Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.
Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor’s hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.
Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they’re in a foreign country, without notifying everybody nearby that they’re working with that organization.
Groups such as Indymedia recommend Tor for safeguarding their members’ online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company’s patent lawyers?
A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.
Our old screen had way too much information for the users, leading many of them to spend great time confused about what to do. Some users at the paper experiment spent up to 40min confused about what they needed to be doing here. Besides simplifying the screen and the message, to make it easier for the user to know if they need to configure anything or not, we also did a ‘brand refresh’ bringing our logo to the launcher.
Censorship circumvention configuration
This is one of the most important steps for a user who is trying to connect to Tor while their network is censoring Tor. We also worked really hard to make sure the UI text would make it easy for the user to understand what a bridge is for and how to configure to use one. Another update was a little tip we added at the drop-down menu (as you can see below) for which bridge to use in countries that have very sophisticated censorship methods.
Proxy help information
The proxy settings at our Tor Launcher configuration wizard is an important feature for users who are under a network that demands such configuration. But it can also lead to a lot of confusion if the user has no idea what a proxy is. Since it is a very important feature for users, we decided to keep it in the main configuration screen and introduced a help prompt with an explanation of when someone would need such configuration.
As part of our work with the UX team, we will also be coordinating user testing of this new UI to continue iterating and make sure we are always improving our users’ experience. We are also planning a series of improvements not only for the Tor Launcher flow but for the whole browser experience (once you are connected to Tor) including a new user onboarding flow. And last but not least we are streamlining both our mobile and desktop experience: Tor Browser 7.5 adapted the security slider design we did for mobile bringing the improved user experience to the desktop as well.
- We ship the first release in Tor’s 0.3.2 series, 0.3.2.9. This release includes support for the Next Generation of Onion Services.
- On the security side we enabled content sandboxing on Windows and fixed remaining issues on Linux that prevented printing to file from working properly. Additionally, we improved the compiler hardening on macOS and fixed holes in the W^X mitigation on Windows.
- We finally moved away from Gitian/tor-browser-bundle as the base of our reproducible builds environment. Over the past weeks and months rbm/tor-browser-build got developed making it much easier to reproduce Tor Browser builds and to add reproducible builds for new platforms and architectures. This will allow us to ship 64bit bundles for Windows (currently in the alpha series available) and bundles for Android at the same day as the release for the current platforms/architectures is getting out.
This release features important security updates to Firefox. This new release updates Firefox to 60.5.0esr and Tor to the first stable release in the 0.3.5 series, 0.3.5.7. It contains a number of backports from the alpha series, most notably the proper first-party isolation of range requests when loading PDF documents. We also updated NoScript and HTTPS Everywhere to their latest versions and removed our donation campaign related code.
The full changelog since Tor Browser 8.0.4 is:
- Added download link for Tor Browser 8.5 Alpha7
- Update Firefox to 60.5.0esr
- Update Tor to 0.3.5.7
- Update Torbutton to 2.0.10
- Bug 29035: Clean up our donation campaign and add newsletter sign-up link
- Bug 27175: Add pref to allow users to persist custom noscript settings
- Update HTTPS Everywhere to 2019.1.7
- Update NoScript to 10.2.1
- Bug 28873: Cascading of permissions is broken
- Bug 28720: Some videos are blocked outright on higher security levels
- Bug 26540: Enabling pdfjs disableRange option prevents pdfs from loading
- Bug 28740: Adapt Windows navigator.platform value on 64-bit systems
- Bug 28695: Set default security.pki.name_matching_mode to enforce (3)