while back. Maybe if the maintainers had some advice on how to tackle this as an outside contributor that could be really helpful for anyone watching this thread.
ffejb
commented
1 year ago I literally have to stop using Brave because of this issue. Please address it!
jaw-sh
commented
1 year ago My service is impacted by this issue and it is forcing me to recommend the Tor browser over Brave, which I would prefer not to.
Tor onion services don't have an HTTPS transport. But the onion services protocol provides more substantial confidentiality, integrity, and authenticity guarantees than HTTPS (in addition to anonymity). We should treat these connections as at least as secure as HTTPS origins, and provide an appropriate connection status indicator.