Tor is released

Tor is the first alpha release in its series. It includes numerous small features and bugfixes against previous Tor versions, and numerous small infrastructure improvements. The most notable features are several new ways for controllers to interact with the hidden services subsystem.

You can download the source from the usual place on the website. Packages should be up in a few days.

NOTE: This is an alpha release. Please expect bugs.

Changes in version - 2015-05-12
  • New system requirements:
    • Tor no longer includes workarounds to support Libevent versions before 1.3e. Libevent 2.0 or later is recommended. Closes ticket 15248.
  • Major features (controller):
    • Add the ADD_ONION and DEL_ONION commands that allow the creation and management of hidden services via the controller. Closes ticket 6411.
    • New "GETINFO onions/current" and "GETINFO onions/detached" commands to get information about hidden services created via the controller. Part of ticket 6411.
    • New HSFETCH command to launch a request for a hidden service descriptor. Closes ticket 14847.
    • New HSPOST command to upload a hidden service descriptor. Closes ticket 3523. Patch by "DonnchaC".

  read more »

Tor Cloud Service Ending; Many Ways Remain to Help Users Access an Uncensored Internet

As of May 8, 2015, the Tor Cloud project has been discontinued.

The Tor Cloud project gave people a user-friendly way of deploying bridges on the Amazon EC2 cloud computing platform to help users access an uncensored Internet. By setting up a bridge, they would donate bandwidth to the Tor network and help improve the safety and speed at which users can access the Internet.

The main reason for discontinuing Tor Cloud is the fact that software requires maintenance, and Tor Cloud is no exception. There is at least one major bug in the Tor Cloud image that makes it completely dysfunctional (meaning that users could not use this particular service to access the Internet), and there are over a dozen other bugs, at least one of them of highest priority. Probably as a result of these bugs, the number of Tor Cloud bridges has steadily declined since early 2014.

We have tried to find a new maintainer for Tor Cloud for months, but without success. There have been offers to send us patches, but we couldn't find a Tor person to review and approve them. We encourage everyone who stepped up to start their own cloud bridges project under another name ("Onion Cloud"?), possibly forking the existing Tor Cloud code that will remain available. Tor Cloud is still a good idea, it just needs somebody to implement it.

Or maybe this is a good opportunity for the community to further look into other approaches for providing an easy-to-deploy bridge or relay, like Ansible Tor or cirrus.

If people still want to help users access an uncensored Internet, there remain plenty of ways to help. For example, it's still possible to spin up an instance on Amazon EC2 or any other cloud computing platform and install a Tor bridge manually. Or people can donate to organizations that run Tor relays and bridges like or their partner organizations.

Note that discontinuing the Tor Cloud project has no effect on existing Tor Cloud instances. Whenever one of those instances was started, a template of the operating system and settings was copied, and removing the template has no effect on the copies.

Sorry for any inconvenience caused by this.

Sue Gardner and the Tor strategy project

Sue Gardner, the former executive director of the Wikimedia Foundation, has been advising Tor informally for several months. She attended Tor's most recent in-person meeting in Valencia in early March and facilitated several sessions. Starting today, and for about the next year, Sue will be working with us to help The Tor Project develop a long-term organizational strategy. The purpose of this strategy project is to work together, all of us, to develop a plan for making Tor as effective and sustainable as it can be.

Sue is a great fit for this project. In addition to being the former executive director of Wikimedia, she has been active in FLOSS communities since 2007. She's an advisor or board member with many organizations that do work related to technology and freedom, including the Wikimedia Foundation, the Sunlight Foundation, the Committee to Protect Journalists, and Global Voices. She has lots of experience developing organizational strategy, growing small organizations, raising money, handling the media, and working with distributed communities. She's a proud recipient of the Nyan Cat Medal of Internet Awesomeness for Defending Internet Freedom, and was recently given the Cultural Humanist of the year award by the Harvard Humanist Association.

We aim for this project to be inclusive and collaborative. Sue's not going to be making up a strategy for Tor herself: the idea is that she will facilitate the development of strategy, in consultation with the Tor community and Tor stakeholders (all the other people who care about Tor), as much as possible in public, probably on our wikis.

Sue's funding for this project will come via First Look Media, which also means this is a great opportunity to strengthen our connections to our friends at this non-profit organization. (You may know of them because of The Intercept.)

As she does the work, she'll be asking for participation from members of the Tor community. Please help her as much as you can.

I'm excited that we're moving forward with this project. We welcome Sue as we all work together to make security, privacy, and anonymity possible for everyone.

Tor Weekly News — May 6th, 2015

Welcome to the eighteenth issue in 2015 of Tor Weekly News, the weekly newsletter that covers what’s happening in the Tor community.

Tor Project, Inc. appoints Interim Executive Director

Following the departure of the Tor Project, Inc.’s Executive Director, Andrew Lewman, the board of directors has appointed Roger Dingledine as Interim Executive Director, and Nick Mathewson as Interim Deputy Executive Director, until long-term candidates for these roles are found. Roger and Nick are both co-founders and lead developers of Tor, and need no introduction here — but you can watch Roger’s conversation with the National Science Foundation and (if you read Spanish) take a look at Nick’s recent interview with El País to learn a bit more about who they are and what inspires them to work on Tor.

Monthly status reports for April 2015

The wave of regular monthly reports from Tor project members for the month of April has begun. George Kadianakis released his report first (offering updates on onion service research), followed by reports from Yawning Angel (reporting on pluggable transport research and core Tor hacking), Sherief Alaa (on support work, documentation rewrites, and testing), David Goulet (on onion service and core Tor development), Nick Mathewson (on core Tor development and organizational work), Leiah Jansen (on graphic design and branding), Pearl Crescent (on Tor Browser and Tor Launcher development and testing), Jacob Appelbaum (on advocacy and outreach), Griffin Boyce (on security research and Satori/Cupcake development), Damian Johnson (on Stem development and coordinating Tor Summer of Privacy), Georg Koppen (on Tor Browser Development and build system research), Juha Nurmi (on development and Tor outreach), and Israel Leiva (on the GetTor project).

Mike Perry reported on behalf of the Tor Browser team, giving details of the 4.5 release process, significant security enhancements, and work to ensure that the wider Internet community takes the Tor network into account when developing standards and protocols.

Miscellaneous news

Isis Lovecruft announced the release and deployment of version 0.3.2 of BridgeDB, the software that handles bridge address collection and distribution for the Tor network. Notable changes include the setting of obfs4 as the default pluggable transport served to users, better handling of clients from the same IPv6 address block, and the exclusion of broken bridge lines from the database.

Tom Ritter shared a slide deck offering “a 100-foot overview on Tor”: “Before I post it on twitter or a blog, I wanted to send it around semi-publicly to collect any feedback people think is useful.”

Moritz Bartl announced the Tor-BSD Diversity Project, which aims to mitigate the risks that the “overwhelming GNU/Linux monoculture” among Tor relay operators might pose to the security of the Tor network: “In a global anonymity network, monocultures are potentially disastrous. A single kernel vulnerability in GNU/Linux that impacting Tor relays could be devastating. We want to see a stronger Tor network, and we believe one critical ingredient for that is operating system diversity.”

David Fifield published the regular summary of costs incurred by the infrastructure for meek in April, detailing a large increase in simultaneous users over the last month (from 2000 to 5000), and the possible effects of a larger meek userbase on the Tor Metrics portal’s bridge user graphs.

John Brooks suggested that, when the “next-generation onion services” proposal is implemented, there will no longer be any reason to use both introduction points and hidden service directories when establishing connections between Tor clients and onion services. Calculating introduction points in the same way that HSDirs would be selected may have “substantial” benefits: “Services touch fewer relays and don’t need to periodically post descriptors. Client connections are much faster. The set of relays that can observe popularity is reduced. It’s more difficult to become the IP of a targeted service.” See John’s proposal for a detailed explanation, and feel free to send your comments to the tor-dev mailing list.

This issue of Tor Weekly News has been assembled by Harmony, Roger Dingledine, and Karsten Loesing.

Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved!

Interview with Tor Summer of Privacy Student Donncha O'Cearbhaill

Donncha O'Cearbhaill is one of Tor's new Summer of Privacy students. We asked him about his plans for the summer.

1. Why are you interested in working on Free software?

I'm delighted to be able to contribute back to the Free software community which has provided me with so many of the tools and systems I use daily. It's reassuring to know that any software that I write for the Tor Project will always be available for people to use, modify, and redistribute.

2. Describe your project to a lay reader--How will it work, and who will it help?

Most large web services distribute the requests to their sites across multiple servers so as to better handle the load from their users. However, at present, Tor onion (hidden) services are limited to routing all their traffic via Tor running on a single server. This is becoming a bottleneck for popular hidden services and is causing difficulty in growing to more users.

My project aims to implement a tool that will allow onion service operators to distribute connections to their services across multiple back-end servers. For users, I hope this will allow their favourite services to become faster and more reliable.

As a bonus, the project should allow operators to further increase the security of the services by allowing private keys to be stored away from the computer hosting their actual onion service / website.

3. What do you hope to get out of the Tor Summer of Privacy?

I've really enjoyed my interactions with the Tor community over the past few months. Over the summer, I hope to provide something of value and give back to the community. As I don't have a formal computer science background, I'm also looking forward to working with my mentors to improve the standard of my software design and development and generally gain more experience.

4. Who are your heroes--if you have any--in internet freedom software?

The work of many people in the Internet freedom community inspires me. I'm particular grateful to people such as Edward Snowden, Julian Assange, and Jeremy Hammond who have made massive sacrifices to try to bring light to the expanding surveillance state.

I'm inspired by the free software developers and advocates everywhere who continue trying to doing something about it.

5. Where do you go to school and what are you studying?

I'm just finishing my degree in Medicinal Chemistry in Trinity College, Dublin, Ireland. My exams run over the next few weeks and after that I'm looking forward to hacking on some code rather than molecules.

6. Anything else you'd like to say?

I'd like to thank the Tor Project for accepting me into Summer of Privacy program, and thank all in the Tor community for being so welcoming to me so far.

Roger Dingledine Becomes Interim Executive Director of the Tor Project

Tor Project co-founder Roger Dingledine has been appointed Interim Executive Director of the organization by Tor's Board of Directors. He replaces Andrew Lewman, who is leaving the Tor Project to take a position at an Internet services company. Roger will continue in this role until a permanent replacement has been found. During this period, Tor Project co-founder Nick Mathewson will take on the role of Interim Deputy Executive Director.

Tor Weekly News — April 29th, 2015

Welcome to the seventeenth issue in 2015 of Tor Weekly News, the weekly newsletter that covers what’s happening in the Tor community.

Tor Browser 4.5 is out

Mike Perry announced the first stable release in Tor Browser’s 4.5 series. This version includes numerous major new features and updates, and represents a significant advance in user-friendly security technology.

The most visible new features have been covered in previous issues of Tor Weekly News. Tor Browser’s onion menu has been reorganized for ease of use, and now includes a diagram showing the locations and IP addresses of the relays that make up the Tor circuit used to access a website — one of the features most missed from the now-defunct Vidalia controller. The “security slider”, accessible in the onion menu’s “Privacy and Security Settings”, can be set at one of four levels depending on a user’s needs, disabling browser features which may give adversaries an opportunity to attack, at the cost of making some web pages less usable.

Tor Browser’s “first-party isolation” feature has been expanded: when you visit a website, all requests for the content on that domain name (including third-party elements like advertising beacons, analytics trackers, and content delivery networks) will be made over the same Tor circuit, and each domain name is restricted to its own Tor circuit, which is maintained for as long as the site is in active use. This makes an adversary’s tracking of a Tor user’s activity across different sites even harder than it was already, while ensuring that the usability of websites is not affected by sudden changes of exit relay.

For full explanations of these and other features — including better desktop integration, a new search provider, improvements to the software signature process, and more — please see the team’s announcement. Users of what was the 4.5-alpha series will be prompted to update automatically by their Tor Browser, while users of the stable 4.0.8 will receive the same prompt in about a week’s time, “because [the] changes are significant”. And if you don’t already have a working copy of Tor Browser, head to the download page to get started. Congratulations to the Tor Browser team on reaching this milestone!

Miscellaneous news

Karsten Loesing announced that the onionoo-announce mailing list will be shut down in favor of posting announcements about major Onionoo protocol updates to the tor-dev mailing list, “because each Tor mailing list makes it more difficult for new contributors to decide which of them to subscribe to”. If these announcements are relevant to your work, please be sure to subscribe to tor-dev — you can set your mail client to filter for the keyword “Onionoo” if you’d rather not receive other Tor development-related messages.

Also in Onionoo news, Thomas White announced that his mirror of the service is now also available at an onion address.

Lucas Erlacher announced version 0.3.0 of OnionPy, “a pure-python Onionoo request wrapper that supports transparent caching”. The new release respects Onionoo’s “version” field in query responses.

This issue of Tor Weekly News has been assembled by Harmony.

Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved!

Tor Browser 4.5 is released

The Tor Browser Team is proud to announce the first stable release in the 4.5 series. This release is available from the Tor Browser Project page and also from our distribution directory.

The 4.5 series provides significant usability, security, and privacy enhancements over the 4.0 series. Because these changes are significant, we will be delaying the automatic update of 4.0 users to the 4.5 series for one week.

Usability Improvements

On the usability front, we've improved the application launch experience for both Windows and Linux users. During install, Windows users are now given the choice to add Tor Browser to the Start Menu/Applications view, which should make it easier to find and launch. This choice is on by default, but can be disabled, and only affects the creation of shortcuts - the actual Tor Browser is still self-contained as a portable app folder. On the Linux side, users now start Tor Browser through a new wrapper that enables launching from the File Manager, the Desktop, or the Applications menu. The same wrapper can also be used from the command line.

We've also simplified the Tor menu (the green onion) and the associated configuration windows. The menu now provides information about the current Tor Circuit in use for a page, and also provides an option to request a new Tor Circuit for a site. Tor Browser is also much better at handling Tor Circuits in general: while a site remains in active use, all associated requests will continue to be performed over the same Tor Circuit. This means that sites should no longer suddenly change languages, behaviors, or log you out while you are using them.

Figure 1: The new Tor Onion Menu

Security Improvements

On the security front, the most exciting news is the new Security Slider. The Security Slider provides user-friendly vulnerability surface reduction - as the security level is increased, browser features that were shown to have a high historical vulnerability count in the iSec Partners hardening study are progressively disabled. This feature is available from the Tor onion menu's "Privacy and Security Settings" choice.

Figure 2: The new Security Slider

Our Windows packages are now signed with a hardware signing token graciously donated by DigiCert. This means that Windows users should no longer be prompted about Tor Browser coming from an unknown source. Additionally, our automatic updates are now individually signed with an offline signing key. In both cases, these signatures can be reproducibly removed, so that builders can continue to verify that the packages they produce match the official build binaries.

The 4.5 series also features a rewrite of the obfs2, obfs3, and ScrambleSuit transports in GoLang, as well as the introduction of the new obfs4 transport. The obfs4 transport provides additional DPI and probing resistance features which prevent automated scanning for Tor bridges. As long as they are not discovered via other mechanisms, fresh obfs4 bridge addresses will work in China today. Additionally, barring new attacks, private obfs4 addresses should continue to work indefinitely.

Privacy Improvements

On the privacy front, the 4.5 series improves on our pre-existing first party isolation implementation to prevent third party tracking. First party isolation provides the property that third party advertisements, like buttons, and "mashup" content that is included on one site will only know about your activity on that site, and will not be able to match it to your activity while you are on any other site. In other words, with first party isolation, Facebook, Twitter, and Google+ can't track you around the entire web using their infamous like buttons.

Specifically, in the 4.5 release, we now ensure that blob: URIs are scoped to the URL bar domain that created them, and the SharedWorker API has been disabled to prevent cross-site and third party communication. We also now make full use of Tor's circuit isolation to ensure that all requests for any third party content included by a site travel down the same Tor Circuit. This isolation also ensures that requests to the same third party site actually use separate Tor Circuits when the URL bar domain is different. This request isolation is enforced even when long-lived "HTTP Keep-Alive" connections are used.

We have also improved our resolution and locale fingerprinting defenses, and we now disable the device sensor and video statistics APIs.

New Search Provider

Our default search provider has also been changed to Disconnect. Disconnect provides private Google search results to Tor users without Captchas or bans.

Full Changelogs

Here is the complete list of changes in the 4.5 series since 4.0:

  • All Platforms
    • Update Tor to with additional patches:
      • Bug 15482: Reset timestamp_dirty each time a SOCKSAuth circuit is used
    • Update NoScript to
    • Update HTTPS-Everywhere to 5.0.3
      • Bug 15689: Resume building HTTPS-Everywhere from git tags
    • Update meek to 0.17
    • Include obfs4proxy 0.0.5
      • Use obfs4proxy for obfs2, obfs3, obfs4, and ScrambleSuit bridges
    • Pluggable Transport Dependency Updates:
      • Bug 15265: Switch repo to
      • Bug 15448: Use golang 1.4.2 for meek and obs4proxy
    • Update Tor Launcher to Changes since in 4.0.8:
      • Bug 11879: Stop bootstrap if Cancel or Open Settings is clicked
      • Bug 13271: Display Bridge Configuration wizard pane before Proxy pane
      • Bug 13576: Don't strip "bridge" from the middle of bridge lines
      • Bug 13983: Directory search path fix for Tor Messanger+TorBirdy
      • Bug 14122: Hide logo if TOR_HIDE_BROWSER_LOGO set
      • Bug 14336: Fix navigation button display issues on some wizard panes
      • Bug 15657: Display the host:port of any connection faiures in bootstrap
      • Bug 15704: Do not enable network if wizard is opened
    • Update Torbutton to Changes since in 4.0.8:
      • Bug 3455: Use SOCKS user+pass to isolate all requests from the same url domain
      • Bug 5698: Use "Tor Browser" branding in "About Tor Browser" dialog
      • Bug 7255: Warn users about maximizing windows
      • Bug 8400: Prompt for restart if disk records are enabled/disabled.
      • Bug 8641: Create browser UI to indicate current tab's Tor circuit IPs
        • (Many Circuit UI issues were fixed during 4.5; see release changelogs for those).
      • Bug 9387: Security Slider 1.0
        • Include descriptions and tooltip hints for security levels
        • Notify users that the security slider exists
        • Make use of new SVG, jar, and MathML prefs
      • Bug 9442: Add New Circuit button to Torbutton menu
      • Bug 9906: Warn users before closing all windows and performing new identity.
      • Bug 10216: Add a pref to disable the local tor control port test
      • Bug 10280: Strings and pref for preventing plugin initialization.
      • Bug 11175: Remove "About Torbutton" from onion menu.
      • Bug 11236: Don't set omnibox order in Torbutton (to prevent translation)
      • Bug 11449: Fix new identity error if NoScript is not enabled
      • Bug 13019: Change locale spoofing pref to boolean
      • Bug 13079: Option to skip control port verification
      • Bug 13406: Stop directing users to download-easy.html.en on update
      • Bug 13650: Clip initial window height to 1000px
      • Bugs 13751+13900: Remove SafeCache cache isolation code in favor of C++ patch
      • Bug 13766: Set a 10 minute circuit lifespan for non-content requests
      • Bug 13835: Option to change default Tor Browser homepage
      • Bug 13998: Handle changes in NoScript
      • Bug 14100: Option to hide NetworkSettings menuitem
      • Bug 14392: Don't steal input focus in about:tor search box
      • Bug 14429: Provide automatic window resizing, but disable for now
      • Bug 14448: Restore Torbutton menu operation on non-English localizations
      • Bug 14490: Use Disconnect search in about:tor search box
      • Bug 14630: Hide Torbutton's proxy settings tab.
      • Bug 14631: Improve profile access error msgs (strings for translation).
      • Bugs 14632+15334: Display Cookie Protections only if disk records are enabled
      • Bug 15085: Fix about:tor RTL text alignment problems
      • Bug 15460: Ensure FTP urls use content-window circuit isolation
      • Bug 15502: Wipe blob: URIs on New Identity
      • Bug 15533: Restore default security level when restoring defaults
      • Bug 15562: Bind SharedWorkers to thirdparty pref
    • Bug 3455: Patch Firefox SOCKS and proxy filters to allow user+pass isolation
    • Bug 4100: Raise HTTP Keep-Alive back to 115 second default
    • Bug 5698: Fix branding in "About Torbrowser" window
    • Bug 10280: Don't load any plugins into the address space by default
    • Bug 11236: Fix omnibox order for non-English builds
      • Also remove Amazon, eBay and bing; add Youtube and Twitter
    • Bug 11955: Backport HTTPS Certificate Pinning patches from Firefox 32
    • Bug 12430: Provide a preference to disable remote jar: urls
    • Bugs 12827+15794: Create preference to disable SVG images (for security slider)
    • Bug 13019: Prevent Javascript from leaking system locale
    • Bug 13379: Sign our MAR update files
    • Bug 13439: No canvas prompt for content callers
    • Bug 13548: Create preference to disable MathML (for security slider)
    • Bug 13586: Make meek use TLS session tickets (to look like stock Firefox).
    • Bug 13684: Backport Mozilla bug #1066190 (pinning issue fixed in Firefox 33)
    • Bug 13788: Fix broken meek in 4.5-alpha series
    • Bug 13875: Spoof window.devicePixelRatio to avoid DPI fingerprinting
    • Bug 13900: Remove 3rd party HTTP auth tokens via Firefox patch
    • Bug 14392: Make about:tor hide itself from the URL bar
    • Bug 14490: Make Disconnect the default omnibox search engine
    • Bug 14631: Improve startup error messages for filesystem permissions issues
    • Bugs 14716+13254: Fix issues with HTTP Auth usage and TLS connection info display
    • Bug 14937: Hard-code meek and flashproxy node fingerprints
    • Bug 15029: Don't prompt to include missing plugins
    • Bug 15406: Only include addons in incremental updates if they actually update
    • Bug 15411: Remove old (and unused) cacheDomain cache isolation mechanism
    • Bug 15502: Isolate blob: URI scope to URL domain; block WebWorker access
    • Bug 15562: Disable Javascript SharedWorkers due to third party tracking
    • Bug 15757: Disable Mozilla video statistics API extensions
    • Bug 15758: Disable Device Sensor APIs
  • Linux
    • Bug 12468: Only print/write log messages if launched with --debug
    • Bug 13375: Create a hybrid GUI/desktop/shell launcher wrapper
    • Bug 13717: Make sure we use the bash shell on Linux
    • Bug 15672: Provide desktop app registration+unregistration for Linux
    • Bug 15747: Improve start-tor-browser argument handling
  • Windows
    • Bug 3861: Begin signing Tor Browser for Windows the Windows way
    • Bug 10761: Fix instances of shutdown crashes
    • Bug 13169: Don't use /dev/random on Windows for SSP
    • Bug 14688: Create shortcuts to desktop and start menu by default (optional)
    • Bug 15201: Disable 'runas Administrator' codepaths in updater
    • Bug 15539: Make installer exe signatures reproducibly removable
  • Mac
    • Bug 10138: Switch to 64bit builds for MacOS

Here is the list of changes since the last 4.5 alpha (4.5a5):

  • All Platforms
    • Update Tor to with additional patches:
      • Bug 15482: Reset timestamp_dirty each time a SOCKSAuth circuit is used
    • Update NoScript to
    • Update HTTPS-Everywhere to 5.0.3
      • Bug 15689: Resume building HTTPS-Everywhere from git tags
    • Update meek to 0.17
    • Update obfs4proxy to 0.0.5
    • Update Tor Launcher to
      • Bug 15704: Do not enable network if wizard is opened
      • Bug 11879: Stop bootstrap if Cancel or Open Settings is clicked
      • Bug 13576: Don't strip "bridge" from the middle of bridge lines
      • Bug 15657: Display the host:port of any connection faiures in bootstrap
    • Update Torbutton to
      • Bug 15562: Bind SharedWorkers to thirdparty pref
      • Bug 15533: Restore default security level when restoring defaults
      • Bug 15510: Close Tor Circuit UI control port connections on New Identity
      • Bug 15472: Make node text black in circuit status UI
      • Bug 15502: Wipe blob URIs on New Identity
      • Bug 15795: Some security slider prefs do not trigger custom checkbox
      • Bug 14429: Disable automatic window resizing for now
    • Bug 4100: Raise HTTP Keep-Alive back to 115 second default
    • Bug 13875: Spoof window.devicePixelRatio to avoid DPI fingerprinting
    • Bug 15411: Remove old (and unused) cacheDomain cache isolation mechanism
    • Bugs 14716+13254: Fix issues with HTTP Auth usage and TLS connection info display
    • Bug 15502: Isolate blob URI scope to URL domain; block WebWorker access
    • Bug 15794: Crash on some pages with SVG images if SVG is disabled
    • Bug 15562: Disable Javascript SharedWorkers due to third party tracking
    • Bug 15757: Disable Mozilla video statistics API extensions
    • Bug 15758: Disable Device Sensor APIs
  • Linux
    • Bug 15747: Improve start-tor-browser argument handling
    • Bug 15672: Provide desktop app registration+unregistration for Linux
  • Windows
    • Bug 15539: Make installer exe signatures reproducibly removable
    • Bug 10761: Fix instances of shutdown crashes

Post update 4/28/2015: Provide screenshots of the Tor Onion menu and Security Slider.
Post update 4/28/2015: Add section headers.

Syndicate content