The Tor browser is known as the portal to the dark web and anonymous browsing. And with version 9.5, the browser just got even better.
Starting with the release, webmasters and web owners can advertise their onion service to Tor users by adding an HTTP header. This way, visitors visiting the webmasters' website that has an .onion
address will be prompted about the onion service version of the site and will be asked to opt-in to upgrade to the onion service on their first use.
The feature that is called 'Onion Location' will in turn allow visitors to to switch from the website they are visiting, to a version delivered using the Onion service for improved security.
In the release announcement, Tor wrote that:
Tor Browser 9.5 also allows Onion website owners to add an extra layer of security to their website, by setting a pair of keys for access and authentication.
Visitors of their website can then save the keys needed to authenticate to Tor hidden services known as authenticated Onion services, and manage them via the about:preferences#privacy in the Onion Services Authentication section.
The keys here act as passwords needed to prompt the site hosted at a specific .onion
address to respond to incoming connection requests.
Tor Browser 9.5 can also display error pages to let Tor users know why they cannot reach an .onion
website they are trying to visit.
This is an update to the previous Firefox-based error messages displayed when .onion
sites were unreachable.
"In this release, we have improved the way Tor Browser communicates with users about service-, client-, and network-side errors that might happen when they are trying to visit an onion service," the Tor Project added. "Tor Browser now displays a simplified diagram of the connection and shows where the error occurred."
Other features include improved URL bar security indicators.
Following Firefox, the Tor browser 9.5 put more emphasis on broken and insecure connections, by showing certain grey icons when connection is not safe.
And for last, Tor Project has partnered with Freedom of the Press Foundation (FPF) and the Electronic Frontier Foundation's HTTPS Everywhere to develop the first proof-of-concept human-memorable names for SecureDrop onion services addresses.
This is because .onion
websites are not easy to remember, due to their cryptographic protection (ie, https://torproject.org is http://expyuzz4wqqyqhjn.onion/). This makes it hard for users to discover or return to an the site.
With the partnership, Tor is approaching the problem from a broad angle.
This Tor Browser version also includes several fixes for high severity security vulnerabilities that are included in the Firefox ESR 68.9 release published by Mozilla.
The full changelog for Tor Browser 9.5 can be found here.