The Tor browser, which strives to provide online anonymity rather than the limited data sharing that Internet companies call “privacy,” has reached version 12.5, a milestone that addresses older issues in addition to usability and accessibility improvements.
The name Tor stands for “The Onion Router” and refers to a method of network communication developed in 2002 that uses encryption and multiple relay nodes to keep the user anonymous.
“Tor’s goal is to improve your privacy by sending your traffic through a series of proxies,” the Tor project explains on its website. “Your communication is encrypted in multiple layers and passed through the Tor network over multiple hops to the final recipient.”
The Tor Browser, based on the Extended Support Release of Mozilla’s Firefox, provides a way to connect to the Tor network. It makes an effort to provide anonymity, but does not guarantee it. It does this by: making the user’s internet traffic appear to come from a different IP address, thereby hiding the user’s location; prevent anyone viewing your local traffic (e.g. your ISP) from seeing or restricting your website visits; and routing connections through multiple relays.
The Tor Browser and associated onion services are commonly used by journalists, human rights lawyers, and others in hostile environments where the threat model extends beyond marketers. Criminals can do that too, but as the Tor project claims, they have better options.
Other browsers also support connections over the Tor network, such as Orbot, Onion Browser, and Brave.
However, as Brave points out in the documentation for its private window with Tor connectivity, it doesn’t implement most of the privacy protections in the Tor browser. The company warns, “If your personal security depends on remaining anonymous, we strongly recommend using Tor Browser instead of Brave Tor windows.”
Still, the Tor browser can’t promise perfect anonymity online – there are attacks on Tor nodes that users can expose – so if personal security is the issue, that requires careful threat analysis and ideally expert consultation. Security is not guaranteed by software selection.
Tor Browser 12.5 brings with it a revised circuit view interface – showing the network node traffic path – which is now represented by its own icon next to the padlock icon in the menu bar. And relay nodes now have national flags that make it easier to understand node locations.
“Participants in usability testing often had trouble finding the circuit screen when prompted, and users generally had to be taught where it was located,” says Duncan Larsen-Russell, Tor UX and head of the design team, in a blog post.
The circuit view interface has also been reworked to play nicely with screen readers.
There are new onion site icons to better separate Tor Browser from the Onion Router services it relies on as usage of third party onion services has increased.
The Tor launcher’s Connect button — because Tor doesn’t automatically connect to the network unless configured to do so — has popped up to be visible in the address bar of every offline page. That’s because, Larsen-Russell explains, when users navigated away from the Connect to Tor tab that appears on startup, they often struggled to find the Connect button again.
But if a bridge – a relay node not listed in response to local censorship – is configured, Tor Browser will connect automatically. And that’s a better user experience where local censorship is relevant because it reduces the chance of error.
Larsen-Russell also says the Tor Browser has made an effort to improve accessibility, taking inspiration from Mozilla’s accessibility work. The result is the refactoring of several components, such as the circuit view, security level panel, and associated dialog elements, so that they work better with screen readers.
Finally, Finnish (Suomi) language support has been added to the Tor Browser desktop and Android versions, not to mention several miscellaneous changes and bug fixes. ®