New Alpha Release: Tor Browser 13.5a4
Tor Browser 13.5a4 is now available from the Tor Browser download page and also from our distribution directory.
This version includes important security updates to Firefox.
We would like to thank the following volunteers for their contributions this release:
- guest475646844 for their fix to tor-browser#42354
- Mynacol for their documentation updates in tor-browser-build#41073 and their ongoing efforts to release Tor Browser for Android on F-Droid
- NoisyCoil for their documentation updates in tor-browser-build#41038
Thank you all for your contributions! If you would like to contribute, our contributor guide can be found here.
Connect Assist Android Bug Fixes
As discussed in the 13.5a3 release post, we have brought an initial implmentation of connect assist to Android. This feature helps users connecting from censored networks to automatically apply a tor configuration that allows them to bootstrap and connect to the Tor Network.
We have made some bug fixes this past month so censored users should see some improvements. You can try it out for yourself by navigating to the Settings > Tor Network
and selecting Enable beta connection features
. So please, give it a go!
Known Issues
This is still feature is still very much a prototype, so there are a few known issues:
- The 'Enable beta connection features' toggle currently only allows enabling the 'HTML UI'. Unfortunately the 'Native Android UI' option is still not quite ready, but is under active development.
- There is currently a white bar at the bottom of the 'HTML UI' connect assist screen. This 'HTML UI' is actually just the Desktop connect-experience with Android-specific modification to allow us to exercise the backend. It will be replaced with an Android-native frontend before 13.5 stabilises!
Intentional Letterboxing Design
One of the most reported issues we get from users relates to confusion about the browser's letterboxing feature; most think the empty space around the web content is a rendering bug! In reality, the padding provides fingerprinting protections which help prevent adversaries from tracking you across the internet.
We have implemented the new look specified in tor-browser#41917 and will be adding some user customisation to about:preferences in the near future. In the meantime, you can play with the current exposed visual customisations by modifying the following boolean prefs in about:config
:
privacy.resistFingerprinting.letterboxing.gradient
: enables a gradient in the letterboxing background/tray area (default true)privacy.resistFingerprinting.letterboxing.vcenter
: vertically centers the website content within the browser window (default true)
These options are purely aesthetic and should have no affect on the user's browser fingerprint (though we would love to know if that is not the case).
Send us your feedback
If you find a bug or have a suggestion for how we could improve this release, please let us know.
Full changelog
The full changelog since Tor Browser 13.5a3 is:
- All Platforms
- Updated zlib to 1.3.1
- Updated Snowflake to 2.8.1
- Bug tor-browser#42343: Consume pt_config.json in the browser
- Bug tor-browser#42348: TorSettings.defaultSettings() removed but still referenced by Moat.sys.mjs
- Bug tor-browser#42354: Refactor exclusions in ShouldSanitizePreference() to the pref list.
- Bug tor-browser#42358: Separate the domain fronted requests from Moat
- Bug tor-browser#42359: Handle firewall and proxy in TorSettings.setSettings
- Bug tor-browser#42363: Tab thumbnails enhancements
- Bug tor-browser#42366: Rebase Tor Browser Alpha onto Firefox 115.7.0esr
- Bug tor-browser#42369: Revert YEC 2023 changes
- Bug tor-browser#42374: spoof english leaks via numberingSystem: numbers (non-latn) or decimal separator (latn)
- Bug tor-browser#42384: Regression: quickstart doesn't work anymore
- Bug tor-browser-build#41058: Update Snowflake to 2.8.1
- Bug mullvad-browser#262: Mouse-over long links causes the browser element to re-center relative to width of status tooltip
- Windows + macOS + Linux
- Updated Firefox to 115.7.0esr
- Bug tor-browser#41917: Make the appearance of letterboxing look more intentional
- Bug tor-browser#42036: Design and build a user interface for Lox
- Bug tor-browser#42338: Changing circuit programmatically in Tor Browser not working anymore!
- Bug tor-browser#42387: Visual noise in 13.5a4 letterboxing
- Linux
- Bug tor-browser#42293: Updater is disabled when tor-browser is run by torbrowser-launcher flatpak
- Android
- Updated GeckoView to 115.7.0esr
- Bug tor-browser#42252: Plumb down TorConnect commands from firefox-android to GeckoView
- Bug tor-browser#42346: Crash in firefox-android originating in backported FullScreenNotificationDialog patch
- Bug tor-browser#42353: Fix Android NoScript automatic updates
- Bug tor-browser#42355: Fullscreen on Android doesn't hide system bars
- Bug tor-browser#42367: Backport Android security fixes from Firefox 122
- Bug tor-browser#42368: Tor Browser 13.5a3 crashes during start-up because of API26+ methods
- Build System
- All Platforms
- Updated Go to 1.20.13 and 1.21.6
- Bug tor-browser-build#41037: Set time on signing machine before starting signing
- Bug tor-browser-build#41038: Add RPM dependencies to README
- Bug tor-browser-build#41059: Update keyring/torbrowser.gpg with updated key
- Bug tor-browser-build#41063: Run "file $keyring" in tools/keyring/list-all-keyrings
- Bug tor-browser-build#41067: Use Capture::Tiny instead of IO::CaptureOutput
- Bug tor-browser-build#41073: Update documention about required packages for container-less build
- Bug rbm#40067: Use --no-verbose wget option when not running in a terminal
- Windows + macOS + Linux
- Bug tor-browser-build#41078: pt_config.json not touch'd before adding to omni.ja, resulting in build non-determinism
- Windows
- Bug tor-browser-build#40606: Use Clang to compile NSIS
- Bug tor-browser-build#40900: Update NSIS to 3.09
- Bug tor-browser-build#41065: Do a cleanup of the NSIS script
- All Platforms
Comments
We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the moderators. Please do not comment as a way to receive support or to report bugs on a post unrelated to a release. If you are looking for support, please see our FAQ, user support forum or ways to get in touch with us.