A significant release of the specialized browser Tor Browser 12.0 has been formed, in which the transition to the ESR branch of Firefox 102 has been made. The browser is focused on ensuring anonymity, security and privacy, all traffic is redirected only through the Tor network. It is impossible to contact directly through the regular network connection of the current system, which does not allow tracking the real IP address of the user (in the case of a browser hack, attackers can access the system network settings, so products such as Whonix should be used to completely block possible leaks). Tor Browser builds are prepared for Linux, Windows and macOS. The formation of a new version for Android is delayed.
For additional security, Tor Browser includes the HTTPS Everywhere add-on, which allows you to use traffic encryption on all sites where possible. To mitigate the threat of JavaScript attacks and plugin blocking by default, the NoScript add-on is included. To combat blocking and traffic inspection, fteproxy and obfs4proxy are used.
To organize an encrypted communication channel in environments that block any traffic other than HTTP, alternative transports are proposed, which, for example, allow you to bypass attempts to block Tor in China. The WebGL, WebGL2, WebAudio, Social, SpeechSynthesis, Touch, AudioContext, HTMLMediaElement, Mediastream, Canvas, SharedWorker, WebAudio, Permissions, MediaDevices.enumerateDevices, and screen APIs are disabled or restricted to protect against tracking user movement and highlighting visitor-specific features. orientation, as well as the means of sending telemetry, Pocket, Reader View, HTTP Alternative-Services, MozTCPSocket, "link rel=preconnect", modified libmdns.
In the new version:
- Migration to Firefox 102 ESR codebase and tor 0.4.7.12 stable branch.
- Multilingual builds provided - Previously, a separate build had to be loaded for each language, but now a universal build is provided that allows you to switch languages ββon the fly. For new installations in Tor Browser 12.0, the language corresponding to the locale set in the system will be automatically selected (the language can be changed during operation), and when moving from the 11.5.x branch, the language previously used in Tor Browser will be saved. The multilingual assembly is about 105 MB.
- In the version for the Android platform, HTTPS-Only mode is enabled by default, in which all requests made without encryption are automatically redirected to secure page variants ("http://" is replaced by "https://"). In desktop builds, a similar mode was enabled in the last major release.
- In the version for the Android platform, the βPrioritize .onion sitesβ setting has been added to the βPrivacy and Securityβ section, which provides automatic forwarding to onion sites when trying to open websites that issue an βOnion-Locationβ HTTP header indicating the presence of a site variant on the Tor network.
- Added interface translations into Albanian and Ukrainian.
- The tor-launcher component has been redesigned to launch Tor for the Tor Browser.
- Improved implementation of the letterboxing mechanism that adds padding around web page content to block identification by window size. Added the ability to disable letterboxing for trusted pages, removed single-pixel borders around full-screen videos, and fixed potential information leaks.
- After the audit, HTTP/2 Push support is enabled.
- Prevented locale leaks via the Intl API, system colors via CSS4, and blocked ports (network.security.ports.banned).
- Disabled API Presentation and Web MIDI.
- Prepared native assemblies for Apple devices with Apple Silicon chips.
Source: opennet.ru