Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.
Note: You can also download the latest final version of Tor Browser here.
Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor's hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.
Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they're in a foreign country, without notifying everybody nearby that they're working with that organization.
Groups such as Indymedia recommend Tor for safeguarding their members' online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company's patent lawyers?
A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.
Welcome Screen
Our old screen had way too much information for the users, leading many of them to spend great time confused about what to do. Some users at the paper experiment spent up to 40min confused about what they needed to be doing here. Besides simplifying the screen and the message, to make it easier for the user to know if they need to configure anything or not, we also did a 'brand refresh' bringing our logo to the launcher.
Censorship circumvention configuration
This is one of the most important steps for a user who is trying to connect to Tor while their network is censoring Tor. We also worked really hard to make sure the UI text would make it easy for the user to understand what a bridge is for and how to configure to use one. Another update was a little tip we added at the drop-down menu (as you can see below) for which bridge to use in countries that have very sophisticated censorship methods.
Proxy help information
The proxy settings at our Tor Launcher configuration wizard is an important feature for users who are under a network that demands such configuration. But it can also lead to a lot of confusion if the user has no idea what a proxy is. Since it is a very important feature for users, we decided to keep it in the main configuration screen and introduced a help prompt with an explanation of when someone would need such configuration.
As part of our work with the UX team, we will also be coordinating user testing of this new UI to continue iterating and make sure we are always improving our users' experience. We are also planning a series of improvements not only for the Tor Launcher flow but for the whole browser experience (once you are connected to Tor) including a new user onboarding flow. And last but not least we are streamlining both our mobile and desktop experience: Tor Browser 7.5 adapted the security slider design we did for mobile bringing the improved user experience to the desktop as well.
What's New
Tor Browser 13.5a7 is now available from the Tor Browser download page and also from our distribution directory.
This version includes important security updates to Firefox.
We would like to thank the folowing community members for their contributions this release:
- NoisyCoil for their fixes for tor-browser#42501 and tor-browser#42491
Letterboxing Improvements and Bug Fixes
This release contains more tweaks and bug fixes related to the updated letterboxing UI and associated back-end systems. As described previously, in about:preferences#general one may now configure some aspects of the letterbox behaviour, including whether the content area floats in the center of the window or is snapped to the browser chrome at the top. We also implemented a somewhat hidden feature which will allow you to remove the extra spacing when you resize the window by double-clicking within the letterbox gutter area. This will snap the whole window down to the size required by the content.
Please continue to exercising this feature and filing bugs if you find any issues!
Localization Updates
We have continued migrating our localization pipelines from the legacy 'dtd' to the new 'fluent' format. Please report any localization issues or missing translations you may find!
Japanese Locale on macOS Weirdness
The technical specifics around our Japanese localisation on macOS are a bit peculiar (if you've ever peaked at our release+packaging scripts for macOS, you know what I mean). Therefore, this platform+locale combo has historically had interesting problems which go undiscovered for awhile since nobody on the team can read Japanese and few of us use macOS as their daily driver. If there are any Japanese-reading macOS users out there, we would definitely appreciate any localisation-related bug reports you can provide!
Native Android Connect-Assist
We have continued improving our connect-assist implementation on Android. We have fixed the problems which prevented bridge-settings from sticking (tor-browser#42486) and continued work bringing this native Android UI up to feature-parity with desktop. We have also been updating the Tor-related settings and have added the ability to the view the Tor logs after bootstrapping.
Please give the new systems a go by navigating to Settings > Connection > Enable beta connection features and toggling Enable beta connection features and selecting Native Android UI. We expect to reach feature parity with Desktop over this next release cycle, at which point both the legacy frontend (and its eccentric backend) as well as the stop-gap HTML-based frontend will be removed.
Connect-Assist Backend Work
As mentioned in the previous section, we have been iteratively improving the connect-assist backend code which is used on both Desktop and Android. If you are Desktop user we would appreciate you verifying that your bootstrapping experience is unchanged between releases, particularly if you have any custom configuration or settings.
WebTunnel + Lyrebird Pluggable-Transport Fusion
Tor Browser ships with a number of pluggable-transports (PTs) which allow users to connect to the Tor network by disguising their traffic. Up until this released, we have shipped the lyrebird, snowflake, conjure-client, and webtunnel-client PTs, each of which implement support for at least one bridge type (such as obfs4).
For historical reasons, each of these PTs are developed in Go. The problem with that is that (to summarise) Go applications ship with all of their dependencies baked into their binaries, rather than depending on 3rd party libraries. As a result, Go binaries typically are a bit bigger than you would expect given the functionality they may provide.
This is a reasonable thing to do in some contexts. Unfortunately, Tor Browser for Android has a hard application size budget it has to stay within in order to be accepted to the Google Play Store, about 100 megabytes.
To help keep Tor Browser for Android within this budget, Tor's Anticensorship team built a version of the Lyrebird PT which also includes the WebTunnel PT's functionality. As a result, from 13.5a7 onward, WebTunnel bridges will be handled by Lyrebird, and the WebTunnel PT is no longer necessary!
Nothing should have changed from an end-user perspective (apart from a smaller binary size) and WebTunnel bridges should continue to work as they always have. If this is not the case, please file an issue!