New Release: Tor Browser 9.5a1
Note: this is an alpha release, an experimental version for users who want to help us test new features. For everyone else, we recommend downloading the latest stable release instead.
This release features important security updates.
Tor Browser 9.5a1 is the first release in the 9.5 alpha series. It contains all the improvements and fixes from the 9.0 release as well as other new features: We enabled WASM on the standard security level, fixed circuit display for bridges without a fingerprint, and we re-enabled jemalloc for Windows users.
The full changelog since Tor Browser 9.0a8 is:
- All Platforms
- Windows + OS X + Linux
- Update Tor Launcher to 0.2.20.1
- Bug 32125: Fix circuit display for bridge without a fingerprint
- Bug 32076: Upgrade to goptlib v1.1.0
- Bug 32061: Bump snowflake version to b4f4b29a03
- Bug 32092: Fix Tor Browser Support link in preferences
- Bug 32111: Fixed issue parsing user-provided bridge strings
- Bug 31749: Fix security level panel spawning events
- Bug 31920: Fix Security Level panel when its toolbar button moves to overflow
- Bug 31748+31961: Fix 'Learn More' links in Security Level preferences and panel
- Translations update
- Build System
Thanks for your great work!
What is the status of allowing/disallowing on a webpage the scripts from the linked domains individually?
Currently, when NoScript is not visible, to make a site work, one has to lower the total security for all scripts together (via "3 safety levels"). If I understand correctly, this allows all scripts, even the 3rd party trackers.
I remember earlier this year it was said in this blog that the individual-domain script controls were to return after the new Firefox ESR is ported into TorBrowser.
Is it still planned?
If not, is there a different recommended way to enable only the good scripts on a page, while keeping the trackers disabled?
Yes, it is still planned to have per-site security settings support, and this feature is on our roadmap for the next two months. This is the ticket:
Until this is available, I think the only way to do it is to add back noscript to the toolbar (which you can do by selecting Customize in the hamburger menu).