Nice way to limit the response. This isn't just about you. As I wrote before, the admins have posted onion.to links to their site on clearnet. If the phishing site is a proxy that MITMs connections to steal account credentials, then an *official* approved method of accessing the site, promoted by the admins themselves, opens their users to the exact same threat. You never know when onion.to or onion.sh might start doing that. That is a flagrant disregard for their users' security. That combined with the in-browser PGP feature breeds laziness and insecurity among their users.