DownloadWatch Online



Tor

Uncategorized

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features.

How does the Tor Browser keep my internet activity anonymous?

The Tor Browser uses the Tor network, which consists of more than six thousand relays located worldwide, to hide the users’ location and online traffic. This ensures anonymity and avoids your activities from being seen by others.

What is Tor Browser?

The Tor Browser is the flagship product from the Tor Project. The web browser is based on a modified version of Mozilla Firefox ESR that includes extras like the Tor proxy, TorButton, TorLauncher, NoScript, and HTTPS Everywhere extensions.

Who uses the Tor Browser?

With Tor Browser having made Tor more accessible to everyday internet users and activists, Tor was an instrumental tool during the Arab Spring beginning in late 2010. It not only protected people’s identity online but also allowed them to access critical resources, social media, and websites which were blocked.

Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor’s hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.

Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they’re in a foreign country, without notifying everybody nearby that they’re working with that organization.

Groups such as Indymedia recommend Tor for safeguarding their members’ online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company’s patent lawyers?

A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.

Is Tor better than a VPN?

Tor is not a VPN. Tor is a free browser similar to Chrome or Firefox, but it includes features that encrypt your IP address, making your browsing sessions private. A VPN (Virtual Private Network) is software that can change your IP address when you use any browser installed on your PC. To learn more about VPNs, you can read this article.

What’s New

Tor Browser 11.5.8 is now available from the Tor Browser download page and also from our distribution directory. This release will not be published on Google Play due to their target API level requirements. Assuming we do not run into any major problems, Tor Browser 11.5.9 will be an Android-only release that fixes this issue.

Tor Browser 11.5.8 backports the following security updates from Firefox ESR 102.5 to to Firefox ESR 91.13 on Windows, macOS and Linux:

  • CVE-2022-43680: In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
  • CVE-2022-45403: Service Workers might have learned size of cross-origin media files
  • CVE-2022-45404: Fullscreen notification bypass
  • CVE-2022-45405: Use-after-free in InputStream implementation
  • CVE-2022-45406: Use-after-free of a JavaScript Realm
  • CVE-2022-45408: Fullscreen notification bypass via windowName
  • CVE-2022-45409: Use-after-free in Garbage Collection
  • CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy
  • CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers
  • CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers
  • CVE-2022-45416: Keystroke Side-Channel Leakage
  • CVE-2022-45420: Iframe contents could be rendered outside the iframe
  • CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5

Tor Browser 11.5.8 updates GeckoView on Android to Firefox ESR 102.5 and includes important security updates. Tor Browser 11.5.8 backports the following security updates from Firefox 107 to Firefox ESR 102.5 on Android:

  • CVE-2022-45413: SameSite=Strict cookies could have been sent cross-site via intent URLs

The full changelog since Tor Browser 11.5.7 is:

All Platforms

  • Update Translations
  • Update OpenSSL to 1.1.1s
  • Update NoScript to 11.4.12
  • Update tor to 0.4.7.11
  • Update zlib to 1.2.13
  • Bug tor-browser-build#40622: Update obfs4proxy to 0.0.14 in Tor Browser

Windows + macOS + Linux

  • Bug tor-browser#31064: Letterboxing is enabled in priviledged contexts too
  • Bug tor-browser#32411: Consider adding about:tor and others to the list of pages that do not need letterboxing
  • Bug tor-browser#41413: Backup intl.locale.requested in 11.5.x
  • Bug tor-browser#41434: Letterboxing bypass through secondary tab (popup/popunder…)
  • Bug tor-browser#41456: Backport ESR 102.5 security fixes to 91.13-based Tor Browser
  • Bug tor-browser#41460: Migrate new identity and security level preferences in 11.5.8
  • Bug tor-browser#41463: Backport fix for CVE-2022-43680

Android

  • Update GeckoView to 102.5.0esr
  • Bug tor-browser#41461: Backport Android-specific 107-rr security fixes to 102.5-esr based Geckoview

Build All Platforms

  • Update Go to 1.18.8
  • Bug tor-browser-build#40658: Create an anticensorship team keyring
  • Bug tor-browser-build#40690: Revert fix for zlib build break