The Tor Browser has been upgraded to a major new release based on Firefox 45 Extended Support Release (ESR). The new version brings better support for HTML5 video on Youtube, code-signing for Mac OS X, and new privacy and security features, including making DuckDuckGo the default search engine service for its browser.
The Tor Browser is a fork of Mozilla’s Firefox ESR, a more stable enterprise-ready version of Firefox, which is updated only once every seven Firefox versions feature wise, but continues to get all the security patches in the meantime. The browser comes with built-in support for the Tor anonymization network. It's also bundled with privacy-focused extensions such as NoScript and HTTPS Everywhere, and has the Firefox "Private Mode" enabled by default.
The previous version of the Tor Browser was based on Firefox 38 ESR, which came out in May 2015. The new Tor Browser 6.0 jumps to Firefox version 45, and the next major feature upgrade will happen after Firefox ESR reaches version 52.
Some users have previously complained about the Tor Browser not working on Mac OS X because of Apple’s Gatekeeper security feature, which requires apps to be signed by default (unless users manually disable this requirement). Version 6.0 introduces code-signing for the browser, which should solve this issue for the users that couldn’t install the browser before.
The new version also disables SHA1 certificates from working, as well as some other Firefox features such as Tracking Protection, possibly because the team isn’t yet sure of its impact on browser fingerprinting, which could allow user identification. The Tor Browser team disabled some other features as well, which may have caused harm (de-anonymizing the users) or for which it didn’t have time to release a proper fix.
The Tor Browser recently moved to using Disconnect as a “meta search engine” that worked on top of other search engines, such as Google, while providing anonymization features. However, it seems Disconnect can’t use Google search anymore, so it had previously switched to Bing. The Tor team thinks DuckDuckGo search results are better, so it asked the Disconnect team to support DuckDuckGo instead by default. DuckDuckGo was already a privacy-focused and fast-growing search engine, so this seems like the right move.
Even if new attacks against the Tor Browser and the Tor network continue to be discovered, in part because Firefox itself doesn't seem to be the most secure browser right now, the Tor Browser remains the most privacy-focused browser around. The new Tor Browser 6.0 is now available for download on all the major desktop operating systems.
Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu.