Sun. Jun 7th, 2020

Tor Browser 9.5 & 10.0a1 released: important security updates to Firefox

3 min read

Why do you use Tor?

Protect their privacy from unscrupulous marketers and identity thieves.

Internet Service Providers (ISPs) sell your Internet browsing records to marketers or anyone else willing to pay for it. ISPs typically say that they anonymize the data by not providing personally identifiable information, but this has proven incorrect. A full record of every site you visit, the text of every search you perform, and potentially userid and even password information can still be part of this data. In addition to your ISP, the websites (and search engines) you visit have their own logs, containing the same or more information.

Protect their communications from irresponsible corporations.

All over the Internet, Tor is being recommended to people newly concerned about their privacy in the face of increasing breaches and betrayals of private data. From lost backup tapes to giving away the data to researchers, your data is often not well protected by those you are supposed to trust to keep it safe.

Protect their children online.

You’ve told your kids they shouldn’t share personally identifying information online, but they may be sharing their location simply by not concealing their IP address. Increasingly, IP addresses can be literally mapped to a city or even street location and can reveal other information about how you are connecting to the Internet. In the United States, the government is pushing to make this mapping increasingly precise.

Research sensitive topics

There’s a wealth of information available online. But perhaps in your country, access to information on AIDS, birth control, Tibetan culture, or world religions is behind a national firewall.

Skirt surveillance

Even harmless web browsing can sometimes raise red flags for suspicious observers. Using Tor protects your privacy by making it extremely difficult for an observer to correlate the sites you visit with your physical-world identity.

Circumvent censorship

If you live in a country that has ever blocked Facebook or Youtube, you might need to use Tor to get basic internet functionality.

Tor Browser 9.5 & 10.0a1 have been released.

Changelog

v9.5 

The full changelog since Tor Browser 9.0.10 is:

  • All Platforms
    • Bump NoScript to 11.0.26
    • Update Firefox to 68.9.0esr
    • Update HTTPS-Everywhere to 2020.5.20
    • Update NoScript to 11.0.26
    • Update Tor to 0.4.3.5
    • Translations update
    • Bug 21549: Disable wasm for now until it is properly audited
    • Bug 27268: Preferences clean-up in Torbutton code
    • Bug 28745: Remove torbutton.js unused code
    • Bug 28746: Remove torbutton isolation and fp prefs sync
    • Bug 30237: Control port module improvements for v3 client authentication
    • Bug 30786: Add th locale
    • Bug 30787: Add lt locale
    • Bug 30788: Add ms locale
    • Bug 30851: Move default preferences to 000-tor-browser.js
    • Bug 30888: move torbutton_util.js to modules/utils.js
    • Bug 31134: Govern graphite again by security settings
    • Bug 31395: Remove inline script in aboutTor.xhtml
    • Bug 31499: Update libevent to 2.1.11-stable
      • Bug 33877: Disable Samples and Regression tests For Libevent Build
    • Bug 31573: Catch SessionStore.jsm exception
    • Bug 32318: Backport Mozilla’s fix for bug 1534339
    • Bug 32414: Make Services.search.addEngine obey FPI
    • Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT
    • Bug 32618: Backport fixes from Mozilla bugs 1467970 and 1590526
    • Bug 33342: Avoid disconnect search addon error after removal
    • Bug 33726: Fix patch for #23247: Communicating security expectations for .onion
    • Bug 34157: Backport fix for Mozilla Bug 1511941
  • Windows + OS X + Linux
    • Update Tor Launcher to 0.2.21.8
      • Translations update
      • Bug 19757: Support on-disk storage of v3 client auth keys
      • Bug 30237: Add v3 onion services client authentication prompt
      • Bug 30786: Add th locale
      • Bug 30787: Add lt locale
      • Bug 30788: Add ms locale
      • Bug 33514: non-en-US Tor Browser 9.5a6 won’t start up
  • More

Download

v10.0a1

The full changelog since Tor Browser 9.5a13 is:

  • All Platforms
    • Update Firefox to 68.9.0esr
    • Update HTTPS-Everywhere to 2020.5.20
    • Translations update
  • Windows + OS X + Linux
    • Update Tor Launcher to 0.2.21.8
      • Translations update
    • Bug 34321: Add Learn More onboarding item
    • Bug 34347: The Tor Network part on the onboarding is not new anymore
    • Bug 33168: Setup new Authenticode certificate
  • Linux
    • Bug 34315: Avoid reading policies from /etc/firefox on Linux
  • Android
    • Bug 30318: Integrate snowflake into mobile Tor Browser
    • Bug 34219: Enable ZSTD support properly for Android
  • Build System
    • Windows
      • Bug 31128: Move Windows containers to Debian 10
    • Mac OS X
      • Bug 31129: Move macOS containers to Debian 10
    • Android
      • Bug 28672: Android reproducible build of Snowflake

Download