Tor 浏览器 15.0

Tor 浏览器 15.0
Tor Browser 15.0

原始链接: https://blog.torproject.org/new-release-tor-browser-150/

## Tor 浏览器 15.0 发布：增强功能与安全性 Tor 浏览器 15.0 已发布，基于 Firefox ESR 140 构建，经过对 200 个 Firefox 更改的全面安全和隐私审计。此版本带来了 Firefox 的可用性改进，包括带有书签侧边栏的**垂直标签页**，以及用于桌面端更好组织标签的**标签分组**。更新后的地址栏提供统一搜索和快速操作。对于 Android，新的**屏幕锁定**功能通过在返回浏览器时要求指纹、面部或密码验证来增加安全性。 **重要变更：** 由于维护兼容性方面的挑战，Tor 浏览器 16.0 将停止支持旧版 Android 版本（5.0-7.0）和 Linux/Android 上的 x86 CPU。WebAssembly (Wasm) 控制现在由 NoScript 管理，以提高安全性，默认在更安全/最安全级别下禁用。 Tor 项目依赖社区支持，目前 Power Up Privacy 正在匹配捐款。鼓励用户为持续开发做出贡献并报告遇到的任何问题。

## Tor 浏览器 15 & 在线隐私讨论 - 摘要 Hacker News 的讨论围绕 Tor 浏览器 15 的发布以及更广泛的在线隐私和安全主题。用户分享资源，例如对值得注意的 Tor 隐藏服务的扫描 ([https://rnsaffn.com/zg4/](https://rnsaffn.com/zg4/))，承认 Tor 网络中存在非法和有价值的内容。一个关键的争论点在于 Tor 对抗复杂监控的有效性。虽然它对于规避审查和商业跟踪很有用，但许多人认为它对决心强烈的国家行为者提供的保护有限。人们担心仅仅*使用* Tor 可能会引起调查人员的注意。几位评论员强调了细致的“威胁模型”的重要性——理解你试图保护自己免受*谁*的侵害。其他人提倡采取积极的隐私措施，超越 Tor，例如使用 OnionShare 进行文件共享，并使用 Qubes OS 等工具来提高安全性。一个反复出现的情绪是，日常用户增加 Tor 的使用可以加强网络，并使大规模监控更加困难，即使它不能保证完全的匿名性。最后，讨论涉及 Tor 的技术方面，包括它与 Firefox ESR 的关系以及直接使用 .onion 服务的优势。

原文

Tor Browser 15.0 is now available from the Tor Browser download page and distribution directory. This is our first stable release based on Firefox ESR 140, incorporating a year's worth of changes that have been shipped upstream in Firefox. As part of this process, we've also completed our annual ESR transition audit, where we reviewed and addressed around 200 Bugzilla issues for changes in Firefox that may negatively affect the privacy and security of Tor Browser users. Our final reports from this audit are now available in the tor-browser-spec repository on our GitLab instance.

The ongoing development of Tor Browser is made possible thanks to the support of our community. If Tor Browser is important to you, now is a great time to support our mission to FREE THE INTERNET, as all donations will be matched by Power Up Privacy through December 31, 2025.

What's new?

Desktop

Tor Browser 15.0 inherits a multitude of useful new features and usability improvements from Firefox that have passed our audit. For desktop, these include vertical tabs: providing a more manageable, alternative layout with open and pinned tabs stacked in a sidebar rather than across the top of the window. For ease of access, Bookmarks can be retrieved directly from the sidebar when expanded too. However, regardless of whether you prefer horizontal or vertical tabs, everyone benefits from the addition of tab groups: helping you keep on top of the clutter by organizing tabs into collapsible groups that can be given names and color-coded. Tor Browser 15.0 also inherits elements of Firefox's recent address bar refresh, including a new unified search button that allows you to switch search engines on the fly, search bookmarks or tabs, and reference quick actions from the same menu.

Note that Tor Browser tabs are still private tabs, and will clear when you close the browser. This enforces a kind of natural tidiness in Tor Browser since each new session starts fresh – however for privacy-conscious power users, project managers, researchers, or anyone else who accumulates tabs frighteningly quickly, we hope these organizational improvements will give you a much needed productivity boost.

A screenshot featuring Tor Browser for Desktop with vertical tabs enabled and three tab groups present in the resulting sidebar

Android

On Android, screen lock adds an extra layer of security to your browsing sessions. After enabling screen lock in Settings > Tabs, your tabs will lock automatically when you switch away from the browser without closing it. Upon returning to the app, you'll be prompted to unlock your tabs using your fingerprint, face, or pass code, depending on which option your device is configured to use.

Like Tor Browser for Desktop, your browsing session will still be cleared when Tor Browser is closed. However, this feature provides peace of mind in a specific scenario: by ensuring that your browsing remains private even if someone has gained temporary access to your unlocked phone with Tor Browser open in the background – whether you've handed it to a friend, or left your device sitting on a table.

A screenshot demonstrating screen lock for Tor Browser on an Android phone, followed by a second screenshot of a passcode being entered

What's changing?

Updates to Android and Linux device compatibility

At present, Firefox 140 and Tor Browser 15.0 support Android 5.0 or later, which was released almost 11 years ago. While Mozilla's commitment to support such an old version of Android is admirable, it introduces several technical and security challenges for developers. As a consequence, Firefox have announced their intention to increase the minimum support requirements to Android 8.0, and have also decided to drop support for x86 CPUs for Android and Linux. Sadly, it's not possible for the Tor Project to maintain support for these platforms on our own without official support from Mozilla.

While these changes won't impact Tor Browser users immediately, we expect them to take effect with the release of Tor Browser 16.0 mid-next year. This means that Tor Browser 15.0 will be the last major release to support x86 for Linux and Android, in addition to Android 5.0, 6.0, and 7.0. However, we will continue to release minor updates with security fixes for these platforms until Tor Browser 16.0's eventual release.

Although nobody wants to see support for their platform get dropped, it's an important step to maintain the stability and security of both Firefox and Tor Browser over time, and will allow developers to utilize newer technologies in both browsers. In addition, supporting x86 for Android has been particularly challenging for our developers due to the 100MB package size limit imposed by Google Play. While we have deployed several workarounds to stay within this limit in the recent past, these often come at a cost – such as x86 Android users missing out on the Conjure pluggable transport, for example.

Disabling of WebAssembly now managed by NoScript

WebAssembly (or Wasm) is a web technology that helps websites and web apps run faster. It allows web developers to write programs in languages like C, C++ or Rust, and compiles these into a special format that web browsers can run more efficiently.

As has been suggested in this meta-analysis from 2024, further investigation of Wasm's potential exploits is necessary – therefore Wasm is currently disabled in the Safer and Safest security levels in order to reduce Tor Browser's attack surface. Up until now, this was achieved by setting the global preference javascript.options.wasm to false – however this approach was no longer viable after Mozilla implemented part of their PDF reader in Wasm between versions 128 and 140. Consequently, we have decided to move control of Wasm to NoScript, which is bundled with Tor Browser, and already manages JavaScript and other security features. This means that Wasm now works on privileged browser pages such as the PDF renderer, but NoScript will continue blocking the technology on regular websites at the Safer and Safest security levels.

Users who have manually set javascript.options.wasm to "false" while in the Standard security level will see their security level represented as "Custom" instead. To mitigate any issues that may arise with the browser's PDF reader, we encourage those users to switch the preference back to "true", thereby passing management of Wasm over to NoScript. Furthermore, manually disabling Wasm at the Standard security level (either via NoScript or javascript.options/wasm) may also make your fingerprint more unique by deviating from Tor Browser's default configuration. To avoid this scenario, we recommend sticking with one of the pre-defined security levels and caution users against making further changes to individual preferences in about:config.

Alternatively, should you wish to keep Wasm disabled in future, we invite you to increase your security level to Safer or Safest going forward. Note that both Safer and Safest users may notice javascript.options.wasm switch to "true" automatically as management of Wasm is passed over to and blocked by NoScript, meaning that you are still protected regardless. In addition, Safest users in particular are not vulnerable to any potential vulnerabilities introduced by Wasm since the format requires JavaScript to work.

Known issues

Tor Browser 15.0 comes with a number of known issues that can be found in Tor Browser's issue tracker. In particular, we would like to highlight the following:

Desktop

The initial release of vertical tabs in Tor Browser includes a couple of quirks:

When the sidebar is visible (such as when vertical tabs are enabled), the window may visibly resize when Tor Browser is launched.
Due to variations in window size, Letterboxing may be visible. You still get the anti-fingerprinting protections provided by Letterboxing, but the default window size will be different than intended.

We are currently working to issue a fix for both of these bugs. Please see tor-browser#44096 for details.

Android

Web pages may not load after updating Tor Browser on older versions of Android. This can be fixed by clearing your app cache manually in Settings > Apps > Tor Browser > Storage & cache.

Get involved

If you find a bug or have a suggestion for how we could improve this release, we'd love to hear your feedback. If you would like to contribute to a future release, please see our guide for new contributors to get started.

Full changelog

The full changelog since Tor Browser 14.5.9 is:

All Platforms
Windows + macOS + Linux
Windows + Android
Windows
macOS
Linux
Android
Build System
- All Platforms
- Windows + macOS + Linux
- Windows + Linux + Android
- Windows
- macOS
- Linux
- Android