After six months of development significant release of a specialized browser , in which the development of functionality based on the ESR branch is continued . The browser is focused on providing anonymity, security and privacy, all traffic is redirected only through the Tor network. It is impossible to contact directly through the regular network connection of the current system, which does not allow tracking the real IP of the user (in the case of a browser hack, attackers can access the system network settings, so to completely block possible leaks, you should use products such as ). Tor Browser builds for Linux, Windows, macOS and Android.
For additional protection, the composition includes the addition , which allows you to use traffic encryption on all sites where possible. To mitigate the threat from JavaScript attacks and block plugins by default, an add-on is included . To combat blocking and traffic inspection, ΠΈ .
To organize an encrypted communication channel in environments that block any traffic other than HTTP, alternative transports are proposed, which, for example, allow you to bypass attempts to block Tor in China. The WebGL, WebGL2, WebAudio, Social, SpeechSynthesis, Touch, AudioContext, HTMLMediaElement, Mediastream, Canvas, SharedWorker, Permissions, MediaDevices.enumerateDevices, and screen.orientation APIs are disabled or restricted to protect against tracking user movement and highlighting visitor-specific features. and also disabled telemetry sending tools, Pocket, Reader View, HTTP Alternative-Services, MozTCPSocket, "link rel=preconnect", modified libmdns.
In the new release:
- An indicator of the presence of a site variant operating as a hidden service has been implemented, displayed in the address bar when viewing a regular web site. The first time you open a site that is also accessible via an onion address, a dialog is displayed asking you to automatically switch to an onion site whenever you open a website from now on. Accessibility information via the .onion address is passed by the site owner using the HTTP header .
- Hidden service owners who wish to restrict access to their resources can now specify a set of keys for access control and authentication. The user can store the passed access key on their system and use the Onion Services Authentication interface in "about:preferences#privacy" to manage the keys.
- Expanded security indicators in the address bar. Switched from indicating a secure connection to indicating security problems. Secure onion connections are no longer highlighted and are marked with a regular gray icon. If an insufficient level of connection protection is detected when accessing the onion service, the connection indicator is crossed out with a red line. When detected on the mixed resource load page, an additional warning is displayed in the form of an icon with an exclamation point.
- Added separate versions of the pages shown when connecting to onion services fail (previously, regular Firefox error pages were shown, the same as for websites). New pages include additional information for diagnosing the reasons for not being able to connect to a hidden service, allowing you to judge problems in the address, service, client, or network infrastructure.
- For a more visual access to onion sites, an experimental feature for binding symbolic names is provided, which solves problems with remembering and searching for onion addresses. To simplify access, together with the FPF (Freedom of the Press Foundation) and EFF (Electronic Frontier Foundation) organizations, a prototype of the name catalog was implemented based on the HTTPS Everywhere add-on. Currently, symbolic names for SecureDrop onion services are proposed for testing - theintercept.securedrop.tor.onion and lucyparsonslabs.securedrop.tor.onion.
- Updated versions of third-party components, including
NoScript 11.0.26,
Firefox 68.9.0esr
HTTPS-Everywhere 2020.5.20,
NoScript 11.0.26, Tor Launcher 0.2.21.8 and
Tor 0.4.3.5. - The Android version provides a warning about the possible work bypassing the proxy when opening external applications. Solved issues using obfs4.
Source: opennet.ru