Tor Browser 9.5 Allows Webmasters To Promote Their Onion Website, And More

Firefox 77

The Tor browser is known as the portal to the dark web and anonymous browsing. And with version 9.5, the browser just got even better.

Starting with the release, webmasters and web owners can advertise their onion service to Tor users by adding an HTTP header. This way, visitors visiting the webmasters' website that has an .onion address will be prompted about the onion service version of the site and will be asked to opt-in to upgrade to the onion service on their first use.

The feature that is called 'Onion Location' will in turn allow visitors to to switch from the website they are visiting, to a version delivered using the Onion service for improved security.

In the release announcement, Tor wrote that:

"For the first time, Tor Browser users on desktop will be able to opt-in for using onion sites automatically whenever the website makes them available. For years, some websites have invisibly used onion services with alternative services (alt-svc), and this continues to be an excellent choice. Now, there is also an opt-in mechanism available for websites that want their users to know about their onion service that invites them to upgrade their connection via the .onion address."
Tor Browser 9.5 Onion Location
Credit: Tor Project

Tor Browser 9.5 also allows Onion website owners to add an extra layer of security to their website, by setting a pair of keys for access and authentication.

Visitors of their website can then save the keys needed to authenticate to Tor hidden services known as authenticated Onion services, and manage them via the about:preferences#privacy in the Onion Services Authentication section.

The keys here act as passwords needed to prompt the site hosted at a specific .onion address to respond to incoming connection requests.

Tor Browser 9.5 Onion Authentication
Credit: Tor Project

Tor Browser 9.5 can also display error pages to let Tor users know why they cannot reach an .onion website they are trying to visit.

This is an update to the previous Firefox-based error messages displayed when .onion sites were unreachable.

"In this release, we have improved the way Tor Browser communicates with users about service-, client-, and network-side errors that might happen when they are trying to visit an onion service," the Tor Project added. "Tor Browser now displays a simplified diagram of the connection and shows where the error occurred."

Tor Browser 9.5 Onion Authentication Error Pages For Onion Services
Credit: Tor Project

Other features include improved URL bar security indicators.

Following Firefox, the Tor browser 9.5 put more emphasis on broken and insecure connections, by showing certain grey icons when connection is not safe.

Tor Browser 9.5 Improved URL Bar Security Indicators
Credit: Tor Project

And for last, Tor Project has partnered with Freedom of the Press Foundation (FPF) and the Electronic Frontier Foundation's HTTPS Everywhere to develop the first proof-of-concept human-memorable names for SecureDrop onion services addresses.

This is because .onion websites are not easy to remember, due to their cryptographic protection (ie, https://torproject.org is http://expyuzz4wqqyqhjn.onion/). This makes it hard for users to discover or return to an the site.

With the partnership, Tor is approaching the problem from a broad angle.

This Tor Browser version also includes several fixes for high severity security vulnerabilities that are included in the Firefox ESR 68.9 release published by Mozilla.

The full changelog for Tor Browser 9.5 can be found here.

Published: 
04/06/2020