A significant release of a specialized browser Tor Browser 13.0, which utilizes the ESR-lighting Firefox 115, has been announced. The main focus of this browser is to ensure anonymity, safety, and privacy by redirecting all traffic exclusively through the Tor network. This prevents direct contact through the standard network connection, making it impossible for the user’s real IP address to be exposed. However, it is important to use additional security measures, such as Whonix, to completely block any potential leaks in case the browser is compromised. The new Tor Browser release is available for Linux, Android, Windows, and MacOS.
In order to provide additional protection, the “HTTPS Only” setting has been included in Tor Browser. This setting enables traffic encryption on all websites where it is possible. Furthermore, to mitigate the risk of attacks using JavaScript and blocking plugins, an extension called noscript has been added. To address blocking and traffic inspecting, the browser also includes fteproxy and OBFS4Proxy.
In order to establish an encrypted communication channel that can bypass attempts to block Tor in countries like China, alternative transports are provided. These transports allow for the encryption of any traffic except HTTP. Additionally, to protect against user tracking and the identification of specific features for individual visitors, various means have been implemented. These include disabling APIs such as WebGL, WebGL2, WebAudio, Social, SpeechSynthesis, Touch, Audiocontext, Mediastream, Canvas, Canvastext, Sharedworker, Webaudio, Permissions, Mediadevices.enumeratedevices, and Screen. Orientation. Telemetry, Pocket, Reader View, Http Alternate-Services, MoztCpSocket, Link REL = PRECONNECT, and modified LIBMDNS are also addressed to enhance user privacy.
The new version of Tor Browser includes:
- Transition to code Firefox 115 ESR and the stable branch Tor 0.4.8.7.
- An audit of changes has been performed since the introduction of ESR-tests Firefox 102. Patches that were deemed unsafe or compromised user confidentiality have been disabled.
- Strying-to-double transformation