- Feb 22, 2013
- 451
Tor Browser and Tails system in new scenes.
The fight of those who would like to censor the Internet and surrender the internet to surveillance in the name of various important reasons with those who have the most important good for the free flow of information becoming more acute. The latter have just received updates of their most important weapons - browser Tor Browser to version 8.0, and the Linux distribution Tails to version 3.9. There are many changes, but are they going in the right direction?.
Tor Browser 8.0 is the first stable release of this browser built on the basis of the long-term supported Firefox 60 ESR (the first one from the new Quantum line), evidently focusing on friendliness for novice users. This was achieved by refreshing the about: track page, introducing what marketers call 'onboarding' - a guide for novices, adding support for new languages, and simplifying the function of gaining bridging servers. The way of displaying the circuits and informing about the .onion pages has also been changed.
Let's start with what is undoubtedly good in the new Track Browser. Until now users of this browser from countries in which Tor is blocked by system (such as China), could use the mechanism of bridges to avoid censorship. The mechanism is very good, only the majority of these bridges were quickly blocked by censors. To get access to new ones, you had to send an e-mail for this - which was not always possible.
Now in the configurator window the user just needs to indicate that Tor is censored in his country, and then ask to provide a bridge from torproject.org. Clicking the button displays a dialog with the CAPTCHA test. Its solution connects to the BridgeDB service, which provides a new IP address for the bridge.
A positive change is also the extension of language support - Tor Browser now has Catalan, Irish, Indonesian, Icelandic, Norwegian, Danish, Hebrew, Swedish and Chinese (traditional) locations. Windows users can use a 64-bit browser compilation, which should be more stable than 32-bit. Newer versions of important components were also used, including the OpenSSL 1.0.2p library. Also a dozen defects noticed since the Tor Browser 7.5.6 edition were repaired. Nothing to install, right?
Unfortunately, we are not entirely convinced that Tor Browser is going in the right direction. This new page about: the track looks like an intrusive ad that we would not like to see every time we view the browser. The previous screen was much more discreet, not reminding us every time that here we get the most private experience of browsing the internet in the world. We would prefer to have here a link to check if we're connected via Tor - and for some reason the site has disappeared.
In addition to the most important issue, or privacy, Tor Browser 8.0 seems to be turning back. In part, this is the result of changes in Firefox itself. As you know, Mozilla has abandoned the classic system of extensions and you have to use these new ones based on the WebExtensions interface. This in turn means the need to use the new version of the NoScript extension (10.1.9.1), which provides much less control over the scope of launched content than the old version, and does not allow to disable JavaScript on Mozilla domains. The settings for individual pages are also not kept, and the extension menu itself, which now consists of only few understandable icons, does not dazzle usability.
However, the issue of browser identification is much more worrying. Tor Browser stands out greatly in the crowd, does not even try to hide the user's operating system. This is the result of a change in Firefox, which makes it impossible to lie about the operating system after enabling the resistance to the identification of the fingerprint of the browser and present it as Windows NT 6.
This can be masked using JavaScript, but is it not risky to use JavaScript itself in the context of many websites? One can imagine that such disclosure of the User-Agent string will allow the attacker to correlate the activity wishing to maintain the anonymity of the user, especially if he visits little-known websites. We hope that Tor Browser developers will solve this problem quickly - because they probably do not want to weaken the privacy of their users, right?.....
Source and more info: (website in Polish)
Ulepszona broń do walki z cenzurą: przeglądarka Tor Browser i system Tails w nowych odsłonach
The fight of those who would like to censor the Internet and surrender the internet to surveillance in the name of various important reasons with those who have the most important good for the free flow of information becoming more acute. The latter have just received updates of their most important weapons - browser Tor Browser to version 8.0, and the Linux distribution Tails to version 3.9. There are many changes, but are they going in the right direction?.
Tor Browser 8.0 is the first stable release of this browser built on the basis of the long-term supported Firefox 60 ESR (the first one from the new Quantum line), evidently focusing on friendliness for novice users. This was achieved by refreshing the about: track page, introducing what marketers call 'onboarding' - a guide for novices, adding support for new languages, and simplifying the function of gaining bridging servers. The way of displaying the circuits and informing about the .onion pages has also been changed.
Let's start with what is undoubtedly good in the new Track Browser. Until now users of this browser from countries in which Tor is blocked by system (such as China), could use the mechanism of bridges to avoid censorship. The mechanism is very good, only the majority of these bridges were quickly blocked by censors. To get access to new ones, you had to send an e-mail for this - which was not always possible.
Now in the configurator window the user just needs to indicate that Tor is censored in his country, and then ask to provide a bridge from torproject.org. Clicking the button displays a dialog with the CAPTCHA test. Its solution connects to the BridgeDB service, which provides a new IP address for the bridge.
A positive change is also the extension of language support - Tor Browser now has Catalan, Irish, Indonesian, Icelandic, Norwegian, Danish, Hebrew, Swedish and Chinese (traditional) locations. Windows users can use a 64-bit browser compilation, which should be more stable than 32-bit. Newer versions of important components were also used, including the OpenSSL 1.0.2p library. Also a dozen defects noticed since the Tor Browser 7.5.6 edition were repaired. Nothing to install, right?
Unfortunately, we are not entirely convinced that Tor Browser is going in the right direction. This new page about: the track looks like an intrusive ad that we would not like to see every time we view the browser. The previous screen was much more discreet, not reminding us every time that here we get the most private experience of browsing the internet in the world. We would prefer to have here a link to check if we're connected via Tor - and for some reason the site has disappeared.
In addition to the most important issue, or privacy, Tor Browser 8.0 seems to be turning back. In part, this is the result of changes in Firefox itself. As you know, Mozilla has abandoned the classic system of extensions and you have to use these new ones based on the WebExtensions interface. This in turn means the need to use the new version of the NoScript extension (10.1.9.1), which provides much less control over the scope of launched content than the old version, and does not allow to disable JavaScript on Mozilla domains. The settings for individual pages are also not kept, and the extension menu itself, which now consists of only few understandable icons, does not dazzle usability.
However, the issue of browser identification is much more worrying. Tor Browser stands out greatly in the crowd, does not even try to hide the user's operating system. This is the result of a change in Firefox, which makes it impossible to lie about the operating system after enabling the resistance to the identification of the fingerprint of the browser and present it as Windows NT 6.
This can be masked using JavaScript, but is it not risky to use JavaScript itself in the context of many websites? One can imagine that such disclosure of the User-Agent string will allow the attacker to correlate the activity wishing to maintain the anonymity of the user, especially if he visits little-known websites. We hope that Tor Browser developers will solve this problem quickly - because they probably do not want to weaken the privacy of their users, right?.....
Source and more info: (website in Polish)
Ulepszona broń do walki z cenzurą: przeglądarka Tor Browser i system Tails w nowych odsłonach