Tor Browser switched to Firefox Quantum and Photon UI codebase
About Tor on Habré write quite often, but the news that the Tor Browser still switched to Firefox Quantum and the new Photon UI was somehow left out. And it really happened , which could give a new impetus to the development of an anonymous web browser.
As you know, Tor Browser is based on Firefox, the code part of the browser. But the Tor version lags behind the latest version of Firefox by about two releases. Because of this lag, only now Tor received an update based on Firefox Quantum - and after all, Firefox 57 was updated last year, at the end.
Now Tor has a new page rendering engine, plus a few more updates, including the WebExtensions API. Chrome, Opera, Vivaldi, Brave and other Chromium-like browsers are used to work with add-ons. An important part of the update was the interface Photon UI, which simplifies the work with the program.
Among other things, the developers of the anonymous browser have added individual updates - for example, the start screen has been radically reworked - users of the browser can see it after Tor has been installed. According to the creators of Tor, they were able to rework the request bridge mechanism, which makes it possible to unravel the captcha in Tor Launcher — no need to go to the project site, just as the need to send an email is no longer necessary.
Thanks to alternative transports , it is possibleorganization of an encrypted communication channel in environments that block all traffic except HTTP. To prevent user movement from being tracked, WebGL, WebGL2, WebAudio, Social, SpeechSynthesis, Touch, AudioContext, HTMLMediaElement, Mediastream, Canvas, SharedWorker, Permissions, MediaDevices.enumerateDevices and screen.orientation APIs are disabled or restricted, and also disabled telemetry sending tools, Pocket, Reader View, HTTP Alternative-Services, MozTCPSocket, “link rel = preconnect”, modified libmdns.
In addition, the start of testing the alpha release of the 8.5 new branch has been launched It differs from 8.0 by switching to the toolkit, it resolves the problem with the operation of the Moat service when using the meek transport (meek-amazon, meek-azure).
The developers also took care of the users of the anonymous browser on mobile devices - an updated and revised mobile version of the browser, called Tor Browser for Android, was introduced. The application is available in the Google Play Store , although now it is just an alpha version.
The Tor Browser for mobile devices is perfectly capable of replacing the Orfox browser, which was developed by the Guardian Project team. According to the developers of the mobile version of the protected version of the browser, they need the help of the community in testing the program.
It requires Android 4.1 or a newer version. In addition, for the operation of the test version, you need to install Orbot - this is a proxy for the operation of mobile applications via Tor. A team of browser creators promises that the final release will no longer be tied to Orbot. However, in the near future we should not expect it - it will appear not earlier than the beginning of 2019.
Among the new mobile browser is the following:
- Ability to block code to track movement. Any of the sites is isolated from cross-requests, and the cookies are immediately deleted after the session.
- Protection against interference with traffic and monitoring user activity. Interaction with the infrastructure is carried out within the Tor network. If the traffic between the user and the provider is intercepted, the outsider can only see that the user uses this browser, but he will not be able to determine which sites the user opens.
- Protection against the definition of visitor-specific tracking features using hidden identification methods has been implemented. All users are "equal among themselves" in the eyes of a bystander.
- Multi-level encryption is used. In addition to HTTPS, user traffic is encrypted at least three times.
- An innovation that is relevant for Russian users is the availability of access to blocked resource providers.