Tor Project blog

New Release: Tails 7.7.3

2026-05-12T00:00:00Z

This release is an emergency release to fix a critical security vulnerability in the Linux kernel, as well as security vulnerabilities in Tor Browser and in the Tor client.

Changes and updates

Update the Linux kernel to 6.12.86, which fixes Dirty Frag, a vulnerability that could allow an application in Tails to gain administration privileges.

For example, if an attacker was able to exploit other unknown security vulnerabilities in an application included in Tails, they might then use Copy Fail to take full control of your Tails and deanonymize you.

We are not aware of this vulnerability being used in practice until now.
Update Tor Browser to 15.0.12.
Update the Tor client to 0.4.9.8.
Update Thunderbird to 140.10.1.

Fixed problems

For more details, read our changelog.

Get Tails 7.7.3

To upgrade your Tails USB stick and keep your Persistent Storage

Automatic upgrades are available from Tails 7.0 or later to 7.7.3.
If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails 7.7.3 on a new USB stick

Follow our installation instructions.

The Persistent Storage on the USB stick will be lost if you install instead of upgrading.

To download only

If you don't need installation or upgrade instructions, you can download Tails 7.7.3 directly:

Support and feedback

For support and feedback, visit the Support section on the Tails website.

Defending the public's right to know

2026-05-12T00:00:00Z

This post is part of a spotlight series on the organizations defending the free internet.

Internet freedom has declined for 15 consecutive years. Beyond surveillance, the erosion of privacy and anonymity, and information manipulation, governments are targeting specific sites and services, or attacking infrastructure itself, causing shutdowns and deliberate disruptions for internet users. But how do we know when the internet is censored and how?

OONI, the Open Observatory for Network Interference, born out of the Tor Project, exists to answer that question. Through free software tools and open data OONI makes censorship measurable, verifiable, and actionable. This post is about what that looks like in practice.

Protecting the public record

OONI data is the world's largest open dataset on internet censorship: billions of measurements collected across tens of thousands of networks from 245 countries and territories since 2012. OONI's data exists because people around the world run OONI Probe and contribute measurements from the networks that they are connected to. Every new measurement adds to a shared public record.

Both its scale and methodology contribute to OONI's impact. Internet censorship often works by making interference hard to see. It can make a blocked website look broken, a throttled app look unreliable, or a shutdown look like a technical failure. OONI helps expose these tactics through open measurement methodologies, peer review, expert feedback, and comparison against control measurements, so that censorship claims can be tested, challenged, and verified.

To make this dataset user-friendly, OONI launched thematic pages in OONI Explorer focusing on the areas most frequently targeted: social media and messaging apps, news media, and circumvention tools. Each page includes short reports, longer research reports, and charts with the latest OONI data.

In 2025, a dedicated "Blocking of News Media" page helped surface findings that would otherwise require sifting through billions or raw measurements: the blocking of the independent media outlet Zawia3 in Egypt, the blocking of 12 news media websites in Jordan, and the blocking of The Wire in India during the military conflict with Pakistan.

Think about when censorship events tend to happen: elections, protests, armed conflict, national exams, and periods of political unrest. The moment when access to information matters most. OONI gives affected communities a shared factual basis at those moments to make accountability possible.

How journalists and media organizations use OONI

In 2025, Meduza, one of the most prominent Russian media outlets in exile published an article introducing OONI tools and encouraging readers to use them. It's just one example how a newsroom can effectively use censorship measurement not just to report a story, but as an act of public education: helping audiences understand how network interference works, how it can be documented, and how they can contribute to that evidence base themselves.

When a news website is blocked, that's not just a technical event. It's the public losing access to reporting, communities losing access to timely information, and journalists losing access to their audiences. Documentation that can be cited and analyzed is what turns that event into something actionable.

The most concrete example of that chain in action is Kenya. OONI data served as evidence in a public-interest case challenging the unlawful disruption of internet access. The case was filed by a coalition that included BAKE, ICJ Kenya, Paradigm Initiative, the Kenya Union of Journalists, Katiba Institute, the Law Society of Kenya, and CIPESA. To support the petition before the High Court of Kenya, OONI produced a detailed research report, in the form of an expert opinion, documenting the blocking of Telegram during Kenya's 2023 and 2024 KCSE national exams.

This is a case where a journalists' union, digital rights organizations, legal advocates, and technical researchers were able to work from the same datasets to elevate internet disruption to a public-interest issue. And this case also helped set an important regional precedent: lawyers in Tanzania subsequently reached out to OONI for data to support legal efforts challenging the blocking of Twitter/X there, prompting OONI to publish a research report documenting the block.

Collective action for a collective internet

The Kenya-to-Tanzania ripple effect illustrates how internet censorship works across geographies. But also how we can fight it. A block on messaging apps isn't a standalone event. Journalists may lose access to sources. Activists may lose organizing channels. Circumvention tool developers may need to adapt. Researchers may need to verify what happened. Lawyers may need evidence. But everyone needs documentation.

OONI's open data model is built for exactly these moments. Protecting the free internet requires documenting censorship, sharing evidence, and building the collective capacity to respond.

New Release: Tor Browser 15.0.13

2026-05-08T00:00:00Z

Tor Browser 15.0.13 is now available from the Tor Browser download page and also from our distribution directory.

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full changelog

The full changelog since Tor Browser 15.0.12 is:

All Platforms
- Updated tor to 0.4.9.8
- Updated NoScript to 13.6.19.1984

New Release: Tor Browser 15.0.12

2026-05-07T00:00:00Z

Tor Browser 15.0.12 is now available from the Tor Browser download page and also from our distribution directory.

This version includes important security updates to Firefox.

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full changelog

The full changelog since Tor Browser 15.0.11 is:

All Platforms
- Updated tor to 0.4.9.7
- Bug tor-browser#44940: Rebase Tor Browser stable onto 140.10.2esr
Windows + macOS + Linux
- Updated Firefox to 140.10.2esr
- Bug tor-browser#44746: Funding the Commons Implementation (Desktop)
Android
- Updated GeckoView to 140.10.2esr
- Bug tor-browser#44747: Funding the Commons Implementation (Android)
Build System
- All Platforms
  - Bug tor-browser-build#41781: Fix clean section in rbm.local.conf.example

Arti 2.3.0 released: Logging, Relay, Directory authority, and RPC development.

2026-05-07T00:00:00Z

Arti is our ongoing project to create a next-generation Tor implementation in Rust. We're happy to announce the latest release, Arti 2.3.0.

This release bumps the minimum MacOS version supported by Arti to 10.14, up from 10.12. Despite being supported on a technical level, we do not recommend the use of MacOS versions that old, as they are no longer receiving updates from Apple and may have unpatched security issues.

This release continues our ongoing development towards using Arti as a relay and as a directory authority. It also continues development on RPC, including adding a new RPC API for inspecting tunnel paths.

Additionally, there are a couple new logging related features. Arti now supports logging to syslog when the syslog feature is enabled and the logging.syslog config option is enabled. We've also added a new logging.protocol_warnings option to log protocol violations as warnings.

Developers who use the arti-client crate should note that in the release after this one, we plan to change TorClient to be wrapped in an Arc explicitly, rather than implicitly having Arc-like semantics. Be prepared for this breaking change, and if you have any thoughts about it, please speak up in #2469.

As usual, there is also a signigicant amount of cleanup, improvements to testing, infrastructure, and documentation, and many small bugfixes.

For full details on what we've done, including API changes, and for information about many more minor and less-visible changes, please see the CHANGELOG.

For more information on using Arti, see our top-level README, and the documentation for the arti binary.

Thanks to everybody who's contributed to this release, including Andrew Kloet, hjrgrn, and moumenalaoui.

Also, our deep thanks to our sponsors for funding the development of Arti!

New Alpha Release: Tor Browser 16.0a6

2026-05-07T00:00:00Z

Tor Browser 16.0a6 is now available from the Tor Browser download page and also from our distribution directory.

This version includes important security updates to Firefox.

⚠️ Reminder: The Tor Browser Alpha release-channel is for testing only. As such, Tor Browser Alpha is not intended for general use because it is more likely to include bugs affecting usability, security, and privacy.

Moreover, Tor Browser Alphas are now based on Firefox's betas. Please read more about this important change in the Future of Tor Browser Alpha blog post.

If you are an at-risk user, require strong anonymity, or just want a reliably-working browser, please stick with the stable release channel.

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full changelog

The full changelog since Tor Browser 16.0a5 is:

All Platforms
- Updated tor to 0.4.9.7
- Updated NoScript to 13.6.18.90101984
- Updated OpenSSL to 3.5.6
- Bug tor-browser#43857: Review in-source TODOs
- Bug tor-browser#44402: Re-enable ESLint rule mozilla/no-browser-refs-in-toolkit as an error
- Bug tor-browser#44749: Check search engines parameter replacements
- Bug tor-browser#44792: Rebase alpha onto 150.0a1
- Bug tor-browser#44796: Adjust TorProviderBuilder to report the provider state to consumers
- Bug tor-browser#44828: Remove browser module references from toolkit/modules/ActorManagerParent.sys.mjs
- Bug tor-browser#44841: TorDomainIsolator proxy filter returns null on exception instead of preserving SOCKS proxy
- Bug tor-browser#44865: Block chrome:///locale/ to content
- Bug tor-browser#44868: Backport 138c33ea964b2e0a4875aadc39d8a948e0c2aace to 150 to fix Windows builds
- Bug tor-browser#44870: Remove legacy branch from gitlab templates
- Bug tor-browser#44895: Undo the patch for #44772
- Bug tor-browser-build#41775: Update list of Snowflake STUN servers in default bridge line, 2026 edition
- Bug tor-browser-build#41778: Remove base-browser from protected-branches.py
- Bug tor-browser-build#41780: Create sha256sums-unsigned-build.txt in artifacts/$platform directories
Windows + macOS + Linux
- Updated Firefox to 150.0a1
- Bug tor-browser#43824: Switch resource:// modules to use moz-src:
- Bug tor-browser#44288: New identity fails to block loading a custom home page
- Bug tor-browser#44458: Fix the "Connect" and ".onion available" button height
- Bug tor-browser#44560: Customize the flags for alternate 'Application Data' directories
- Bug tor-browser#44630: Use settings config to hide settings, rather than data-hidden-from-search or commenting out
- Bug tor-browser#44648: Unexpected changes to SearchService.sys.mjs
- Bug tor-browser#44685: Use border radius for letterboxing
- Bug tor-browser#44798: Don't load about:torconnect into iframes
- Bug tor-browser#44829: Hide the settings privacy card
- Bug tor-browser#44832: Hide the Firefox mascot in about:neterror
- Bug tor-browser#44846: about:torconnect redirect doesn't work with the new neterror page
- Bug tor-browser#44847: Drop letterboxing sidebar rounded corner logic
- Bug tor-browser#44902: Error in privacy preference initialisation due to missing dataCollectionViewProfilesMultiProfileBackupWarning
- Bug tor-browser-build#31860: Start using LTO for firefox project
Windows
- Bug tor-browser#44862: Fontvis is missing Segoe MDL2 Assets
- Bug tor-browser#44868: Backport 138c33ea964b2e0a4875aadc39d8a948e0c2aace to 150 to fix Windows builds
macOS
- Bug tor-browser#44850: Wrong path for bootstrapped tor daemon on macOS
- Bug tor-browser-build#41476: Since 13.5-legacy is not longer supported, remove tools/signing/wrappers/sign-rcodesign
Linux
- Bug tor-browser#44361: Notify Linux i686 users that they won't receive updates anymore
- Bug tor-browser#44521: Disable widget.wayland.fractional-scale.enabled
Android
- Updated GeckoView to 150.0a1
- Bug tor-browser#44615: Remove ability to "Rate/Review in Google Play" in app
- Bug tor-browser#44827: Always enable noscript for android
- Bug tor-browser#44842: Replace instances of SwitchPreference with SwitchPreferenceCompat
- Bug tor-browser#44848: Do not overwrite Android toolchains on default mozconfigs
- Bug tor-browser#44880: Fix edgeToEdge display issue presented in 150 android rebase
- Bug tor-browser#44925: Fix bootstrap screen color styling for light mode presented in one of the rebases between 140 and 150
- Bug tor-browser#44935: Remove incorrectly shown "open in app" notification dot on settings button
Build System
- All Platforms
  - Bug tor-browser-build#41591: Remove support for old mar filenames when 13.5 legacy branch is EOL
  - Bug tor-browser-build#41764: Update toolchains for Firefox 150
  - Bug tor-browser-build#41767: Add jwilde to allowed signer for browser projects
  - Bug tor-browser-build#41778: Remove base-browser from protected-branches.py
  - Bug tor-browser-build#41780: Create sha256sums-unsigned-build.txt in artifacts/$platform directories
  - Bug tor-browser-build#41786: Add comment to rbm.local.conf.example warning about potential recursive loops in tmp_dir definition
  - Bug rbm#40106: Improve error message in case of recursive definition
- Windows + macOS + Linux
  - Bug tor-browser-build#41759: Remove references to legacy release in tor-browser-build
- Windows + Linux + Android
  - Bug tor-browser-build#41770: Update Go to 1.26.x
  - Updated Go to 1.26.2
- Windows
  - Bug tor-browser#44853: Update target in mozconfig-windows-x86_64 and mozconfig-windows-i686
- macOS
  - Bug tor-browser-build#41773: Change the position of -mindepth when creating the dmg
- Linux
  - Bug tor-browser#44555: Remove mozconfig-linux-i686
- Android
  - Bug tor-browser#44848: Do not overwrite Android toolchains on default mozconfigs

3 Days of Fun with Tor

2026-05-06T00:00:00Z

After organizing a successful first community gathering last year in Denmark, we were eager to find out: Could we get another productive, community-organized meeting off the ground taking into account what we've learned so far?

Preparations

We decided to do the next community gathering organized by us at the same location we used last year: Hylkedam, in Denmark. We knew it worked well, was sufficiently cheap, and we could likely cut down the overall planning overhead given our past experience there. And, indeed, planning was minimal, reusing much of the "playbook" we developed for our first meeting last year. We spent most of our preparation time on revamping our meeting website. We have a shiny new onionized space now, including a public mailing list!

3 days of fun with Tor

We gathered on the weekend of March 13 - 15 at Hylkedam. Overall we were a little less people this time (around 12) but had, on the plus side, participants with backgrounds not being present at our first Tor community gathering: we got the research angle covered this time (with focus on anti-censorship) and had people from the Reproducible Builds project attending. The latter allowed us to think about potentially doing community gatherings together, which would make collaboration and sharing of ideas easier between our projects. Talking about research on the other hand has been very inspiring as we could see what is currently happening in the research world and help shaping particular project plans by explaining related tools and already existing projects and needs within the Tor eco system.

Apart from the new contributions we were happy as well to see that various work started at the previous gathering got picked up and pushed forward again, showing the overall commitment of our volunteers in the community. Notably, we saw further improvements to the network social graph proof of concept project and the relay operator Grafana dashboard. We also continued the discussion around consensus-transparency.

We had the usual structure during our meeting days, following the established cycle of: opening session -> structured sessions -> unstructured sessions -> closing circle, which, again, worked pretty well. Unstructured sessions included general free hacking time and room for getting ad hoc together, thinking through or working on a topic that might have come up during the more structured sessions previously or is just not ready for "prime time" yet. We think that this time without a moderator and a clear session time limit is an essential part of making the whole meeting productive, as it gives the participants the freedom to work on random things they are interested in and might get excited about.

For the structured sessions we made sure we had note takers again, so someone not being able to attend can get up to speed afterwards. We had a set of different topics again, ranging from anti-censorship related sessions to an update on upcoming changes for relay operators and a session dedicated to how the community can get organized itself, so we would have similar gatherings or an 'onion festival' in the future. Check out the session notes on our website, in case you are interested!

What's next?

We plan to have more Tor community meetings in the future. As already said: they don't have to be at Hylkedam (we'd like to see other venues as well!), nor does it have to be the same group of people sharing the organization workload. So, if you are excited about what you read in this blog post and are experiencing a serious case of FOMO or want to help organize future community gatherings, get in touch! Our mailing list[3] is a good starting point for that.

The same goes for providing feedback about this format and how we can make such events more inviting and inclusive in the future. Want to be invited, too? Let us know as well!

community

New Release: Tails 7.7.2

2026-05-04T00:00:00Z

This release is an emergency release to fix a critical security vulnerability in the Linux kernel.

Changes and updates

Update the Linux kernel to 6.12.85, which fixes Copy Fail, a vulnerability that could allow an application in Tails to gain administration privileges.

For example, if an attacker was able to exploit other unknown security vulnerabilities in an application included in Tails, they might then use Copy Fail to take full control of your Tails and deanonymize you.

We are not aware of this vulnerability being used in practice until now.

Fixed problems

For more details, read our changelog.

Get Tails 7.7.2

To upgrade your Tails USB stick and keep your Persistent Storage

Automatic upgrades are available from Tails 7.0 or later to 7.7.2.
If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails 7.7.2 on a new USB stick

Follow our installation instructions.

The Persistent Storage on the USB stick will be lost if you install instead of upgrading.

To download only

If you don't need installation or upgrade instructions, you can download Tails 7.7.2 directly:

Support and feedback

For support and feedback, visit the Support section on the Tails website.

Tor Project Statement on the Abrupt Cancellation of RightsCon 2026

2026-04-30T00:00:00Z

The Tor Project is deeply saddened by the last-minute cancellation of RightsCon 2026 in Lusaka, Zambia, and online. The right to assemble, associate, and speak freely must not be conditioned on political approval. Convenings like RightsCon are essential precisely because they create space for difficult, urgent, and necessary conversation about power, technology, rights, and accountability.

Tor's work is rooted in the belief that everyone should be able to speak freely, safely, and privately. We build tools that help people connect, communicate, organize, and seek information; especially those facing censorship, surveillance, repression, discrimination, and other forms of vulnerability. The disruption of a space dedicated to advancing these shared goals represents a serious gutpunch to the global human rights community.

While the cancellation may have been the only responsible path to prevent further harm to the community, the circumstances that made it necessary are unacceptable. This moment underscores why the fight against censorship, surveillance, and restrictions on civic participation remains urgent.

We share the deep concerns expressed by those directly affected: participants who were already traveling or preparing to travel, speakers and organizers who invested significant labor into this gathering, communities who were counting on these conversations, and local partners and small businesses who now face the consequences of a cancellation imposed over night.

We stand in solidarity with the RightsCon and Access Now teams, who have worked to protect the safety and integrity of the community under extremely difficult circumstances. We also stand firmly with local organizers, digital rights defenders, and civil society actors in Zambia and across the region, who are left to absorb the backlash of a broader and longstanding pattern of repression against civil society.

For Tor, RightsCon has been especially important because it allows us to connect directly with the people and organizations who use, teach, and share our tools with their communities. Our organization has participated in RightsCon since its first edition in 2011. Over the years, it has become a central gathering place for our broader community: a space where small open source hacker nonprofits could collaborate with more established, mainstream human rights organizations.

Tor remains committed to advancing human rights online AND offline, supporting vulnerable internet users globally, and building technologies that help people break through censorship and reclaim their right to communicate freely. We will continue to work alongside the digital rights community in solidarity.

New Release: Tails 7.7.1

2026-04-29T00:00:00Z

This release is an emergency release to fix important security vulnerabilities in Tor Browser.

Changes and updates

Update Tor Browser to 15.0.11, which fixes several vulnerabilities in Firefox 140.10.1.

We are not aware of these vulnerabilities being exploited in practice until now.

Update Thunderbird to 140.10.0.
Stop making it possible to start our ISO images from a USB stick.

Since 2019, we recommend USB images to start Tails from a USB stick, which is by far the most common way of running Tails.

We still distribute ISO images to start Tails from a DVD or in a virtual machine. Until now, these ISO images worked on USB sticks as well, but provided a degraded experience without automatic upgrades or Persistent Storage.

Our ISO images no longer work on USB sticks to save a few megabytes and prevent confusion for people who use USB sticks.

For more details, read our changelog.

Get Tails 7.7.1

To upgrade your Tails USB stick and keep your Persistent Storage

Automatic upgrades are available from Tails 7.0 or later to 7.7.1.
If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails 7.7.1 on a new USB stick

Follow our installation instructions.

The Persistent Storage on the USB stick will be lost if you install instead of upgrading.

To download only

If you don't need installation or upgrade instructions, you can download Tails 7.7.1 directly:

Support and feedback

For support and feedback, visit the Support section on the Tails website.