Post APwOjCy9oiHAAdoWG0 by Seirdy@pleroma.envs.net
(DIR) More posts by Seirdy@pleroma.envs.net
(DIR) Post #APwOjBKPuytR56DGfw by Seirdy@pleroma.envs.net
2022-09-20T03:17:09.795711Z
0 likes, 1 repeats
Currently, the Tor Browser is based on Firefox Extended Support Release (ESR); it lags behind stable releases by up to 13 months and only receives the subset of security backports deemed to be a high-enough priority.The Tor Uplift project is an initiative to upstream all the Tor Browser’s patches into Firefox. Its goal is to make re-basing the Tor browser patches easy enough for the Tor Browser to track Firefox’s stable release channel. The Tor Uplift has been in progress for seven years, with several of the Tor Browser’s biggest modifications successfully upstreamed (first-party isolation, fingerprinting resistance, and more robust proxy support).On 2022-06-28, Firefox 102 ESR was released. Today, on 2022-09-20, Firefox 91 ESR will lose support. That gave a window of about three months (the duration of three Firefox stable releases) to re-base Tor Browser patches.The first stable release of the Tor Browser based on ESR 102 hasn’t yet shipped (it’s close; an alpha version is available). Seven years into the Tor uplift, the Tor Project isn’t able to keep up with the Firefox ESR release calendar. I don’t think the Tor Uplift will succeed at getting the Tor Browser to track Firefox’s stable channel; at best, it’s keeping the Tor Browser from falling too far behind ESR.POSSE note from https://seirdy.one/notes/2022/09/19/state-of-the-tor-uplift/
(DIR) Post #APwOjCy9oiHAAdoWG0 by Seirdy@pleroma.envs.net
2022-10-20T18:57:39.569261Z
0 likes, 0 repeats
Update 2022-10-20: 30 days since Firefox ESR 91 reached end-of-life, the latest stable Tor Browser release (11.5.4) is still based on v91. Five CVEs fixes from v102 have already been backported. It’s reasonable to assume that v91 has issues of its own that won’t be addressed. Until the v102-based 12.x hits stable: if you don’t use “safest”, you might want to re-consider that with this information in mind.
(DIR) Post #APwOjFk5VTnulsFpFA by Seirdy@pleroma.envs.net
2022-11-24T19:01:14.807844Z
0 likes, 0 repeats
Update 2022-11-24: five months since Firefox 102 became the latest ESR, over two months since Firefox 91 ESR reached end-of-life, the latest stable Tor Browser desktop release (11.5.8) is still based on Firefox 91 ESR. Five CVEs fixes from v102 were backported a while ago, and another 13 were backported this week; the situation is worse on Android. It’s reasonable to assume that v91 has issues of its own that won’t be addressed. Until the v102-based 12.x hits stable: if you don’t use “safest”, you might want to re-consider that with this information in mind.
(DIR) Post #APwOjHPxHIt7y0qm8m by Seirdy@pleroma.envs.net
2022-11-24T20:15:59.944216Z
0 likes, 0 repeats
edit: fixed an incorrect link. i pasted the wrong target in the “another 13 were backported” link; corrected it to https://blog.torproject.org/new-release-tor-browser-1158/
(DIR) Post #APwOjHPxHIt7y0qm8n by Seirdy@pleroma.envs.net
2022-11-24T19:04:09.901673Z
0 likes, 0 repeats
If your priority is censorship resistance rather than anonymity, maybe the Tor Browser isn’t making the tradeoffs you want.I hate to say this, but…if your priority isn’t anonymity, maybe Brave’s Tor support would be safer. Ugh, I need a shower after recommending Brave.