by duncan | October 22, 2024
Tor Browser 14.0 is now available from the Tor Browser download page and our distribution directory. This is our first stable release based on Firefox ESR 128, incorporating a year's worth of changes shipped upstream in Firefox. As part of this process we've also completed our annual ESR transition audit, where we reviewed and addressed over 200 Bugzilla issues for changes in Firefox that may negatively affect the privacy and security of Tor Browser users. Our final reports from this audit are now available in the tor-browser-spec repository on our Gitlab instance.
Firefox's design also continues to evolve, and the ESR transition is our opportunity to update Tor Browser to reflect the most recent patterns and styles used in Firefox. For example, eagle-eyed Tor Browser users will notice updates to Tor Browser's typography that we've inherited from Firefox, including heavier headings and changes to line heights intended to improve font compatibility and accessibility.
In addition to the ESR, we overcame many other technical challenges that you can read more about in Morgan's series of blog posts chronicling the team's progress with Tor Browser Alpha, including: unifying Tor Browser for Android's codebase into a monorepo, addressing reproducibility issues in our Android APK generation, reducing Android's APK size for x86 and x86_64 platforms, and changes to how we spoof Tor Browser's user agent, to name a few. This release also includes a series of improvements to the usability and compatibility of our fingerprinting protections without compromising their effectiveness, allowing us to enable useful features like picture-in-picture, screenshots and more.
The ongoing development of Tor Browser is made possible thanks to the support of our community. If Tor Browser is important to you, now is a great time to support our mission, as all donations will be matched through the end of the year.
What's new?
New circuit for Android
In previous versions of Tor Browser for Android, users could request a "New identity" by interacting with a persistent notification that appeared while Tor Browser was running. However this was unusual for a couple of reasons – firstly, no such feature was available in the app's user interface itself, and it could only be enabled outside the app via Android's notification drawer. Secondly, this feature did not perform the same steps as Tor Browser for desktop to reset your identity, such as closing all tabs, clearing all cookies and wiping your browsing history. In actuality, it functioned more like a "refresh all circuits" button.
We've since learned that most Android users were relying on this feature as workaround to request a new circuit for a broken website, rather than reset their identity as such. So when this notification inadvertently disappeared in Tor Browser 13.5, we didn't rush to bring it back in its original state. Instead, we chose to focus our efforts on porting the desktop feature "New circuit for this site" to Android, allowing our mobile users to request a new circuit in a more targeted fashion.
Extended support for legacy platforms
With the release of Tor Browser 13.5, we began warning users of Windows 7, 8 and 8.1 and macOS 10.12, 10.13 and 10.14 that this would be the last major release to support their platforms. In short, that situation has now changed, and users of these legacy platforms will continue to receive critical security updates updates on a temporary basis until at least March 2025.
Microsoft ended support for Windows 7, 8 and 8.1 in January of 2023, and Apple typically provides support for the previous three versions of macOS. In turn, Mozilla moved support for these versions to the Extended Support Release (ESR) of Firefox last year, and ESR 115 will be the final version of Firefox to support these platforms. However, Mozilla have since announced that ESR 115 will continue to receive critical security updates until at least March 2025, with the intention to re-evaluate the situation at the beginning of the year.
So how does this affect Tor Browser users? That's where it gets a little complicated: Tor Browser 13 is currently based on Firefox ESR 115, whereas Tor Browser 14 is based on ESR 128 – which doesn't support these legacy platforms. This means that the Tor Browser user base will be split across two update paths:
- Users of Windows 10 or later and macOS 10.15 or later will be updated to Tor Browser 14.0.
- User of Windows 7, 8 and 8.1 and macOS 10.12, 10.13 and 10.14 will remain on Tor Browser 13.5.
In turn, the Tor Project will continue to release new versions of Tor Browser 13.5 whenever critical security updates are made available for Firefox ESR 115. Ultimately, this support is only temporary, and is dependent on Mozilla's timetable. Therefore we strongly recommend users of legacy Windows and macOS platforms upgrade their operating systems in order to update to Tor Browser 14.0 before the extended support window ends. Keeping Tor Browser up to date is critical to protect your privacy, security and anonymity online.
Known issues
Tor Browser 14.0 comes with a number of known issues that are searchable on Tor Browser's Gitlab project. In particular, Windows and Android users should be aware of the following:
Android
We are currently working on a fix for an issue with Guardian Project's F-Droid repo that's been preventing F-Droid users from updating since Tor Browser 13.5.3's release. Until this issue is resolved, Android users who have installed Tor Browser via Guardian Project's F-Droid repo will not receive the 14.0 update. Google Play is unaffected by this issue, and Tor Browser 14.0 can be downloaded from there in the interim. Alternatively, affected users may download and install the APK for Tor Browser 14.0 directly from our download page, however please note that APKs do not update automatically. For more details, see tor-browser#43208.
Windows
Running Tor Browser in compatibility mode in Windows 10 and 11 can make it appear as though you're using Windows 7 instead. Given the minimum support requirements for Tor Browser 14.0 described above, Windows 10 and 11 users will need to ensure compatibility mode is switched off before they can update to 14.0.
Contributors <3
Thanks to all of the teams across Tor, and the wider community, who contributed to this release. In particular we'd like to extend our gratitude to the following volunteers who have contributed their expertise, labor, and time to this release:
cypherpunks1
Thank you for tackling the (now shrinking) list of Android bugs, UI discrepancies, and packaging problems. The Android release is more polished than it otherwise would be because of your help.
- tor-browser#41550
- tor-browser#43052
- tor-browser#43129
- tor-browser#43146
- tor-browser#43147
- tor-browser#43202
- tor-browser#43223
- tor-browser#43225
- tor-browser#43227
- tor-browser#43228
- tor-browser-build#41261
NoisyCoil
Thank you for bringing us one step closer to reproducible aarch64 Linux builds. This merge-request was long in the making.
thorin
Last but not least, a big thank you to thorin for your help keeping track of and flagging upstream issues, developing tests, verifying our fixes, maximizing Tor Browser's fingerprinting protections, and for being an ever present advocate for user privacy in general.
If you would like to contribute to a future release, please see our guide for new contributors to get started. If you find a bug or have a suggestion for how we could improve this release, we'd love to hear your feedback.
Full changelog
The full changelog since Tor Browser 13.5.7 for desktop and Tor Browser 13.5.8 for Android can be viewed on the accompanying blog post.
This is a companion discussion topic for the original entry at https://blog.torproject.org/new-release-tor-browser-140