New Release: Tor Browser 10.5a1

blog.torproject.org
4 min read
fairly difficult
Maintaining a browser like Tor Browser has its challenges but also its rewards.
It allows us to reach faster adoption of important technologies like onion services, providing a more secure browsing experience for all Tor users. Improving the treatment of onion services on the browser side, however, comes with its own challenges both for users and service providers and it is important to reflect on those as a requirement for future growth. Thus, we feel it is time to take stock in this blog post and outline the steps we have taken over the years to improve the user experience and adoption of onion services, the challenges we faced and continue to face, and what the future might look like.

What does this mean and how did we get here?

Onions services are self-authenticating and provide integrity and confidentiality by default. That means once you are connected to an onion service you can be sure you are talking to the one you tried to reach and your data is not manipulated or read by Man-In-The-Middle-attackers. HTTPS was introduced over 20 years ago to provide some of those properties for plain web traffic (HTTP) when communicating with a server.

Three years ago , Mozilla announced their plan for raising awareness about the insecurity of HTTP by introducing a new visual indicator and a username/password warning message for websites loaded over HTTP (instead of HTTPS). Not knowing anything about onion services, the way this was implemented on Mozilla's side was by looking at the scheme in the URL bar: if it is only "http" then the warning kicks in. As a result, the idea of handling connections with onion services as (inherently) "secure" was proposed because these new browser security indicators directly harmed the usability of onion sites, like those hosted by SecureDrop and Riseup. At that time, extended validation (EV) TLS certificates containing .onion addresses were available for web sites that could afford them, and those web sites were already available over HTTPS, but the certificates were too costly for the general public. Domain…
Maintaining A Browser Like Tor Browser Has Its Challenges But Also Its Rewards. It Allows Us To, Faster Adoption Of Important Technologies Like Onion Services, Providing A More Secure Browsing Experience For All Tor Users. Improving The Treatment Of Onion Services On The Browser Side, However, Comes With Its Own Challenges Both For Users, Service Providers, It Is Important To Reflect On Those As A Requirement For Future Growth. Thus, We Feel It Is Time To Take Stock In This Blog Post, Outline The Steps We Have Taken Over The Years To Improve The User Experience, Adoption Of Onion Services
Read full article