Tor Browser 8.5 released: security fixes and stable Android version
The Tor Project announced the release of Tor Browser 8.5 for all supported operating systems on May 22, 2019. The new Tor Browser version includes important security fixes, and it is the first stable version released for the Android operating system.
Tor Browser is based on Firefox ESR code. Mozilla released Firefox 67 and a new ESR version 60.7.0 on Tuesday. The new version of Firefox introduced new features in the browser and patched several security issues including two rated critical, the highest impact rating.
Tor Browser 8.5
Tor Browser 8.5 is available as a download for the supported desktop operating systems Windows, Linux, and Mac OS, on the official project website. Tor Browser 8.5 for Android, the first stable version, is available on Google Play. The developers promise that it will land on F-Droid, an alternate Android application marketplace, in the coming days as well.
Tor Browser 8.5 is the first stable version of Tor for Android. We reviewed the first version that the Tor Project team released for Android, and you may want to check it out as it provides a good overview of the functionality of the app.
Tor Browser for Android "provides essentially the same protections that can be found on desktop platforms" even though there are some "feature gaps" according to a post on the official Tor blog.
We made sure there are no proxy bypasses, that first-party isolation is enabled to protect you from cross-site tracking, and that most of the fingerprinting defenses are working. While there are still feature gaps between the desktop and Android Tor Browser, we are confident that Tor Browser for Android provides essentially the same protections that can be found on desktop platforms.
The security slider, a tool used to display and set the security level used, is now available on the main toolbar. A click displays the current security level and a link to the settings to change it.
The version has three new issues currently:
- Accessibility Support is "still not perfect".
- Bug reports suggest WebGL related fingerprinting is possible.
- The upgrade breaks saved logins and passwords.
You can read the full changelog on the official Tor project website.
I dont think orbot development will stop because it is different from tor browser itself. Like @empirefall said, orbot is a proxy app.
Tor browser itself has an inbuilt orbot (or an upgraded orbot ) dedicated for tor browser only. Meaning, you dont have to channel it through the orbot app before it works.
While orbot app can be used to channel all other apps on android through tor
Does it mean we should drop Orbot + Orfox ?
I would use Tor for Android over orfox just because it is virtually the same as the desktop version of Tor, however, Orbot is a decent proxy app, through which all of the connections made by apps on Android can channeled
Precisely. On the face of it, Orbot would have a huge advantage over Tor, since it channels everything through Tor (not only the browser).
However, I have never been able to make it work properly. I don’t understand the interface.
Is Orbot deprecated ? Will its development stop ?
😠no clue
Stable Tor Browser for Android
this is one heck of a milestone
Oh boy, I could read this article before upgrading :(
“The upgrade breaks saved logins and passwords” is an issue indeed.
I hope it will be fixed asap without the need to put all logins data again.
https://trac.torproject.org/projects/tor/ticket/30565
Set security.nocertdb = false. It will be fixed in the next release
Does it comes will all Mozilla telemetry “goodies” or you have to tweak all that stuff in about:config?
The more you tweak, the closer to unique Tor becomes. Usually not recommended to change anything. The usual FF privacy stuff is turned off.
Use it with a real VPN if possible.
The definitive answer to the eternal question : Tor over VPN or VPN over Tor ? (Answer : neither.)
https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-2-onion-recipes-vpn-not-required
About VPN:
As warned in the article introduced by Clairvaux,
https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-2-onion-recipes-vpn-not-required
Many VPN services have problems with the legitimacy of “privacy protection and compliance with privacy policy”.
Above all, free VPN services are none that can be trusted, but even paid services are “very few that can be trusted”, so be careful.
Case 1
Hotspot Shield VPN’s Privacy and Security Promises Contradict Practices
August 07, 2017
https://cdt.org/blog/hotspot-shield-vpns-privacy-and-security-promises-contradict-practices/
Case 2
Pure Lies: PureVPN’s “No Logs†Claims Invalidated By Recent FBI Case
October 10, 2017
https://www.goldenfrog.com/blog/purevpn-no-log-claims-false
detailed-vpn-comparison-chart
https://thatoneprivacysite.net/detailed-vpn-comparison-chart-for-the-color-blind/
Information that would be helpful:
SURVEILLANCE SELF-DEFENSE TIPS, TOOLS AND HOW-TOS FOR SAFER ONLINE COMMUNICATIONS(Electronic Frontier Foundation)
https://ssd.eff.org/en
How to: Use Tor for Windows
https://ssd.eff.org/en/module/how-use-tor-windows
We Use(ghacks.net : Martin Brinkmann)
https://www.ghacks.net/we-use/
Software
Firefox – The main advantage of Firefox over other browsers is that it gives you more control over the browser interface and customizations in general. There is also NoScript available exclusively for the browser, our favorite browser add-on of all time.
Services
NordVPN and Private Internet Access – Virtual Private Network providers offering unlimited data transfer and server switches, 256-bit data encryption and a comprehensive range of supported protocols, and features.
Beautiful. Thanks.
@ULBoom
Going through the Tor project FAQ I found that using a VPN is not recommended (in order to maintain anonymity) as is the one and only point of failure:
https://2019.www.torproject.org/docs/faq.html.en#IsTorLikeAVPN
I assume they mean along with Tor since it already takes care of that by default, but is there any particular reason why you recommend it? I haven’t used Tor much to be honest and when I have, it was indeed through a VPN so I’m curious now what would be the best use case here.
@thebrowser, https://2019.www.torproject.org/docs/faq.html.en#IsTorLikeAVPN
First, as a premise, “Tor” is a network system and does not mean “Tor Browser”.
And that article is an explanation of “VPN is an alternative to Tor network?”
Opinions about Tor vary among bloggers, but many security research institutes recommend combining “Tor Browser” with a secure VPN.
I agree with ULBoom. And I have been using NordVPN ( https://nordvpn.com/faq/ ) for several years, but I am satisfied with its performance and I trust it.
Tor: What You Need to Know
https://restoreprivacy.com/tor/
1. What is Tor
2. How Tor works
3. Is Tor safe?
3-5. Anybody can operate Tor nodes, including governments, hackers, and spies
3-6. Malicious Tor nodes do exist
3-7. No “expectation of privacy†when using Tor
3-8. IP address leaks when using Tor
4. 8 interesting/alarming facts about Tor
5. Does Tor effectively work?
6. Tor user errors and bad OPSEC
7. Tor vs VPN services
8. Multi-hop VPN services for more online anonymity
9. Using Tor with VPNs
10. Final verdict on Tor
Final verdict on Tor: you decide
February 11, 2019 By Sven Taylor ( https://restoreprivacy.com/mission/ )
@owl,
@Clairvaux
Thank you both, funny how your recommendations point to a different use in regard to VPN.
One of the main reasons I don’t use Tor (browser) is because there’s a lot of conflicting information online about how effective it really is depending on how you use it. The way I see it is just another technology available but not one that I need, plus I would have to really learn it properly which adds up a lot of time for something too ambiguous.
The Browser,
You are welcome. Be aware that Tor is dead simple to use. It’s much simpler to use actually than Firefox, since you must not tinker with it if you want to keep it anonymous.
When I see the hugely complex customizations some people exchange here to make Firefox more this or more that… There’s no such thing with Tor. It just works.
@pndy,
What is Tor Browser?
https://2019.www.torproject.org/projects/torbrowser.html.en
“a pre-configured web browser to protect your anonymity”
The Design and Implementation of the Tor Browser [DRAFT]
https://2019.www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
Table of Contents
4. Implementation
4.6. Cross-Origin Fingerprinting Unlinkability
Specific Fingerprinting Defenses in the Tor Browser
29.Contacting Mozilla Services
5. Build Security and Package Integrity
5.4. Update Safety
Tor: Overview
https://2019.www.torproject.org/about/overview.html.en#thesolution
Tor FAQ
https://2019.www.torproject.org/docs/faq.html.en
Tor: What You Need to Know
https://restoreprivacy.com/tor/
the new logo make it look like its a podcast app
Looks like the wireless network sign…