Tor Browser 9.0 Introduces Enhanced Security Features

The developers of Tor have released the ninth version of their browser, Tor Browser 9.0. This is the first stable release based on Firefox 68 ESR, and in addition to all the security updates from Firefox, it also includes updates for other components. Specifically, Tor has been updated to version 0.4.1.6, OpenSSL to version 1.1.1d (for desktop PCs), and Tor for Android to version 0.4.1.5.

Key Security Enhancements

• All traffic in Tor Browser is routed exclusively through the Tor network. Since direct connections via the system’s standard network interface are not possible, it is also impossible to trace the user’s real IP address.
• The new version includes the HTTPS Everywhere extension from the Electronic Frontier Foundation (EFF), which automatically switches websites to use HTTPS instead of HTTP (provided the sites support HTTPS).
• Developers have improved protection against JavaScript-based attacks by adding the NoScript extension, which blocks executable content.
• To help bypass censorship and traffic inspection, the browser now includes fteproxy and obfs4proxy tools.
• Alternative protocols have been introduced for transmitting encrypted traffic in environments that only allow data transfer over HTTP.

Additional Privacy Protections

Users now benefit from extra protection against profiling and location tracking thanks to the disabling or restriction of several APIs, including:

• WebGL, WebGL2, WebAudio
• Social, SpeechSynthesis, Touch
• AudioContext, HTMLMediaElement, Mediastream
• Canvas, SharedWorker, Permissions
• MediaDevices.enumerateDevices, screen.orientation

Additionally, telemetry mechanisms such as Pocket, Reader View, HTTP Alternative-Services, MozTCPSocket, and “link rel=preconnect” have been disabled.