Reminder: you hidden service connection is not insecure

With the Tor browser update to version 7.0 [which is now based on Firefox 52.1.2], a bunch of changes have been made. The full list is available here https://blog.torproject.org/blog/tor-browser-70-released

But the perhaps most noticeably change is that you now get a warning when you go to the login or register page of hidden services [i.e.onion sites]. The warning is intended to warn users to not enter their login credentials on sites that are not secured through https. This is the case for nearly all hidden services, so you get that warning.

However while you really should not enter password on sites only available through http, the Tor network naturally provides end to end encryption when using hidden services. So your connection is still secure despite not using https. Please do not make new posts about this. If you see a post about it, please post a link to this thread in the comments.

Market admins: please include a short explanation for the warning on your login and register pages too, so users know that this is nothing they have to worry about.


Comments


[17 Points] whitekidspaz:

Thanks for the update seen way to many post about kids freaking out remember it's summer time so we have all the rookies here


[6 Points] young_k:

The following will remove that warning from your firefox/TBB browser according to this page - worked on my updated TBB.

  1. Open a new tab, paste about:config into the address bar and hit enter.

  2. If you see the “This Might Void Your Warranty” page, click the blue “I accept the risk!” button. Understand we are manually modifying Firefox’s default settings.

  3. In the Search box at the top, paste security.insecure_field_warning.contextual.enabled

  4. Double click the setting to change it to “false”


The warning is only letting you know that there is no HTTPS support and you are logging into a site that requires a password (probably utilizes the "password" field identifier) - because the information is sent over Tor it IS encrypted and the "evil" exit-nodes do not pose a risk since it is a hidden service and no exit nodes are utilized.

Your password is no more at risk now than it was before, and it wasn't really at risk from what I understand about Tor and hidden services.


[2 Points] emitecaps1996:

excellent post and should be pinned a bit longer considering the number of topics started about this.

(why yes I am a n00b, thanks for asking)

;)


[1 Points] methbat:

im not a rookie but coudlnt find info on this when searching the vast annals of duck duck go...i even typed what i thought would be related to this topic on reddit and found nothing...certainly wouldn't have posted about this if i had found this post while researching