Tor Legacy support for no-telemetry WinOS users

Hi Tor Developer Team,

We are Zharko Gjurov and Liljana Ackovska - Macedonian (mk-MK) localization mangers for Tor and all Tor-related products.
Also we are running an independent project named “Managing with Digital Security and Anonymity” (original name on Macedonian: “Управување со Дигиталната Безбедност и Анонимност” - UDBA-MK) on website:

successfully for more than 5 years till now, where we are promoting Tor and all Tor-based applications and products.

Our users reported us a big problem with unsupported operating systems, and they are keep asking us for a solution how mainly Tor Browser and Tor-based applications to work on old operating systems like XP and Vista?
Also soon with latest supported ESR release of Mozilla Firefox v115.x which is the last supported version of Firefox for Windows 7, the Windows 7 users will face with the same compatibility problem.

We made an analysis and the results are very, very disturbing because we have found a faked published data on Operating System Market share. About the countries we have data for: North Macedonia, Egypt, Turkey, Iran, Morocco, Algeria, Greece, Argentina, Paraguay, Uruguay, Peru, Bolivia, Mexico, Brazil, Portugal, Azerbaijan, Belarus, Netherlands, Montenegro, Bosnia and Herzegovina, Malta, UAE, and parts of China their home-based users, small businesses and large part of their Government institutions and medical centers are using Windows XP, Vista, or Windows 7 and their server counterparts (versions) between 60-70% on all running hardware.
They told us that they must use that versions of the operating systems according with the highest act of the ruler of the country, so even the official support is stopped, they are not updating to newer operating system and they wouldn’t in the future at all, as they said, not now even not ever.
This is mostly because data-sharing telemetry policy of Windows 10 and Windows 11 that share the same kernel base 10.0.
The statements like: “Understanding of privacy begins with understanding how developers use your data” not only is unacceptable but is punishable by law.

So, how we can help our users, we are asking the Tor Developer Team (similar as an example like the developers of K-Lite Codec Pack that still have an available old but latest codec pack release for Windows XP users beside the new releases), at least to re-release the latest supported versions of Tor Browser for the unsupported operating systems with build-in block that will act as the registry key for Mozilla Firefox that blocks updating on administrator level with message in Firefox->Help->About window “Updates disabled by your system administrator”, and to consider to backport only the security fixes to that old releases as some kind of legacy re-release support that wouldn’t mean to users to not have the new features that are part of the newer versions/builds of the Tor Browser.

Thank you for your understanding, and we hope that soon we will have good news for our users.

Sincerely,
Zharko Gjurov and Liljana Ackovska

Hi @ZarkoGjurov,

Sorry for the slow delay to reply!

So I understand the need and desire behind this request, but I’m afraid I must deliver bad news. The short answer is no (sorry).

The medium answer is Tor Browser is a big piece of software and we don’t have the desire nor the capacity to add and maintain Windows 7 (or older!) support to an ever-growing set of dependencies. Even if it were possible for us get every dependency ‘working’ (with scare-quotes), we don’t have the ability to test or validate these changes, and keep on top of and back-porting security fixes for these dependencies.

The longer, more in-depth answer+justification follows:

First, let me give a simplified overview of what Tor Browser (on Desktop) is to set the stage for you.

Tor Browser is a collection of about 100-ish (the actual number fluctuates between major releases, but this is the order of magnitude) patches sitting atop Firefox ESR (Extended Service Release, currently based off of Firefox 115 with monthly security backports). Our patchset improves various privacy and security properties of vanilla Firefox, backports some set of patches from Firefox RR (Rapid Release), adds some of our own customisations to the updater, integrates tor support for IP anonymity, adds some extra features around tor-specific functionality (circuit display, onion service auth, etc), and adds special logic for censorship circumvention.

Tor Browser also of course includes the tor daemon and its dependencies, and finally the pluggable transport binaries used by tor to circumvent censorship by obfuscating the tor network traffic in various ways.

Finally each of these 3 components are built reproducibly using the tor-browser-build system. This system ensures that the binaries we deliver to end users contain only the code we think they do by building everything ‘reproducibly’. Anyone on the internet can download our build system source, run our official build scripts, and get exactly the same output (after stripping code-signing signatures). This ensures that users don’t have to just trust us when it comes to our releases. Sometimes there are bugs in this system but they are given highest priority and block releases.

Each of these systems have problems when it comes to supporting older platforms:

Firefox

First of all, Firefox ESR does not maintain support for legacy systems. With Firefox 116 last summer, Mozilla dropped official support for Windows 7 and 8. This means they are now depending on (or at least not excluding) APIs only available in Windows 10 and on and we will inherit this change in Firefox ESR 128 this summer (Firefox ESR 115 is the last version of Firefox to support Windows 7). This will also have the cascading effect that Firefox’s dependencies will also no longer need to support these Windows versions, which means Mozilla will upgrade or add dependencies to libraries and functionality only available to newer Windows.

Historically, these changes and updates between versions (for instance, between the Windows Vista+ vs Windows 7+ min-spec boundary) has been in pretty important systems relating to browser security such as the process sand-boxing system. If we wanted to replace or stub out these systems to work on older Windows versions, the resulting product would necessarily be less secure on these systems. The work to maintain these legacy shims would only increase over-time as Mozilla’s dependencies stray further and further from Windows 7 compatibility.

Tor

The next problem we have is with the tor daemon on Windows. We’ve already encountered issues with Windows 7 versions of APIs being incompatible with modern tor (see: Non-fatal assertion now >= leg->link_sent_usec failed (#40830) · Issues · The Tor Project / Core / Tor · GitLab ). Fixing these issues have been either infeasible or not a high-priority for the network team given the relative lack of demand for Windows 7 support. This work would also likely fall onto the network team to make sure we don’t accidentally break things in the name of compatibility. We would expect this problem to continue to grow into the future.

Pluggable Transports

Our pluggable transports are small little programs which obfuscate tor’s network traffic to circumvent censorship which blocks vanilla tor. For historical reasons, these tools are built using the Go programming language which has a nice feature-set, but also a fairly aggressive update schedule. For instance, Go 1.21 dropped official support for Windows 7 earlier in the Tor Browser 13.0 release cycle (and indeed apps started breaking on Windows 7 around version 1.21.5). I forget the precise specifics off-hand, but basically we’ve had to hold back upgrading Go for some of our PTs on Windows, except for the ones which absolutely depend on the latest version’s features (Snowflake, if I recall correctly), to maintain support for existing Windows 7 installs. As a result, this particular PT does not work on Windows 7 and we simply don’t have the capacity to maintain a Go fork which works for older Windows.

The Build System

Just like any other software, compilers and build toolchains can have bugs and security issues that require us to update or else ship broken software to our users. The tor-browser-build build system used to build each of our Tor Browser releases is itself a bit of a behemoth and includes at the very least C/C++, Rust, Java, Kotlin, and Go build toolchains. If these tools are not maintaining compatibility with legacy operating system build targets then this back-compat work would also necessarily fall on us.

Please Stop using Windows

The browser team consists of myself and 6 engineers, supporting 3 desktop platforms and Android. If all the above problems were solvable (and also a good idea to solve), we don’t have the capacity or expertise to solve them on top of the existing maintenance workload. Keeping just the Firefox portion of Tor Browser running and up-to-date itself can be a challenging task.

Users of older operating systems (and really, Windows in general) should really migrate to Linux. Particularly, Tails ( https://tails.net/ ) is a great choice for those users which need Tor Browser and associated tools for whistle-blowing or censorship-circumvention use-cases. It’s even USB-bootable! Tor Browser also exist for Android as well!

Please upgrade.

best,
-richard

A post was split to a new topic: Operating system with Tor support

@morgan

Than you for your detailed answer, but now there are new developments on AMA on reddit, where Mozilla officials have announced this:
https://www.reddit.com/r/firefox/comments/1de7bu1/comment/l8gp012/?rdt=56859

in short:
https://www.neowin.net/news/mozilla-wants-you-to-like-firefox-over-chrome-edge-with-extended-windows-7881-support/

So, this logically change things and should means that also Tor Browser will be in-line with this, i.e. it will be available for Windows 7, 8 and 8.1 at least till the official Mozilla has supported Firefox version for these operating systems or not?

We’ve been keeping an eye on the developments upstream regarding legacy Windows support. We don’t have any details yet on what Mozilla’s specific plans are, but we’re guessing the most likely answer is that they will be maintaining the Firefox ESR-115 series going for Windows for some time past the original early September deprecation date. We don’t know how long this support will last.

This solves the (Firefox-specific) security issues outlined above and in other posts. Hurray!

So what does this mean for Tor Browser hypothetically? To be clear, we have not evaluated yet whether this work fits into our existing roadmap, nor if it is worth the effort. This comes down to determining how much work is this going to be, will it get in the way of our existing work, and does it benefit enough users to justify the cost.

So here’s a potential hand-wavy plan for a possible legacy Windows support:

• Maintain Tor Browser 13.5 past the current planned last version in early September on Windows x86 and x86_64 only
• Drop Windows support for the pluggable-transports which require the newer version of Go that is not Windows 7 compatible (just Snowflake for now)
• Create a watershed update at the ESR 115.15 version of Tor Browser, to split legacy Windows users to maintenance 13.5 channel and everyone else to 14.0
• Update the website and documentation to take this legacy channel into account
• No feature back-ports, only critical bug-fix backports to Tor Browser 13.5

Ongoing work until Mozilla drops legacy Windows support:

• Monthly minor ESR 115 rebases and releases
• Maintaining an additional legacy fork of lyrebird pluggable-transport which works on Windows 7
• User-support to handle the inevitable confusion of browser feature set drift between legacy and latest

And finally the likely consequences of this support:

• Anti-censorship features will probably stop working long-term; the pluggable-transport work and rdsys (anti-censorship backend infra) are under active development and respond to real-life events. These systems are written in Go which has a very aggressive update and deprecation schedule (Windows 7 support was dropped and subsquently broken sometime in the past year), which means that the anti-censorship team needs either yolo not worry about legacy Windows users, or they need to develop new features using only a legacy-supported subset of the Go ecosystem. If we were to try and support legacy-Windows users, there are some more consequences:

  • legacy-Windows users will be using pluggable-transports built with out-of-date and out-of-support versions of the Go tool-chain which may have critical security bugs.
  • this will limit the team’s productivity working on new features if they are effectively developing with a metaphorical hand tied behind their back at the expense of all the other non-legacy Windows users.

  Another hidden factor here, is that the anti-censorship team and the apps team are working to reduce the size of the Android apk to meet Google Play store requirements. Some of the potential solutions here involve some non-trivial changes to how pluggable-transports are built which adds another layer of complexity. Most of the solutions here will complicate maintaining an up-to-date set of pluggable-transports in a potential legacy 13.5 release channel.

  So, realistically we will probably have to freeze the pluggable-transports in whatever state they are in com September and/or drop support in the legacy 13.5 channel once the Go ecosystem has moved on.

  If we add new rdsys-dependant features to the mix, it is also unlikely that we will be able to backport these changes to the 13.5 release channel as the code-base diverges from current-stable. So, odds are connect-assist will stop working long-term beyond basic bootstrapping.

• Less capacity to do other things. It does take labour to maintain, build, and publish Tor Browser, even just minor ESR updates. Time spent here is time not spent elsewhere.

  A lot of the above proposed solutions involve maintaining various legacy branches, which is of course more overhead.

The other half of the puzzle is that we don’t actually know how much impact maintaining legacy Tor Browser will have. We are a small team with a lot of users, so we need to be wise about how we spend our time. The problem with building actually privacy-respecting software is that we don’t know who are users are, or what software they are using. The only real stat we have is the number of update pings per platform (ie, Windows, macOS, and Linux) per day. We don’t actually know how many of these pings are coming from Windows 7 versus 8, 8.1, 10, or 11.

Suppose our our Windows demographics match vanilla Firefox ( Firefox Public Data Report ). The latest (2024-07-01) stats are:

• Windows 10: 48.778%
• Windows 11: 27.479%
• Windows 7: 9.517%
• Non-Windows: 14.226%

Which means about 11.1% of our Windows users would be on Windows 7. If we presume our ‘Update pings’ rate is roughly the number of daily users we have and we presume our relative Windows demographics is the same as vanilla Firefox, then we’re looking at roughly 66,000 Tor Browser users still on Windows 7 (or at the very least, 66,000 daily update pings).

This is not a great situation to be in…

I thought it was off-topic also so here is my one cent off-topic comment: This kinda says there are still enough people running Windows 7,8,8.1 to warrant this support. I would not have guessed especially that 7=>10 was free and still is.

Maybe the people who run this forum should fork these 3 posts to a brand new thread and keep the Linux distro thread intact.

Really? You might as well say stop using computers. What are the stats on desktop OS usage?

Yes! Please using computers! Of course, we do live in a society so if you must use computers and you value your privacy, there are better options available than 15-year-old WIndows.

Download metrics: Applications – Tor Metrics

Perhaps a more accurate header would have been “Please stop using proprietary software you have no control over and then complaining when it does things you don’t like”.

Now you said the magic word so we can agree. Yes, stop using Windows 7. Or do not connect it to the internet. Wikipedia quote “It was released to manufacturing on July 22, 2009, and became generally available on October 22, 2009”

I was thinking more of desktop OS (laptop) stats. I read about 85%. Of course not so for servers; Linux is on top here.

A more accurate header would have been: Please stop using unsupported or pirated versions of OS systems like Windows 7 and 8 then complain when you get owned because eventually you will. I’m pretty sure an update to 10 is still possible for free (as in $0.0). I remember doing it many years after 7 expired and fell over backwards that it worked. Seems MS has become less strict about licensing.

More can be said but this is not a Windows forum.

A correction. That number is really about 73% as of July 2024 according to a statcounter

According to Mozilla’s Calendar / Roadmap now it is official and new ESRs for version 115 are scheduled till March 4, 2025, and as it’s noted on their calendar:

We decided to extend support for ESR 115 only on Windows 7-8.1 and macOS 10.12-10.14 up to March 2025.
We will re-evaluate this decision in early 2025 and announce any updates on ESR 115’s end-of-life then.
Source: Firefox ESR schedule

Firefox_v115_Calendar1920×1195 113 KB

@ZarkoGJurov

Indeed! Our current plan is to follow Mozilla and maintain a security-update-only ‘legacy’ 13.5 release channel for the affected platforms.