[dewey]

That was a bigger discussion when Facebook did it back in the days and there's really no clear reason for and against it. In the end it mostly boils down to "regular people were educated that https is needed, so it's better to just keep doing that instead of explaining Tor to them". Which is a fair point I think.

https://blog.torproject.org/facebook-hidden-services-and-htt...

[sva_]

If there is no reason for it, then that is a reason against it. Regular people probably don't use Tor.

[duskwuff]

There's an annoying practical reason to use HTTPS on Tor: some browser features are gated on the page being served from an HTTPS origin. Some of them (like geolocation and payment requests) are likely to be irrelevant to most Tor users, but others (like HTTP2 and Web Crypto) are more generally relevant.

https://developer.mozilla.org/en-US/docs/Web/Security/Secure...

[derefr]

Mind you, most of these TLS-origin-requiring features are only accessible through Javascript APIs — and so won't be used by any "zero trust" Tor hidden services (which must assume the client's Javascript is disabled) anyway.