New Alpha Release: Tor Browser 12.0a4 (Android, Windows, macOS, Linux)

Tor Browser 12.0a4 is now available from the Tor Browser download page and also from our distribution directory.

Tor Browser 12.0a4 updates Firefox on Android, Windows, macOS, and Linux to 102.4.0esr.

This version includes important security updates to Firefox and GeckoView. There were no Android-specific security updates to backport from the Firefox 106 release.

What's new?

Tor Browser 12.0a4 includes a number of changes that require testing and feedback:

Multi-locale bundles (Desktop)

This is the first multi-locale release of Tor Browser Alpha for desktop. All supported languages are now included in a single bundle, and can be changed without requiring additional downloads via the Language menu in General settings.

What to test: Tor Browser Alpha should default to your system language on first launch if it matches a language we support. Alpha testers are also encouraged to test changing language within about:preferences#general, and to report any new bugs with localization in general.

tor-launcher migration (Desktop)

Parts of the code that power tor-launcher – which starts tor within Tor Browser – have been refactored. Although this work doesn't include any changes to the user experience, those who run non-standard Tor Browser setups are encouraged to test 12.0a4 on their systems.

What to test: Alpha testers who run non-standard Tor Browser setups (including, but not limited to, those who use system tor in conjunction with Tor Browser) should test starting and connecting to Tor, and report any unexpected error messages they encounter. All of the previously supported environment variables should still behave the same way as in the stable series.

Onion Auth fixes (Desktop)

12.0a4 includes two fixes to Onion Service client authorization:

1. A fix to the auth window itself, which was broken in Alpha due to a regression caused by the esr102 transition: tor-browser#41344
2. Another fix to a longstanding issue with Onion Auth failing on subdomains, which has also been backported to 11.5.5: tor-browser#40465

What to test: Accessing client authorized Onion Services on both top-level and subdomains.

Always prioritize .onion sites (Android)

Android users can now enable automatic Onion-Location redirects by switching "Prioritize .onion sites" within Privacy and Security settings.

What to test: Enable "Prioritize .onion sites" within settings, visit a website that supports Onion-Location, and verify that you were redirected to the website's .onion address.

Unified Español locale (Desktop and Android)

Previous versions of Tor Browser Alpha were available in both "es" and "es-AR" (Español Argentina) locales. In Tor Browser 12.0a4 these have been unified into a single Spanish locale instead.

What to test: Alpha testers who use the "es-AR" locale should be automatically switched to "es-ES" after updating.

The full changelog since Tor Browser 12.0a3 is:

• All Plaforms
  • Update Translations
  • Bug tor-browser#24686: In Tor Browser context, should network.http.tailing.enabled be set to false?
  • Bug tor-browser#27127: Audit and enable HTTP/2 push
  • Bug tor-browser#40057: ensure that CSS4 system colors are not a fingerprinting vector
  • Bug tor-browser#40058: ensure no locale leaks from new Intl APIs
  • Bug tor-browser#40251: Clear obsolete prefs after torbutton!27
  • Bug tor-browser#40406: Remove Presentation API related prefs
  • Bug tor-browser#40465: Onion Authentication fails when connecting to a subdomain
  • Bug tor-browser#40491: Don't auto-pick a v2 address when it's in Onion-Location header
  • Bug tor-browser#40494: Update Startpage and Blockchair onion search providers
  • Bug tor-browser-build#40629: Bump snowflake version to 9ce1de4eee4e
  • Bug tor-browser-build#40633: Remove Team Cymru hard-coded bridges
  • Bug tor-browser-build#40646: Don't build Español AR anymore
  • Bug tor-browser-build#40649: Update meek default bridge
  • Bug tor-browser-build#40654: Enable uTLS and use the full bridge line for snowflake
  • Bug tor-browser-build#40665: Snowflake bridge parameters are too long (535 bytes) in 11.5.5
  • Bug tor-browser#41098: Compare Tor Browser's and GeckoView's profiles
  • Bug tor-browser#41154: Review Mozilla 1765167: Deprecate Cu.import
  • Bug tor-browser#41164: Add some #define for the base-browser section
  • Bug tor-browser#41306: Typo "will not able" in "Tor unexpectedly exited" dialog
  • Bug tor-browser#41317: Tor Browser leaks banned ports in network.security.ports.banned
  • Bug tor-browser#41326: Update preference for remoteRecipes
  • Bug tor-browser#41345: fonts: windows whitelist contains supplemental fonts
  • Bug tor-browser#41398: Disable Web MIDI API
• Windows + macOS + Linux
  • Update Firefox to 102.4.0esr
  • Bug tor-browser#17400: Decide how to use the multi-lingual Tor Browser in the alpha/release series
  • Bug tor-browser-build#40638: Visit our website link after build-to-build upgrade in Nightly channel points to old v2 onion
  • Bug tor-browser-build#40648: Do not customize update.locale in multi-lingual builds
  • Bug tor-browser#40853: use Subprocess.jsm to launch tor
  • Bug tor-browser#40933: Migrate remaining tor-launcher functionality to tor-browser
  • Bug tor-browser#41117: Review Mozilla 1512851: Add Share Menu to File Menu on macOS
  • Bug tor-browser#41323: Tor-ify notification bar gradient colors (branding)
  • Bug tor-browser#41337: Add a title to the new identity confirmation
  • Bug tor-browser#41342: Update the New Identity dialog to the proton modal style
  • Bug tor-browser#41344: Authenticated Onion Services do not prompt for auth key in 12.0 alpha series
  • Bug tor-browser#41352: Update or drop the show manual logic in torbutton
  • Bug tor-browser#41369: Consider a different list-order for locales in language menu
  • Bug tor-browser#41374: Missing a few torconnect strings in the DTD
  • Bug tor-browser#41377: Hide Search for more languages... from Language selector in multi-locale build
  • Bug tor-browser#41385: Bootstrap failure is logged but not raised up to about:torconnect
  • Bug tor-browser#41386: The new tor-launcher has a problem when another Tor is running
  • Bug tor-browser#41387: New identity and new circuit ended up inside history
  • Bug tor-browser#41400: Missing onionAuthViewKeys causes "Onion Services Keys" dialog to be empty.
  • Bug tor-browser#41401: Missing some mozilla icons because we still loading them from "chrome://browser/skin" rather than "chrome://global/skin/icons"
  • Bug tor-browser#41404: Fix blockchair-onion search extension
• Windows
  • Bug tor-browser#41149: Review Mozilla 1762576: Firefox is not allowing Symantec DLP to inject DLL into the browser for Data Loss Prevention software
  • Bug tor-browser#41278: Create Tor Browser styled pdf logo similar to the vanilla Firefox one
• macOS
  • Bug tor-browser#41294: Bookmarks manager broken in 12.0a2 on MacOS
  • Bug tor-browser#41348: cherry-pick macOS OSSpinLock replacements
  • Bug tor-browser#41370: Find a way to ship custom default bookmarks without changing language-packs on macOS
  • Bug tor-browser#41372: "Japanese" language menu item is localised in multi-locale testbuild (on mac OS)
  • Bug tor-browser#41379: The new tor-launcher is broken also on macOS
• Linux
  • Bug tor-browser#40359: Tor Browser Launcher has Wrong Icon
• Android
  • Update GeckoView to 102.4.0esr
  • Bug tor-browser-build#40631: Stop bundling HTTPS Everywhere on Android
  • Bug tor-browser#41360: Backport Android-specific Firefox 106 to ESR 102.4-based Tor Browser
  • Bug tor-browser#41394: Implement a setting to always prefer onion sites
• Build
  • All Platforms
    • Update Go to 1.19.2
    • Bug tor-browser-build#23656: Use .mozconfig files in tor-browser repo for rbm builds
    • Bug tor-browser-build#28754: make testbuild-android-armv7 stalls during sha256sum step
    • Bug tor-browser-build#40397: Create a new build target to package tor daemon, pluggable transports and dependencies
    • Bug tor-browser-build#40619: Make sure translations are taken from gitlab.tpo and not git.tpo
    • Bug torbrowser-build#40627: Add boklm to torbutton.gpg
    • Bug tor-browser-build#40634: Update the project/browser path in tools/changelog-format-blog-post and other files
    • Bug tor-browser-build#40636: Remove https-everywhere from projects/browser/config
    • Bug tor-browser-build#40639: Remove tor-launcher references
    • Bug tor-browser-build#40643: Update Richard's key in torbutton.gpg
    • Bug tor-browser-build#40655: Published tor-expert-bundle tar.gz files should not include their tor-browser-build build id
    • Bug tor-browser-build#40656: Improve get_last_build_version in tools/signing/nightly/sign-nightly
    • Bug tor-browser-build#40658: Create an anticensorship team keyring
    • Bug tor-browser-build#40660: Update changelog-format-blog-post script to point gitlab rather than gitolite
    • Bug tor-browser-build#40662: Make base-browser nightly build from tag
    • Bug tor-browser-build#40671: Update langpacks URL
    • Bug tor-browser#41308: Use the same branch for Desktop and GeckoView
    • Bug tor-browser#41340: Opt in to some of the NIGHTLY_BUILD features
    • Bug tor-browser#41343: Add -without-wam-sandboxed-libraries to mozconfig-linux-x86_64-dev for local builds
    • Bug tor-browser-build#40585: Prune the manual more
    • Bug tor-browser-build#40663: Do not ship bookmarks in tor-browser-build anymore
    • Bug tor-browser-build#40669: Remove HTTPS-Everywhere keyring
    • Bug tor-browser#41357: Enable browser toolbox debugging by default for dev builds
  • macOS
    • Bug tor-browser-build#40158: Add support for macOS AArch64
    • Bug tor-browser-build#40464: go 1.18 fails to build on macOS
  • Linux
    • Bug tor-browser-build#40659: Error building goservice for linux in nightly build
  • Android
    • Bug tor-browser-build#40640: Extract Gradle in the toolchain setup