Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.
Note: You can also download the latest final version of Tor Browser here.
Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor's hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.
Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they're in a foreign country, without notifying everybody nearby that they're working with that organization.
Groups such as Indymedia recommend Tor for safeguarding their members' online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company's patent lawyers?
A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.
Welcome Screen
Our old screen had way too much information for the users, leading many of them to spend great time confused about what to do. Some users at the paper experiment spent up to 40min confused about what they needed to be doing here. Besides simplifying the screen and the message, to make it easier for the user to know if they need to configure anything or not, we also did a 'brand refresh' bringing our logo to the launcher.
Censorship circumvention configuration
This is one of the most important steps for a user who is trying to connect to Tor while their network is censoring Tor. We also worked really hard to make sure the UI text would make it easy for the user to understand what a bridge is for and how to configure to use one. Another update was a little tip we added at the drop-down menu (as you can see below) for which bridge to use in countries that have very sophisticated censorship methods.
Proxy help information
The proxy settings at our Tor Launcher configuration wizard is an important feature for users who are under a network that demands such configuration. But it can also lead to a lot of confusion if the user has no idea what a proxy is. Since it is a very important feature for users, we decided to keep it in the main configuration screen and introduced a help prompt with an explanation of when someone would need such configuration.
As part of our work with the UX team, we will also be coordinating user testing of this new UI to continue iterating and make sure we are always improving our users' experience. We are also planning a series of improvements not only for the Tor Launcher flow but for the whole browser experience (once you are connected to Tor) including a new user onboarding flow. And last but not least we are streamlining both our mobile and desktop experience: Tor Browser 7.5 adapted the security slider design we did for mobile bringing the improved user experience to the desktop as well.
What's New
It's ESR transition season again!
Once again, it is the time of year where the Applications Team (mostly) de-prioritises feature-work and instead focuses on updating Tor Browser and Tor Browser for Android to the latest and greatest version of Firefox ESR (Extended Support Release) . For a general overview of this process, please do see our 14.0a1 release post from last year.
Fortunately, we're in a much better place than we were this time last year. Following lessons learned from last year, we have again performed and reviewed iterative rebases from Firefox 128 up to Firefox 140 and finally onto Firefox ESR 140. Tor Browser 15.0a1 is available for all our supported platforms (Windows, macOS, Linux, and Android) unlike last year where we had to delay our Android release.
We have also completed our annual Bugzilla Triage and have flagged for further review myriad issues resolved upstream by Mozilla over the past year. These are issues which may have privacy or security implications if they were to be shipped in Tor Browser, or they may simply be somehow interesting to us and warrant further attention. The bulk of the remaining work for us this release cycle is to review the remainder of these issues, develop any necessary patches needed to fix any found problems, and to fix any other bugs we find.
Challenges and Triumphs
Android build-reproducibility Issues
Every major rebase typically introduces a few difficulties around build-reproducibility. This major rebase was no exception and we had to resolve some problems with our Tor Browser Android build-system. For now the solution seems to be to disable compiler optimisations for the affected modules. You can read more about this in tor-browser-build#41495.
Android APKs too big
The Google Play Store has a strict size limit of about 100 megabytes for Android applications. Left to its own devices, software also seems to have a tendency to grow, so we have to do some digging and carve out some space to hit our size budget. Fortunately, this time around it was a relatively simple matter of modifying some compiler flags. You can read more about this in tor-browser-build#41500.
Upstream source migrations
Historically, Mozilla has used Mercurial internally for its source control and then mirrored this repository to a GitHub project called gecko-dev. Mozilla decided recently to change this mirroring to a GitHub project called firefox. Unfortunately, these two git repositories share no common history which means our own Tor Browser forks nearly doubled in size which has caused some headaches for both our developers (who have had to deal with downloading/uploading gigabytes of commit history when pulling/pushing branches) and our system administrators (who have had to handle this unplanned scaling). One nice side-effect of all of this at least is that we no longer have to tag Firefox commits ourselves. You can read more about this in tpo/tpa/team#42129.
Current Status
We have:
- rebased Tor Browser and Tor Browser for Android to Firefox ESR 140 from Firefox ESR 128
- updated the build systems with the latest dependencies and fixed a few reproducibility issues
- triaged all of the upstream changes from the past year and flagged over 170 issues for further review
- resolved 17 of these triaged issue
For the remainder of this release cycle, we will be focusing on auditing these issues and fixing bugs until the 15.0 alpha series is ready to become Tor Browser Stable 15.0.
Known Issues
Source Archive Reproducibility
We publish a source archive with each our releases (e.g. src-firefox-tor-browser-140.1.0esr-15.0-1-build3.tar.xz). These contain all of the code and assets used to build the browser portion of Tor Browser (i.e. excluding tor and the pluggable-transports). One would think that such data should be trivially deterministic, but this is sometimes not the case. For example, during the Tor Browser 13.0 release cycle, we had a similar issue with generated headers on Windows.
This time around, the git archive process used to generate these source archives is generating a different .git-archive.txt metadata file in one of the browser's vendored dependencies. This file has no effect on the build process (which we can concretely know since the generated binaries users actually download and run are identical), so this non-determinism did not block this release. This issue is being tracked in tor-browser-build#41528.
