New Release: Tor Browser 11.0

by duncan | November 8, 2021

Tor Browser 11.0 is now available from the Tor Browser download page and our distribution directory. This is the first stable release based on Firefox ESR 91, and includes an important update to Tor 0.4.6.8.

Update: The version of Tor Browser for Windows available on the Tor Browser download page has been temporarily reverted to 10.5.10 while we investigate an issue with NoScript. Please see Bug 40695 for updates.

What’s new?

Tor Browser 11's connection screen in light and dark themes

Tor Browser gets a new look

Earlier this year, Firefox’s user interface underwent a significant redesign aimed at simplifying the browser chrome, streamlining menus and featuring an all-new tab design. Firefox ESR 91 introduces the new design to Tor Browser for the first time.

Tor Browser 11's redesigned icons

To ensure it lives up to the new experience, each piece of custom UI in Tor Browser has been modernized to match Firefox’s new look and feel. That includes everything from updating the fundamentals like color, typography and buttons to redrawing each of our icons to match the new thinner icon style.

In addition to the browser chrome itself, the connection screen, circuit display, security levels and onion site errors all received a sprucing-up too – featuring some small but welcome quality of life improvements to each.

Invalid Onion Site Address error resulting from v2 deprecation

Final deprecation of v2 onion services

Last year we announced that v2 onion services would be deprecated in late 2021, and since its 10.5 release Tor Browser has been busy warning users who visit v2 onion sites of their upcoming retirement. At long last, that day has finally come. Since updating to Tor 0.4.6.8 v2 onion services are no longer reachable in Tor Browser, and users will receive an “Invalid Onion Site Address” error instead.

Should you receive this error when attempting to visit a previously working v2 address, there is nothing wrong with your browser – instead, the issue lies with the site itself. If you wish, you can notify the onion site’s administrator about the problem and encourage them to upgrade to a v3 onion service as soon as possible.

It’s easy to tell if you still have any old v2 addresses saved in your bookmarks that are in need of removal or updating too: although both end in .onion, the more secure v3 addresses are 56 characters long compared to v2’s modest 16 character length.

Known issues

Tor Browser 11.0 comes with a number of known issues:

  • Bug 40668: DocumentFreezer & file scheme
  • Bug 40671: Fonts don't render
  • Bug 40679: Missing features on first-time launch in esr91 on MacOS
  • Bug 40689: Change Blockchair Search provider's HTTP method
  • Bug 40667: AV1 videos shows as corrupt files in Windows 8.1
  • Bug 40677: Since the update to 11.0a9 some addons are inactive and need disabling-reenabling on each start
  • Bug 40666: Switching svg.disable affects NoScript settings
  • Bug 40690: Browser chrome breaks when private browsing mode is turned off
  • Bug 40693: Potential Wayland dependency (new)
  • Bug 40692: Picture-in-Picture is enabled on tbb 11.0a10 (new)
  • Bug 40700: Switch Firefox recommendations off by default (new)
  • Bug 40705: "visit our website" link on about:tbupdate pointing to different locations (new)
  • Bug 40706: Fix issue in https-e wasm (new)

Join the discussion

Last week we announced a new discussion and user support platform: the Tor Forum. Starting today, we’re going to be doing things a little bit differently – rather than commenting on the blog posts themselves, we’d like to invite you to create an account and join in the discussion on the forum instead:

Tor Browser 11.0 discussion thread

Give feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know. Thanks to all of the teams across Tor, and the many volunteers, who contributed to this release.

Full changelog

The full changelog since Tor Browser 10.5.10 is:

  • Windows + OS X + Linux
    • Update Firefox to 91.3.0esr
    • Update Tor to tor-0.4.6.8
    • Bug 32624: localStorage is not shared between tabs
    • Bug 33125: Remove xpinstall.whitelist.add* as they don't do anything anymore
    • Bug 34188: Cleanup extensions.* prefs
    • Bug 40004: Convert tl-protocol to async.
    • Bug 40012: Watch all requested tor events
    • Bug 40027: Make torbutton_send_ctrl_cmd async
    • Bug 40042: Add missing parameter of createTransport
    • Bug 40043: Delete all plugin-related protections
    • Bug 40045: Teach the controller about status_client
    • Bug 40046: Support arbitrary watch events
    • Bug 40047: New string for Security Level panel
    • Bug 40048: Protonify Circuit Display Panel
    • Bug 40053: investigate fingerprinting potential of extended TextMetrics interface
    • Bug 40083: Make sure Region.jsm fetching is disabled
    • Bug 40177: Clean up obsolete preferences in our 000-tor-browser.js
    • Bug 40220: Make sure tracker cookie purging is disabled
    • Bug 40342: Set `gfx.bundled-fonts.activate = 1` to preserve current bundled fonts behaviour
    • Bug 40463: Disable network.http.windows10-sso.enabled in FF 91
    • Bug 40483: Deutsche Welle v2 redirect
    • Bug 40534: Cannot open URLs on command line with Tor Browser 10.5
    • Bug 40547: UX: starting in offline mode can result in difficulty to connect later
    • Bug 40548: Set network.proxy.failover_direct to false in FF 91
    • Bug 40561: Refactor about:torconnect implementation
    • Bug 40567: RFPHelper is not init until after about:torconnect bootstraps
    • Bug 40597: Implement TorSettings module
    • Bug 40600: Multiple pages as home page unreliable in 11.0a4
    • Bug 40616: UX: multiple about:torconnect
    • Bug 40624: TorConnect banner always visible in about:preferences#tor even after bootstrap
    • Bug 40626: Update Security Level styling to match Proton UI
    • Bug 40628: Checkbox wrong color in about:torconnect in dark mode theme
    • Bug 40630: Update New Identity and New Circuit icons
    • Bug 40631: site identity icons are not being displayed properly
    • Bug 40632: Proton'ify Circuit Display Panel
    • Bug 40634: Style updates for Onion Error Pages
    • Bug 40636: Fix about:torconnect 'Connect' border radius in about:preferences#tor
    • Bug 40641: Update Security Level selection in about:preferences to match style as tracking protection option bubbles
    • Bug 40648: Replace onion pattern divs/css with tiling SVG
    • Bug 40653: Onion Available text not aligned correctly in toolbar in ESR91
    • Bug 40655: esr91 is suggesting to make Tor Browser the default browse
    • Bug 40657: esr91 is missing "New identity" in hamburger menu
    • Bug 40680: Prepare update to localized assets for YEC
    • Bug 40686: Update Onboarding link for 11.0
  • Build System
    • Windows + OS X + Linux
      • Update Go to 1.16.9
      • Bug 40048: Remove projects/clang-source
      • Bug 40347: Make the list of toolchain updates needed for firefox91
      • Bug 40363: Change bsaes git url
      • Bug 40366: Use bullseye to build https-everywhere
      • Bug 40368: Use system's python3 for https-everywhere
    • Windows + Linux
    • Windows
      • Bug 28240: switch from SJLJ exception handling to Dwarf2 in mingw for win32
      • Bug 40306: Update Windows toolchain to switch to mozilla91
      • Bug 40376: Use python3 for running pe_checksum_fix.py
    • OS X
      • Bug 40307: Update macOS toolchain to switch to mozilla91
    • Linux
      • Bug 40222: Bump GCC to 10.3.0 for Linux
      • Bug 40305: Update Linux toolchain to switch to mozilla91
      • Bug 40353: Temporarily disable rlbox for linux builds

Comments

Comments are closed.