Planet Tor

@kushal September 20, 2023 - 07:26 • a day ago
SBOM and vulnerability scanning

Software Bill of Materials became one of the latest buzzword. A lot of people and companies talking about it like a magical thing, if you use it then all of your security problems will be solved, just like what happened with Blockchain!!.

Though a hand full of projects (or companies building those projects) focused on the actual tooling part. Things we can use and see some useful output than blogposts/presentations with fancy graphics.

In this post we will try to see how can we use these tools today (2023/09/20).

SBOM currently comes in two major flavors, SPDX aka Software Package Data Index and CycloneDX. There are existing tooling to convert in between.

Syft

We will use syft from Anchore to generate our SBOM(s).

This tool can generate from various sources, starting from container images to Python projects, RPM/Debian dbs, Rust or Go projects.

Let us generate the SBOM for a Debian 12 VM.

$ syft /var/lib/dpkg -o spdx-json=server.spdx.json --source-name debian12 
 ✔ Indexed file system                                                                                         /var/lib/dpkg
 ✔ Cataloged packages              [395 packages]

For for a Rust project:

$ syft /home/kdas/code/johnnycanencrypt/Cargo.lock -o spdx-json=jce.spdx.json
 ✔ Indexed file system                                                                      /home/kdas/code/johnnycanencrypt
 ✔ Cataloged packages              [203 packages]

We generated the SBOMs. Now this should solve the security issues, isn't?

SBOM joke

I found the above in Matthew Martin's timeline.

Grype

This is where Grype comes handy, it is a vulnerability scanner for container images and filesystems and works with the SBOM(s) generated by syft.

$ grype jce.spdx.json 
 ✔ Vulnerability DB                [updated]  
 ✔ Scanned for vulnerabilities     [1 vulnerability matches]  
   ├── by severity: 0 critical, 0 high, 1 medium, 0 low, 0 negligible
   └── by status:   1 fixed, 0 not-fixed, 0 ignored 
NAME  INSTALLED  FIXED-IN  TYPE        VULNERABILITY        SEVERITY 
time  0.1.45     0.2.23    rust-crate  GHSA-wcg3-cvx6-7396  Medium

And:

grype server.spdx.json 
 ✔ Vulnerability DB                [no update available]  
 ✔ Scanned for vulnerabilities     [178 vulnerability matches]  
   ├── by severity: 6 critical, 136 high, 34 medium, 2 low, 0 negligible
   └── by status:   0 fixed, 178 not-fixed, 0 ignored 
NAME     INSTALLED     FIXED-IN  TYPE  VULNERABILITY     SEVERITY 
file     1:5.44-3                      CVE-2007-1536     High      
git      1:2.39.2-1.1                  CVE-2020-5260     High      
gnupg    2.2.40-1.1                    CVE-2022-3515     Critical  
gnupg    2.2.40-1.1                    CVE-2022-34903    Medium    
gnupg    2.2.40-1.1                    CVE-2022-3219     Low       
openssl  3.0.9-1                       CVE-2023-4807     High      
openssl  3.0.9-1                       CVE-2023-3817     Medium    
openssl  3.0.9-1                       CVE-2023-2975     Medium    
openssl  3.0.9-1                       CVE-2023-1255     Medium    
perl     5.36.0-7                      CVE-2023-31486    High      
perl     5.36.0-7                      CVE-2023-31484    High      
vim      2:9.0.1378-2                  CVE-2022-3520     Critical  
vim      2:9.0.1378-2                  CVE-2022-0318     Critical  
vim      2:9.0.1378-2                  CVE-2017-6350     Critical  
vim      2:9.0.1378-2                  CVE-2017-6349     Critical  
vim      2:9.0.1378-2                  CVE-2017-5953     Critical  
vim      2:9.0.1378-2                  CVE-2023-4781     High      
vim      2:9.0.1378-2                  CVE-2023-4752     High      

<snipped>

Now it is on your team members to decide how to react to information we gather from these tools. The tools themselves will not solve the problems at hand. You have to decide the update steps and if that is at all required or not.

Also please remember, there is and will be a lot of false positives (not in Grype output yet, but other tools in the SBOM ecosystem). The projects (I am talking about in general most of the tooling in this field) are trying hard to reduce these, but not possible always to remove every such edge case.

...
@ooni September 20, 2023 - 00:00 • a day ago
Grindr blocked in Jordan: Shrinking LGBTQ spaces
Jordan recently blocked access to Grindr — the world’s largest social networking app for gay, bi, trans, and queer people — adding to the list of social media apps banned in the country, including TikTok and Clubhouse. OONI network measurement data collected from Jordan suggests that ISPs started blocking access to Grindr on August 8th 2023, and that the block remains ongoing. This report shares OONI data on the blocking of Grindr in Jordan. ...
@blog September 14, 2023 - 00:00 • 8 days ago
New Alpha Release: Tor Browser 13.0a4 (Android, Windows, macOS, Linux)

Tor Browser 13.0a4 is now available from the Tor Browser download page and also from our distribution directory.

This release updates Firefox to 115.2.1esr, including bug fixes, stability improvements and important security updates. We also backported the Android-specific security updates from Firefox 117.

Major Changes

This is our fourth alpha release in the 13.0 series which represents a transition from Firefox 102-esr to Firefox 115-esr. This builds on a year's worth of upstream Firefox changes, so alpha-testers should expect to run into issues. If you find any issues, please report them on our gitlab or on the Tor Project forum.

We are in the middle of our annual esr transition audit, where we review Mozilla's year's worth of work with an eye for privacy and security issues that would negatively affect Tor Browser users. This will be completed before we transition the 13.0 alpha series to stable. At-risk users should remain on the 102-esr based 12.5 stable series which will continue to receive security updates until 13.0 alpha is promoted to stable.

Build Output Naming Updates

As a reminder from the 13.0a3 release post, we have made the naming scheme for all of our build outputs mutually consistent. If you are a downstream packager or in some other way download Tor Browser artifacts in scripts or automation, you will have a bit more work to do beyond bumping the version number once the 13.0 alpha stabilizes. All of our current build outputs can be found in the distribution directory

UX Refresh of about:tor

The about:tor page you land on after bootstrapping has been rewritten for our Desktop platforms. As part of this process, and as part of the tor integration back-end rewrite, we have removed the automatic tor network connectivity check ( https://check.torproject.org ) which occurred in the about:tor page.

This check was a hold-over from the tor-launcher days when launching and bootstrapping the tor daemon was handled by an extension which ran before the Firefox browser interface was presented to the user. As a result of the tighter tor integration and in-browser bootstrapping experience in about:connection, the legacy logic behind this check would sometimes fail and present some users with the infamous 'red screen of death', even if their tor connection was fine.

That is to say, all of the reports we have received of users hitting this screen were false-positives when using the default configuration. The conditions for which the check on this page made sense no longer exist and now only serve to confuse users. On top of that, the two main environments where Tor Browser is used in a non-default configuration where the check is arguably useful (Tails and Whonix) do not use the built-in about:tor page for home or new-tab.

Tor Browser users with the default configuration who successfully go through the bootstrapping process essentially cannot get into a situation where they are able to load about:tor while not being connected to the process-owned tor daemon. If they are connected to the tor daemon, then the check will either succeed or timeout if the connection to the Tor Network fails after bootstrapping. If the tor daemon has crashed or failed to launch, then the browser's proxy settings prevent web traffic from going anywhere outside the users system

In the short term, we will be adding some ux to the about:tor page for users who are not using a default configuration to easily check that their configuration is correct and using tor as expected.

Longer-term (in the 13.5 time-frame) we plan on integrating this tor check directly into the about:connection state-machine so we can avoid false-positives in the default configuration while also providing peace-of-mind that web traffic is being routed correctly. We will also likely iterate on the about:tor ux for users in non-default configurations.

Android

Our Tor Browser Android release should be pretty close to final in terms of changes, apart from bug fixes or tweaks required by our annual ESR code-audit. The rendering+branding errors from 13.0a3 have been resolved. If you are able, please be sure to take the Tor Browser Android alpha for a spin, and especially try using bridges!

Known Issues

Desktop

Build to build incremental updates are currently failing for some users if you are starting at a version older than 13.0a3. Users on 13.0a2 and 13.0a1 will first download the small incremental update, fail to apply it after a re-launch, and then download the full large update. This should not result in losing anything of value apart from your precious time.

It is being tracked in tor-browser#42101.

Windows

Building generated debug headers are not currently reproducible. This only affects debug info and does not affect users. This issue is being tracked here. It will either be fixed before the 13.0 alpha series transitions to stable later this year, or we will disable this developer feature by default to ensure fully matching builds.

Full changelog

We would like to thank volunteer contributor cypherpunks1 for their fixes for tor-browser#41876 and tor-browser#41740.

The full changelog since Tor Browser 13.0a3 is:

...
@blog September 13, 2023 - 00:00 • 9 days ago
New Release: Tor Browser 12.5.4

Tor Browser 12.5.4 is now available from the Tor Browser download page and also from our distribution directory.

This release updates Firefox and GeckoView to 102.15.1esr and fixes CVE-2023-4863: Heap buffer overflow in libwebp

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full changelog

The full changelog since Tor Browser 12.5.3 is:

  • All Platforms
  • Windows + macOS + Linux
    • Updated Firefox to 102.15.1esr
  • Android
    • Updated GeckoView to 102.15.1esr
  • Build System
    • All Platforms
      • Updated Go to 1.20.8
...
@blog September 5, 2023 - 00:00 • 17 days ago
Arti 1.1.8 is released: Onion service infrastructure

Arti is our ongoing project to create a next-generation Tor client in Rust. Now we're announcing the latest release, Arti 1.1.8.

This release continues our work on support for onion services in Arti. It includes backend support for nearly all of the functionality needed to launch and publish an onion service and accept incoming requests from onion service clients. This functionality is not yet usable, however: we still need to connect it all together, test and debug it, and provide high-level APIs to allow the user to actually turn it on.

With this release, there have been many smaller and less visible changes as well; for those, please see the CHANGELOG.

For more information on using Arti, see our top-level README, and the documentation for the arti binary.

Thanks to everybody who's contributed to this release, including Emil Engler, Jim Newsome, Micah Elizabeth Scott, Saksham Mittal, and Trinity Pointard.

Also, our deep thanks to Zcash Community Grants and our other sponsors for funding the development of Arti!

...
@blog August 29, 2023 - 00:00 • 24 days ago
New Release: Tor Browser 12.5.3

Tor Browser 12.5.3 is now available from the Tor Browser download page and also from our distribution directory.

This release updates Firefox to 102.15.0esr, including bug fixes, stability improvements and important security updates. We also backported the Android-specific security updates from Firefox 117.

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full changelog

The full changelog since Tor Browser 12.5.2 is:

...
@ooni August 28, 2023 - 00:00 • 25 days ago
Join us at the IMC 2023 Hackathon on Network Interference using Open Data
Are you attending the Internet Measurement Conference (IMC) 2023? Join us at the IMC Hackathon on Network Interference using Open Data on Monday, 23rd October 2023, in Montreal, Canada. The hackathon is organized by the Internet Society (ISOC), the Open Observatory of Network Interference (OONI), M-Lab and Censored Planet. IMC is a yearly academic conference focusing on Internet measurement and analysis. The conference is sponsored by ACM SIGCOMM. This IMC Hackathon will be about exploring, analyzing, and visualizing open network measurement data with a focus on identifying Internet censorship and Internet shutdown events. ...
@blog August 24, 2023 - 00:00 • 29 days ago
New Alpha Release: Tor Browser 13.0a3 (Android, Windows, macOS, Linux)

Tor Browser 13.0a3 is now available from the Tor Browser download page and also from our distribution directory.

This release updates Firefox to 115.2.0esr, including bug fixes, stability improvements and important security updates. Android-specific security updates from Firefox 117 are not yet available, but will be part of the next alpha release scheduled in two weeks.

Major Changes

This is our third alpha release in the 13.0 series which represents a transition from Firefox 102-esr to Firefox 115-esr. This builds on a year's worth of upstream Firefox changes, so alpha-testers should expect to run into issues. If you find any issues, please report them on our gitlab or on the Tor Project forum.

We are in the middle of our annual esr transition audit, where we review Mozilla's year's worth of work with an eye for privacy and security issues that would negatively affect Tor Browser users. This will be completed before we transition the 13.0 alpha series to stable. At-risk users should remain on the 102-esr based 12.5 stable series which will continue to receive security updates until 13.0 alpha is promoted to stable.

Build System

We have made the naming scheme for all of our build outputs mutually consistent! This basically means that going forward all our build artifacts will have a name following the form ${ARTIFACT}-${OS}-${ARCH}-${VERSION}.${EXT}. For example, in 13.0a2 the macOS .dmg pakage was named TorBrowser-13.0a2-macos_ALL.dmg whereas in 13.0a3 it is named tor-browser-macos-13.0a3.dmg.

If you are a downstream packager or in some other way download Tor Browser artifacts in scripts or automation, you will have a bit more work to do beyond bumping the version number once the 13.0 alpha stabilizes.

Known Issues

Windows

Building generated debug headers are not currently reproducible. This only affects debug info and does not affect users. This issue is being tracked here. It will either be fixed before the 13.0 alpha series transitions to stable later this year, or we will disable this developer feature by default to ensure fully matching builds.

Android

There are various graphical bugs in the bootstrapping and landing pages in Tor Browser for Android including misaligned text and Firefox branding. The Tor Browser onboarding for first-time users is also missing. These issues (among others) are being tracked here, here and here.

Full changelog

We would like to thank volunteer contributor cypherpunks1 for their fixes for tor-browser#40175, and tor-browser#41642. If you would like to contribute, our issue tracker can be found here.

The full changelog since Tor Browser 13.0a2 is:

...
@blog August 23, 2023 - 00:00 • 30 days ago
Introducing Proof-of-Work Defense for Onion Services

Today, we are officially introducing a proof-of-work (PoW) defense for onion services designed to prioritize verified network traffic as a deterrent against denial of service (DoS) attacks with the release of Tor 0.4.8.

Tor's PoW defense is a dynamic and reactive mechanism, remaining dormant under normal use conditions to ensure a seamless user experience, but when an onion service is under stress, the mechanism will prompt incoming client connections to perform a number of successively more complex operations. The onion service will then prioritize these connections based on the effort level demonstrated by the client. We believe that the introduction of a proof-of-work mechanism will disincentivize attackers by making large-scale attacks costly and impractical while giving priority to legitimate traffic. Onion Services are encouraged to update to version 0.4.8.

Why the need?

The inherent design of onion services, which prioritizes user privacy by obfuscating IP addresses, has made it vulnerable to DoS attacks and traditional IP-based rate limits have been imperfect protections in these scenarios. In need of alternative solutions, we devised a proof-of-work mechanism involving a client puzzle to thwart DoS attacks without compromising user privacy. 

How does it work?

Proof of work acts as a ticket system that is turned off by default, but adapts to network stress by creating a priority queue. Before accessing an onion service, a small puzzle must be solved, proving that some "work" has been done by the client. The harder the puzzle, the more work is being performed, proving a user is genuine and not a bot trying to flood the service. Ultimately the proof-of-work mechanism blocks attackers while giving real users a chance to reach their destination.

What does this mean for attackers and users?

If attackers attempt to flood an onion service with requests, the PoW defense will kick into action and increase the computational effort required to access a .onion site. This ticketing system aims to disadvantage attackers who make a huge number of connection attempts to an onion service. Sustaining these kinds of attacks will require a lot of computational effort on their part with diminishing returns, as the effort increases.

For everyday users, however, who tend to submit only a few requests at a time, the added computational effort of solving the puzzle is manageable for most devices, with initial times per solve ranging from 5 milliseconds for faster computers and up to 30 milliseconds for slower hardware. If the attack traffic increases, the effort of the work will increase, up to roughly 1 minute of work. While this process is invisible to the users and makes waiting on a proof-of-work solution comparable to waiting on a slow network connection, it has the distinct advantage of providing them with a chance to access the Tor network even when it is under stress by proving their humanity. 

Where do we go from here?

Over the past year, we have put a lot of work into mitigating attacks on our network and enhancing our defense for onion services. The introduction of Tor's PoW defense not only positions onion services among the few communication protocols with built-in DoS protections but also, when adopted by major sites, promises to reduce the negative impact of targeted attacks on network speeds. The dynamic nature of this system helps balance the load during sudden surges in traffic ensuring more consistent and reliable access to onion services.

...
@meejah August 22, 2023 - 00:00 • 1 months ago
magic-wormhole 0.13.0 released
At long last a new release of magic-folder ...
@blog August 12, 2023 - 00:00 • 1 months ago
New Alpha Release: Tor Browser 13.0a2 (Android, Windows, macOS, Linux)

Tor Browser 13.0a2 is now available from the Tor Browser download page and also from our distribution directory.

This release updates Firefox to 115.1.0esr, including bug fixes, stability improvements and important security updates. We also backported the Android-specific security updates from Firefox 116.

Major Changes

This is our second alpha release in the 13.0 series which represents a transition from Firefox 102-esr to Firefox 115-esr. This builds on a year's worth of upstream Firefox changes, so alpha-testers should expect to run into issues. If you find any issues, please report them on our gitlab or on the Tor Project forum.

We are in the middle of our annual esr transition audit, where we review Mozilla's year's worth of work with an eye for privacy and security issues that would negatively affect Tor Browser users. This will be completed before we transition the 13.0 alpha series to stable. At-risk users should remain on the 102-esr based 12.5 stable series which will continue to receive security updates until 13.0 alpha is promoted to stable.

Desktop

Tor Controller

We have been working on some major refactors and rewrites to the tor daemon controller code in Tor Browser for Desktop. We are unifying and modernizing the competing implementations of various control port interface methods formerly found in the legacy torbutton and tor-launcher components into encapsulated JavaScript modules within the Firefox codebase. This work is part of long-term plan of necessary code-cleanup and lays the groundwork for supporting alternate tor backends besides the legacy tor daemon.

However, all this code-churn does open up opportunity for new behaviour due to fixed bugs or due to the introduction of new ones. If you use Tor Browser in a non-standard/non-default configuration (either via Firefox preferences or custom environment variables) please ensure things are working as expected for your configuration with this alpha release!

The areas affected by these changes include:

  • configuring Tor Browser to use an external system tor service/daemon
  • fetching censorship-circumvention setting using the lyrebird (formerly obfs4proxy) pluggable transport
  • any tor functionality that relies on communicating with the tor daemon via the control port (circuit display, onion auth, bridge+network settings, new identity, etc)

Tor PoW

This is also the first Tor Browser release including a tor daemon with the new onion service proof-of-work ddos prevention feature. See Proposal 327 for background and the gitlab issue regarding the implementation.

Android

This is our first Android release based on the Firefox 115esr series. Some things are still a bit rough around the edges but, to our knowledge, there are not any known regressions to the browser's core functionality.

Known Issues

Windows

To ensure that we are shipping binaries which only contain the functionality we believe they do, we use a reproducible build strategy. The basic idea is that multiple users with build machines running on different networks independently pull down and build the same source code. We then verify that the built binaries we ultimately sign and ship to users are bit for bit identical. This gives us reasonable confidence that our releases have not been compromised and contain only the functionality found in our source code.

During the 13.0a2 release cycle, we have enabled generating debug information for our supported windows platforms to make trouble-shooting windows-specific issues easier. This debug information includes PDB symbols (which map addresses in the binaries to locations in the firefox source code) and generated C/C++ headers. Unfortunately, the header generation is not deterministic, and so different builders will generate different (though semantically equivalent) outputs.

What this means is that, taken as a whole, our builds are not currently matching. However, the mismatched parts only appear in this debug info which is separate from the actual application that is shipped to end-users (this non-matching debug info needs to be actively sought out and is only useful for developers debugging an issue).

This issue is being tracked here. It will either be fixed before the 13.0 alpha series transitions to stable later this year, or we will disable this developer feature by default to ensure fully matching builds.

Android

There are various graphical bugs in the bootstrapping and landing pages in Tor Browser for Android including misaligned text and Firefox branding. The Tor Browser onboarding for first-time users is also missing. These issues (among others) are being tracked here, here and here.

Full changelog

We would like to thank volunteer contributor FlexFoot for their fix for tor-browser-build#40615. The full changelog since Tor Browser 13.0a1 is:

...
@meejah August 11, 2023 - 00:00 • 1 months ago
pypiratzzi: No More Signatures on PyPI
Since we are no longer allowed to upload signatures to PyPI, everyone has to do something else ...
@anarcat August 9, 2023 - 18:18 • 1 months ago
OpenPGP key transition

This is a short announcement to say that I have changed my main OpenPGP key. A signed statement is available with the cryptographic details but, in short, the reason is that I stopped using my old YubiKey NEO that I have worn on my keyring since 2015.

I now have a YubiKey 5 which supports ED25519 which features much shorter keys and faster decryption. It allowed me to move all my secret subkeys on the key (including encryption keys) while retaining reasonable performance.

I have written extensive documentation on how to do that OpenPGP key rotation and also YubiKey OpenPGP operations.

Warning on storing encryption keys on a YubiKey

People wishing to move their private encryption keys to such a security token should be very careful as there are special precautions to take for disaster recovery.

I am toying with the idea of writing an article specifically about disaster recovery for secrets and backups, dealing specifically with cases of death or disabilities.

Autocrypt changes

One nice change is the impact on Autocrypt headers, which are considerably shorter.

Before, the header didn't even fit on a single line in an email, it overflowed to five lines:

Autocrypt: addr=anarcat@torproject.org; prefer-encrypt=nopreference;
 keydata=xsFNBEogKJ4BEADHRk8dXcT3VmnEZQQdiAaNw8pmnoRG2QkoAvv42q9Ua+DRVe/yAEUd03EOXbMJl++YKWpVuzSFr7IlZ+/lJHOCqDeSsBD6LKBSx/7uH2EOIDizGwfZNF3u7X+gVBMy2V7rTClDJM1eT9QuLMfMakpZkIe2PpGE4g5zbGZixn9er+wEmzk2mt20RImMeLK3jyd6vPb1/Ph9+bTEuEXi6/WDxJ6+b5peWydKOdY1tSbkWZgdi+Bup72DLUGZATE3+Ju5+rFXtb/1/po5dZirhaSRZjZA6sQhyFM/ZhIj92mUM8JJrhkeAC0iJejn4SW8ps2NoPm0kAfVu6apgVACaNmFb4nBAb2k1KWru+UMQnV+VxDVdxhpV628Tn9+8oDg6c+dO3RCCmw+nUUPjeGU0k19S6fNIbNPRlElS31QGL4H0IazZqnE+kw6ojn4Q44h8u7iOfpeanVumtp0lJs6dE2nRw0EdAlt535iQbxHIOy2x5m9IdJ6q1wWFFQDskG+ybN2Qy7SZMQtjjOqM+CmdeAnQGVwxowSDPbHfFpYeCEb+Wzya337Jy9yJwkfa+V7e7Lkv9/OysEsV4hJrOh8YXu9a4qBWZvZHnIO7zRbz7cqVBKmdrL2iGqpEUv/x5onjNQwpjSVX5S+ZRBZTzah0w186IpXVxsU8dSk0yeQskblrwARAQABzSlBbnRvaW5lIEJlYXVwcsOpIDxhbmFyY2F0QHRvcnByb2plY3Qub3JnPsLBlAQTAQgAPgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBI3JAc5kFGwEitUPu3khUlJ7dZIeBQJihnFIBQkacFLiAAoJEHkhUlJ7dZIeXNAP/RsX+27l9K5uGspEaMH6jabAFTQVWD8Ch1om9YvrBgfYtq2k/m4WlkMh9IpT89Ahmlf0eq+V1Vph4wwXBS5McK0dzoFuHXJa1WHThNMaexgHhqJOs
 S60bWyLH4QnGxNaOoQvuAXiCYV4amKl7hSuDVZEn/9etDgm/UhGn2KS3yg0XFsqI7V/3RopHiDT+k7+zpAKd3st2V74w6ht+EFp2Gj0sNTBoCdbmIkRhiLyH9S4B+0Z5dUCUEopGIKKOSbQwyD5jILXEi7VTZhN0CrwIcCuqNo7OXI6e8gJd8McymqK4JrVoCipJbLzyOLxZMxGz8Ki0b9O844/DTzwcYcg9I1qogCsGmZfgVze2XtGxY+9zwSpeCLeef6QOPQ0uxsEYSfVgS+onCesSRCgwAPmppPiva+UlGuIMun87gPpQpV2fqFg/V8zBxRvs6YTGcfcQjfMoBHmZTGb+jk1//QAgnXMO7fGG38YH7iQSSzkmodrH2s27ZKgUTHVxpBL85ptftuRqbR7MzIKXZsKdA88kjIKKXwMmez9L1VbJkM4k+1Kzc5KdVydwi+ujpNegF6ZU8KDNFiN9TbDOlRxK5R+AjwdS8ZOIa4nci77KbNF9OZuO3l/FZwiKp8IFJ1nK7uiKUjmCukL0od/6X2rJtAzJmO5Co93ZVrd5r48oqUvjklzzsBNBFmeC3oBCADEV28RKzbv3dEbOocOsJQWr1R0EHUcbS270CrQZfb9VCZWkFlQ/1ypqFFQSjmmUGbNX2CG5mivVsW6Vgm7gg8HEnVCqzL02BPY4OmylskYMFI5Bra2wRNNQBgjg39L9XU4866q3BQzJp3r0fLRVH8gHM54Jf0FVmTyHotR/Xiw5YavNy2qaQXesqqUv8HBIha0rFblbuYI/cFwOtJ47gu0QmgrU0ytDjlnmDNx4rfsNylwTIHS0Oc7Pezp7MzLmZxnTM9b5VMprAXnQr4rewXCOUKBSto+j4rD5/77DzXw96bbueNruaupb2Iy2OHXNGkB0vKFD3xHsXE2x75NBovtABEBAAHCwqwEGAEIACAWIQSNyQHOZBRsBIrVD7t5IVJSe3WSHgUCWZ4LegIbAgFACRB5IV
 JSe3WSHsB0IAQZAQgAHRYhBHsWQgTQlnI7AZY1qz6h3d2yYdl7BQJZngt6AAoJED6h3d2yYdl7CowH/Rp7GHEoPZTSUK8Ss7crwRmuAIDGBbSPkZbGmm4bOTaNs/gealc2tsVYpoMx7aYgqUW+t+84XciKHT+bjRv8uBnHescKZgDaomDuDKc2JVyx6samGFYuYPcGFReRcdmH0FOoPCn7bMW5mTPztV/wIA80LZD9kPKIXanfUyI3HLP0BPwZG4WTpKzJaalR1BNwu2oF6kEK0ymH3LfDiJ5Sr6emI2jrm4gH+/19ux/x+ST4tvm2PmH3BSQOPzgiqDiFd7RZoAIhmwr3FW4epsK9LtSxsi9gZ2vATBKO1oKtb6olW/keQT6uQCjqPSGojwzGRT2thEANH+5t6Vh0oDPZhrKUXRAAxHMBNHEaoo/M0sjZo+5OF3Ig1rMnI6XbKskLv6hu13cCymW0w/5E4XuYnyQ1cNC3pLvqDQbDx5mAPfBVHuqxJdRLQ3yDM/D2QIsxnkzQwi0FsJuni4vuJzWK/NHHDCvxMCh0YmSgbptUtgW8/niatd2Y6MbfRGxUHoctKtzqzivC8hKMTFrj4AbZhg/e9QVCsh5zSXtpWP0qFDJsxRMx0/432n9d4XUiy4U672r9Q09SsynB3QN6nTaCTWCIxGxjIb+8kJrRqTGwy/PElHX6kF0vQUWZNf2ITV1sd6LK/s/7sH+x4rzgUEHrsKr/qPvY3rUY/dQLd+owXesY83ANOu6oMWhSJnPMksbNa4tIKKbjmw3CFIOfoYHOWf3FtnydHNXoXfj4nBX8oSnkfhLILTJgf6JDFXfw6mTsv/jMzIfDs7PO1LK2oMK0+prSvSoM8bP9dmVEGIurzsTGjhTOBcb0zgyCmYVD3S48vZlTgHszAes1zwaCyt3/tOwrzU5JsRJVns+B/TUYaR/u3oIDMDygvE5ObWxXaFVnCC59r+zl0FazZ0ouyk2AYIR
 zHf+n1n98HCngRO4FRel2yzGDYO2rLPkXRm+NHCRvUA/i4zGkJs2AV0hsKK9/x8uMkBjHAdAheXhY+CsizGzsKjjfwvgqf84LwAzSDdZqLVE2yGTOwU0ESiArJwEQAJhtnC6pScWjzvvQ6rCTGAai6hrRiN6VLVVFLIMaMnlUp92EtgVSNpw6kANtRTpKXUB5fIPZVUrVdfEN06t96/6LE42tgifDAFyFTZY5FdHHri1GG/Cr39MpW2VqCDCtTTPVWHTUlU1ZG631BJ+9NB+ce58TmLr6wBTQrT+W367eRFBC54EsLNb7zQAspCn9pw1xf1XNHOGnrAQ4r9BXhOW5B8CzRd4nLRQwVgtw/c5M/bjemAOoq2WkwN+0mfJe4TSfHwFUozXuN274X+0Gr10fhp8xEDYuQM0qu6W3aDXMBBwIu0jTNudEELsTzhKUbqpsBc9WjwNMCZoCuSw/RTpFBV35mXbqQoQgbcU7uWZslLl9Wvv/C6rjXgd+GeX8SGBjTqq1ZkTv5UXLHTNQzPnbkNEExzqToi/QdSjFMIACnakeOSxc0ckfnsd9pfGv1PUyPyiwrHiqWFzBijzGIZEHxhNGFxAkXwTJR7Pd40a7RDxwbO6p/TSIIum41JtteehLHwTRDdQNMoyfLxuNLEtNYS0uR2jYI1EPQfCNWXCdT2ZK/l6GVP6jyB/olHBIOr+oVXqJh+48ki8cATPczhq3fUr7UivmguGwD67/4omZ4PCKtz1hNndnyYFS9QldEGo+AsB3AoUpVIA0XfQVkxD9IZr+Zu6aJ6nWq4M2bsoxABEBAAHCwXYEGAEIACACGwwWIQSNyQHOZBRsBIrVD7t5IVJSe3WSHgUCWPerZAAKCRB5IVJSe3WSHkIgEACTpxdn/FKrwH0/LDpZDTKWEWm4416l13RjhSt9CUhZ/Gm2GNfXcVTfoF/jKXXgjHcV1DHjfLUPmPVwMdqlf5ACOiFqIUM2ag/OEARh356w
 YG7YEobMjX0CThKe6AV2118XNzRBw/S2IO1LWnL5qaGYPZONUa9Pj0OaErdKIk/V1wge8Zoav2fQPautBcRLW5VA33PH1ggoqKQ4ES1hc9HC6SYKzTCGixu97mu/vjOa8DYgM+33TosLyNy+bCzw62zJkMf89X0tTSdaJSj5Op0SrRvfgjbC2YpJOnXxHr9qaXFbBZQhLjemZi6zRzUNeJ6A3Nzs+gIc4H7s/bYBtcd4ugPEhDeCGffdS3TppH9PnvRXfoa5zj5bsKFgjqjWolCyAmEvd15tXz5yNXtvrpgDhjF5ozPiNp/1EeWX4DxbH2i17drVu4fXwauFZ6lcsAcJxnvCA28RlQlmEQu/gFOx1axVXf6GIuXnQSjQN6qJbByUYrdc/cFCxPO2/lGuUxnufN9Tvb51Qh54laPgGLrlD2huQeSD9Sxa0MNUjNY0qLqaReT99Ygb2LPYGSLoFVx9iZz6sZNt07LqCx9qNgsJwsdmwYsNpMuFbc7nkWjtlEqzsXZHTvYN654p43S+hcAhmmOzQZcew6h71fAJLciiqsPBnCEdgCGFAWhZZdPkMA==

After the change, the entire key fits on a single line, neat!

Autocrypt: addr=anarcat@torproject.org; prefer-encrypt=nopreference;
 keydata=xjMEZHZPzhYJKwYBBAHaRw8BAQdAWdVzOFRW6FYVpeVaDo3sC4aJ2kUW4ukdEZ36UJLAHd7NKUFudG9pbmUgQmVhdXByw6kgPGFuYXJjYXRAdG9ycHJvamVjdC5vcmc+wpUEExYIAD4WIQS7ts1MmNdOE1inUqYCKTpvpOU0cwUCZHZgvwIbAwUJAeEzgAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRACKTpvpOU0c47SAPdEqfeHtFDx9UPhElZf7nSM69KyvPWXMocu9Kcu/sw1AQD5QkPzK5oxierims6/KUkIKDHdt8UcNp234V+UdD/ZB844BGR2UM4SCisGAQQBl1UBBQEBB0CYZha2IMY54WFXMG4S9/Smef54Pgon99LJ/hJ885p0ZAMBCAfCdwQYFggAIBYhBLu2zUyY104TWKdSpgIpOm+k5TRzBQJkdlDOAhsMAAoJEAIpOm+k5TRzBg0A+IbcsZhLx6FRIqBJCdfYMo7qovEo+vX0HZsUPRlq4HkBAIctCzmH3WyfOD/aUTeOF3tY+tIGUxxjQLGsNQZeGrQI

Note that I have implemented my own kind of ridiculous Autocrypt support for the Notmuch Emacs email client I use, see this elisp code. To import keys, I pipe the message into this script which is basically just:

sq autocrypt decode | gpg --import

... thanks to Sequoia best-of-class Autocrypt support.

Note on OpenPGP usage

While some have claimed OpenPGP's death, I believe those are overstated. Maybe it's just me, but I still use OpenPGP for my password management, to authenticate users and messages, and it's the interface to my YubiKey for authenticating with SSH servers.

I understand people feel that OpenPGP is possibly insecure, counter-intuitive and full of problems, but I think most of those problems should instead be attributed to its current flagship implementation, GnuPG. I have tried to work with GnuPG for years, and it keeps surprising me with evilness and oddities.

I have high hopes that the Sequoia project can bring some sanity into this space, and I also hope that RFC4880bis can eventually get somewhere so we have a more solid specification with more robust crypto. It's kind of a shame that this has dragged on for so long, but Update: there's a separate draft called openpgp-crypto-refresh that might actually be adopted as the "OpenPGP RFC" soon! And it doesn't keep real work from happening in Sequoia and other implementations. Thunderbird rewrote their OpenPGP implementation with RNP (which was, granted, a bumpy road because it lost compatibility with GnuPG) and Sequoia now has a certificate store with trust management (but still no secret storage), preliminary OpenPGP card support and even a basic GnuPG compatibility layer. I'm also curious to try out the OpenPGP CA capabilities.

So maybe it's just because I'm becoming an old fart that doesn't want to change tools, but so far I haven't seen a good incentive in switching away from OpenPGP, and haven't found a good set of tools that completely replace it. Maybe OpenSSH's keys and CA can eventually replace it, but I suspect they will end up rebuilding most of OpenPGP anyway, just more slowly. If they do, let's hope they avoid the mistakes our community has done in the past at least...

...
@blog August 2, 2023 - 00:00 • 2 months ago
New Release: Tor Browser 12.5.2

Tor Browser 12.5.2 is now available from the Tor Browser download page and also from our distribution directory.

This release updates Firefox to 102.14.0esr, including bug fixes, stability improvements and important security updates. We also backported the Android-specific security updates from Firefox 116.

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full changelog

The full changelog since Tor Browser 12.5.1 is:

  • All Platforms
    • Updated Translations
    • Updated NoScript to 11.4.26
    • Bug tor-browser#41908: Rebase stable 12.5 to 102.14esr
  • Windows + macOS + Linux
    • Updated Firefox to 102.14.0esr
  • Windows
    • Bug tor-browser#41761: xul.dll win crash tor-browser 12.5.1 (based on Mozilla Firefox 102.13.0esr) (64-Bit)
  • Android
    • Updated GeckoView to 102.14.0esr
    • Bug tor-browser#41928: Backport Android-specific security fixes from Firefox 116 to ESR 102.14 / 115.1 - based Tor Browser
  • Build System
...
@blog August 1, 2023 - 00:00 • 2 months ago
Arti 1.1.7 is released: incremental improvements, numerous bugfixes

Arti is our ongoing project to create a next-generation Tor client in Rust. Now we're announcing the latest release, Arti 1.1.7.

This focuses on maintenance, bugfixing, and cleanups to earlier releases. It also lays groundwork for being able to run as an onion service.

Notable bugs fixed include one that prevented Arti from being able to connect to certain onionbalance onion services, one where we didn't compile in support for connecting to onion services by default, and one that broke bridge connections under some circumstances.

We've also added initial implementations of the HashX ASIC-resistant hash function and the related EquiX proof-of-work function, for eventual use in protecting onion services from denial-of-service attacks.

With this release, there have been many smaller and less visible changes as well; for those, please see the CHANGELOG.

For more information on using Arti, see our top-level README, and the documentation for the arti binary.

Thanks to everybody who's contributed to this release, including Alexander Færøy, Dimitris Apostolou, Jim Newsome, juga, Kunal Mehta, Micah Elizabeth Scott, Saksham Mittal, sw1tch, and Trinity Pointard.

Also, our deep thanks to Zcash Community Grants and our other sponsors for funding the development of Arti!

...
@ooni August 1, 2023 - 00:00 • 2 months ago
Senegal: Social media blocks and network outages amid political unrest
Violent protests erupted in Senegal on 1st June 2023 over the sentencing of opposition leader Ousmane Sonko. On the same day, OONI data collected from Senegal showed that ISPs started blocking access to several instant messaging apps and social media platforms (which were also reported by several news outlets). Those blocks appear to have been in place for a week (until 7th June 2023). Meanwhile, Cloudflare observed three disruptions to traffic from AS37649 (Free/Tigo), and two disruptions at Sudatel Senegal during this period. ...
@kushal July 28, 2023 - 06:21 • 2 months ago
My talk in RustNL 2023

starting of the conference

On May 10th, I attended my first ever Rust conference, RustNL 2023. I reached there the night before. My talk was the 3rd one in the morning.

My talk

The title of my talk was Using Rust to write Python modules, and my main plan was to inform developers in the crowd to think about python developers as their API/library users. I demoed Tumpa to showcase what can be achieved to help the final end users.

The next 2 talks after mine also had Python in the theme. You should check out all the talks from the conference.

Book signing queue

I also managed to meet Mara Bos and get a copy of the book signed. Thank you so much.

I found the conference very tightly organized. The venue being on top of a library and centrally located was also very useful. The funniest incident was to find milk in the lunch menu, that was a first for me.

I also managed to meet some friends whom I only knew from Internet and met other Fedora friends after around 8 years.

I am hoping to be able to participate next year too.

...
@ooni July 28, 2023 - 00:00 • 2 months ago
China is blocking OONI
We usually report on how other services are blocked. This time, we’re reporting on how our own services are blocked. China recently started blocking access to our website (ooni.org) and censorship measurement app (OONI Probe). This is not too surprising, given the fact that our work and tools center around measuring and exposing internet censorship (in China and around the world), and China has one of the most advanced and pervasive levels of internet censorship in the world. ...
@blog July 26, 2023 - 00:00 • 2 months ago
New Alpha Release: Tor Browser 13.0a1 (Windows, macOS, Linux)

Tor Browser 13.0a1 is now available from the Tor Browser download page and also from our distribution directory.

This release updates Firefox to 115.0.2esr, including bug fixes, stability improvements and important security updates. This is a Desktop platform only release (Windows, macOS, and Linux), but Android should be available in the coming weeks.

This is our first alpha release in the 13.0 series and represents a transition from Firefox 102-esr to Firefox 115-esr. This builds on a year's worth of upstream Firefox changes, so alpha-testers should expect to run into issues. If you find any issues, please report them on our gitlab or on the Tor Project forum.

We have started our annual esr transition audit, where we review Mozilla's year's worth of work with an eye for privacy and security issues that would negatively affect Tor Browser users. This will be completed before we transition the 13.0 alpha series to stable. At-risk users should remain on the 102-esr based 12.5 stable series which will continue to receive security updates until 13.0 alpha is promoted to stable.

We would like to thank volunteer contributor cypherpunks1 for their fixes for tor-browser#26277, tor-browser#33955, tor-browser#41399, and tor-browser#41791. If you would like to contribute, our issue tracker can be found here.

Full changelog

The full changelog since Tor Browser 12.5a7 is:

...
@blog July 4, 2023 - 00:00 • 3 months ago
New Release: Tor Browser 12.5.1

Tor Browser 12.5.1 is now available from the Tor Browser download page and also from our distribution directory.

This release updates Firefox to 102.13.0esr, including bug fixes, stability improvements and important security updates. There were no Android-specific security updates to backport from the Firefox 115 release..

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full changelog

The full changelog since Tor Browser 12.5 is:

  • All Platforms
    • Updated Translations
    • Updated NoScript to 11.4.24
    • Bug tor-browser#41860: Rebase 12.5 stable to 102.13esr
  • Windows + macOS + Linux
    • Updated Firefox to 102.13.0esr
    • Bug tor-browser#41854: Download Spam Protection cannot be overridden to allow legitimate downloads
    • Bug tor-browser#41856: Onion service authorization prompt's key field does not get focus when clicked
    • Bug tor-browser#41858: 'Learn more' link in onboarding links to 12.0 release notes and not 12.5
  • Android
    • Updated GeckoView to 102.13.0esr
...
@kushal July 2, 2023 - 09:46 • 3 months ago
Thank you Mikko

Thank you Mikko Hyppönen for spending me this punch card along with your signature.

Book front cover with the punchcard

It was difficult to figure out a trip to Finland to get the book signed by him, but he is kind enough to send me a signature to keep :)

Book cover with the signed punchcard

...
@blog June 30, 2023 - 00:00 • 3 months ago
Arti 1.1.6 is released: Now you can connect* to Onion Services!

Arti is our ongoing project to create a next-generation Tor client in Rust. Now we're announcing the latest release, Arti 1.1.6.

After months of hard work, Arti finally has working client-side onion service support! That is, programs can* now use Arti to connect to onion services on the Tor network.

*: Note that this feature is not yet as secure as the equivalent feature in the C tor implementation, and as such you probably shouldn't use it for security-sensitive purposes. (Our implementation is missing the “vanguards-lite” feature that C tor uses to prevent guard discovery attacks.) For this reason, the feature is (for now) disabled by default. To turn it on, you can enable it on the command line (arti -o address_filter.allow_onion_addrs=true proxy) or edit your arti.toml configuration file (set allow_onion_addrs = true in the section [address_filter]).

(Edited 2023-07-07 to add: Also, when you build Arti, you need to provide a non-default Cargo feature. Add --features=arti/onion-service-client when building. This restriction will be removed in the next release.)

This release also introduces our key manager functionality. Unlike the C tor implementation, where the ability to manage keys on disk grew organically (and unevenly) over time, with Arti we’re trying to provide a uniform and consistent API and CLI for managing secret keys. For now, this functionality is in a preliminary state, and the usability is somewhat lacking. If you want, you can use it to experiment with onion service client authorization, but you might have a better time if you wait until the next release.

With this release, there have been many smaller and less visible changes as well; for those, please see the CHANGELOG.

For more information on using Arti, see our top-level README, and the documentation for the arti binary.

Thanks to everybody who's contributed to this release, including Alexander Færøy, Andy, Jim Newsome, nate_d1azzz, pinkforest, Saksham Mittal, and Trinity Pointard.

Finally, our deep thanks to Zcash Community Grants for funding the development of Arti!

...
@anarcat June 29, 2023 - 04:23 • 3 months ago
Using signal-cli to cancel your Signal account

For obscure reasons, I have found myself with a phone number registered with Signal but without any device associated with it.

This is the I lost my phone section in Signal support, which rather unhelpfully tell you that, literally:

Until you have access to your phone number, there is nothing that can be done with Signal.

To be fair, I guess that sort of makes sense: Signal relies heavily on phone numbers for identity. It's how you register to the service and how you recover after losing your phone number. If you have your PIN ready, you don't even change safety numbers!

But my case is different: this phone number was a test number, associated with my tablet, because you can't link multiple Android device to the same phone number. And now that I brilliantly bricked that tablet, I just need to tell people to stop trying to contact me over that thing (which wasn't really working in the first place anyway because I wasn't using the tablet that much, but I digress).

So. What do you do? You could follow the above "lost my phone" guide and get a new Android or iOS phone to register on Signal again, but that's pretty dumb: I don't want another phone, I already have one.

Lo and behold, signal-cli to the rescue!

Disclaimer: no warranty or liability

Before following this guide, make sure you remember the license of this website, which specifically has a Section 5 – Disclaimer of Warranties and Limitation of Liability.

If you follow this guide literally, you might actually get into trouble.

You have been warned. All Cats Are Beautiful.

Installing in Docker

Because signal-cli is not packaged in Debian (but really should be), I need to bend over backwards to install it. The installation instructions suggest building from source (what is this, GentooBSD?) or installing binary files (what is this, Debiandows?), that's all so last millennium. I want something fresh and fancy, so I went with the extremely legit Docker registry ran by the not-shady-at-all gitlab.com/packaging group which is suspiciously not owned by any GitLab.com person I know of.

This is surely perfectly safe.

(Insert long digression on supply chain security here and how Podman is so much superior to Docker. Feel free to dive deep into how RedHat sold out to the nazis or how this is just me ranting about something I don't understand, again. I'm not going to do all the work for you.)

Anyway.

The magic command is:

mkdir .config/signal-cli
podman pull registry.gitlab.com/packaging/signal-cli/signal-cli-jre:latest
# lightly hit computer with magic supply chain verification wand
alias signal-cli="podman run --rm --publish 7583:7583 --volume .config/signal-cli:/var/lib/signal-cli --tmpfs /tmp:exec   registry.gitlab.com/packaging/signal-cli/signal-cli-jre:latest --config /var/lib/signal-cli"

At this point, you have a signal-cli alias that should more or less behave as per upstream documentation. Note that it sets up a network service on port 7583 which is unnecessary because you likely won't be using signal-cli's "daemon mode" here, this is a one-shot thing. But I'll probably be reusing those instructions later on, so I figured it might be a safe addition. Besides, it's what the instructions told me to do so I'm blindly slamming my head in the bash pipe, as trained.

Also, you're going to have the signal-cli configuration persist in ~/.config/signal-cli there. Again, totally unnecessary.

Re-registering the number

Back to our original plan of canceling our Signal account. The next step is, of course, to register with Signal.

Yes, this is a little counter-intuitive and you'd think there would be a "I want off this boat" button on https://signal.org that would do this for you, but hey, I guess that's only reserved for elite hackers who want to screw people over, I mean close their accounts. Mere mortals don't get access to such beauties.

Update: a friend reminded me there used to be such a page at https://signal.org/signal/unregister/ but it's mysteriously gone from the web, but still available on the wayback machine although surely that doesn't work anymore. Untested.

To register an account with signal-cli, you first need to pass a CAPTCHA. Those are the funky images generated by deep neural networks that try to fool humans into thinking other neural networks can't break them, and generally annoy the hell out of people. This will generate a URL that looks like:

signalcaptcha://signal-hcaptcha.$UUID.registration.$THIRTYTWOKILOBYTESOFGARBAGE

Yes, it's a very long URL. Yes, you need the entire thing.

The URL is hidden behind the Open Signal link, you can right-click on the link to copy it or, if you want to feel like it's 1988 again, use view-source: or butterflies or something.

You will also need the phone number you want to unregister here, obviously. We're going to take a not quite random phone number as an example, +18002677468.

Don't do this at home kids! Use the actual number and don't copy-paste examples from random websites!

So the actual command you need to run now is:

signal-cli -a +18002677468 register --captcha signalcaptcha://signal-hcaptcha.$UUID.registration.$THIRTYTWOKILOBYTESOFGARBAGE

To confirm the registration, Signal will send a text message (SMS) to that phone number with a verification code. (Fun fact: it's actually Twilio relaying that message for Signal and that is... not great.)

If you don't have access to SMS on that number, you can try again with the --voice option, which will do the same thing with a actual phone call. I wish it would say "Ok boomer" when it calls, but it doesn't.

If you don't have access to either, you're screwed. You may be able to port your phone number to another provider to gain control of the phone number again that said, but at that point it's a whole different ball game.

With any luck now you've received the verification code. You use it with:

signal-cli -a +18002677468 verify 131213

If you want to make sure this worked, you can try writing to another not random number at all, it should Just Work:

signal-cli -a +18002677468 send -mtest +18005778477

This is almost without any warning on the other end too, which says something amazing about Signal's usability and something horrible about its security.

Unregistering the number

Now we get to the final conclusion, the climax. Can you feel it? I'll try to refrain from further rants, I promise.

It's pretty simple and fast, just call:

signal-cli -a +18002677468 unregister

That's it! Your peers will now see an "Invite to Signal" button instead of a text field to send a text message.

Cleanup

Optionally, cleanup the mess you left on this computer:

rm -r ~/.config/signal-cli
podman image rm registry.gitlab.com/packaging/signal-cli/signal-cli-jre
...
@blog June 22, 2023 - 00:00 • 3 months ago
New release: Tor Browser 12.5

Tor Browser 12.5 is now available from the Tor Browser download page and our distribution directory. Many of the features in this release were made possible thanks to two projects:

Since 2021 we've provided digital security training to hundreds of journalists and human rights defenders in Brazil, Ecuador and Mexico alongside Guardian Project and Tails. During these workshops we documented pain points with our applications' user experience, and returned to validate potential solutions with Tor Browser Alpha in follow-up trips.

Secondly, in April we announced the launch of Mullvad Browser, a new privacy browser built by the Tor Project and distributed by Mullvad. This collaboration has enabled us to refactor Tor Browser's build system, address numerous legacy issues and conduct an accessibility review of Tor Browser's custom components – which you can learn more about below.

What's new?

Updated circuit display

In Tor Browser for desktop, the Tor circuit for each of your tabs can be found in the circuit display. Up until this release the circuit display lived in the site information panel – meaning you'd have to click the padlock icon (or onion icon, in the case of onion sites) to the left of the address bar to access it. Usability testing participants often struggled to find the circuit display when asked, and users generally needed to be taught where it lived.

To fix this, we've moved the circuit display behind a colorful new icon that sits beside the padlock. In addition, relays now have flags to help make their locations easier to identify at a glance; the design of onion site circuits has been made more concise; SecureDrop users who visit a human-readable onion name can now see and switch back to the underlying V3 onion address; and the panel as a whole has been rebuilt from scratch for better compatibility with screen readers.

Screenshot of the updated circuit display for securedrop.org in Tor Browser for desktop

New onion site icons

Previously, onion sites were represented by the onion-glyph – a tiny, flat version of Tor Browser's onion logo. Now, when you visit an onion site in Tor Browser 12.5 on either desktop or Android you'll notice something new.

It's important to recognize that onion services are not exclusive to Tor Browser, and are a product in their own right. As onion service adoption has grown among civil society groups, human rights organizations, and news media outlets, so too has support for visiting onion services by third-party apps. Today, in addition to Tor Browser, you can also access onion services in compatible apps like Orbot, Onion Browser and Brave, to name a few. Given that, it no longer makes sense to continue to represent onion sites with an icon so closely associated with Tor Browser, and we're excited to introduce their new identity today.

Screenshot of the ProPublica onion site in Tor Browser for desktop and Android

Improved connection experience

In Tor Browser 10.5 for desktop we retired the Tor Launcher in favor of a new interface that allows users to connect to Tor from the browser window itself. This feature unlocked the added benefit of being able to access Tor Browser's other menus while offline, including Connection settings, which offers greater functionality than the equivalent Tor Launcher settings page ever did.

Since that release, usability testing participants have sometimes had difficulty figuring out how to connect after navigating away from the Connect to Tor tab. To remedy this, we've made the Connect button accessible in the address bar of any page you visit while offline, and Tor Browser will connect automatically after you've configured a bridge in Connection settings. We've also improved the visibility of the browser's connection status, which can now be found in the top-right of the browser window, and you'll notice a new connection icon appear throughout the browser too.

Screenshot of the Connection settings tab before connecting in Tor Browser for desktop

Better accessibility

As Tor Browser is based on the Extended Support Release of Firefox, we reuse as much of Firefox's front-end user experience as possible so that we can concentrate our resources on privacy and security issues. However Tor Browser also includes many custom pages and components on top of Firefox.

In parallel with longstanding efforts by Mozilla to improve Firefox's accessibility, we began an accessibility review of our own to document issues with Tor Browser for desktop's custom features. This review has now been completed, and we're beginning to deploy the first fixes in what will be a multi-release effort to improve Tor Browser's accessibility.

Since Tor Browser 11.5 we've refactored several components including bundled changelogs (about:tbupdate), the circuit display, the security level panel, miscellaneous dialogs and other parts of the browser chrome. If you use a screen reader or any other assistive technology, we'd love to get your help testing past and future fixes by volunteering as an alpha tester and feeding back to our developers on the Tor forum.

Screenshot of the internal changelog with the security level panel expanded in Tor Browser for desktop

Finnish language support

In Tor Browser 12.0 we added support for Albanian and Ukrainian. Now, thanks to the incredible work of our volunteer translators and partners at the Localization Lab, we're delighted to include Finnish (Suomi) as a language option on both desktop and Android too. If you spot an error in Finnish or any other language, you can learn more about how to contribute to the translation of Tor Browser, its documentation and our websites on our localization portal.

Screenshot of the connection page in Finnish in Tor Browser for desktop and Android

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know. Thanks to all of the teams across Tor, and the many volunteers, who contributed to this release.

Full changelog

The full changelog since Tor Browser 12.0.7 is:

...