The Tor Project announced the 7th major version of the Tor browser, which is now based on the Firefox 52 Extended Support Release (ESR) core. This means that the browser has gotten some significant improvements, including support for the Electrolysis sandboxing and multi-process architecture, which should increase both security and performance.
Last year, Firefox received the long-awaited Electrolysis multi-process architecture, making the browser more like Chrome. In a multi-process architecture, instead of having the whole browser, its extensions, plugins, and website content run in the same process, they are grouped into different processes.
This reduces hanging in the browser and other performance issues because the different processes can keep their issues separated. For instance, if there is a Firefox user interface issue, it won’t stop the content of a web page from loading.
The multi-process architecture also made it possible to enable security sandboxes for web content and extensions. Mozilla didn’t go quite as far as Chrome did by making each web page and browser extension sandboxed, but the partial sandboxing that it has enabled for the content and the browser UI should still give Firefox a significant boost in security.
The new sandboxing architecture is also beneficial to the Tor browser, which needs as much security as possible to preserve the anonymity of its users. As we’ve seen in the past, some bugs could be exploited to deanonymize users. Because Mozilla was taking so long to bring multi-process sandboxing to Firefox, the Tor Project has already started developing its own sandboxing mechanisms. However, those are only available on Linux and are still in an early stage of development.
It seems that even the sandboxing mechanism from Firefox hasn’t been brought to Windows due to some patent issues, so the sandboxing technology only works on macOS and Linux right now. However, the patents in question seem to have expired, so it’s now just an issue of someone developing the missing feature for the Tor browser. The multi-process architecture is still available on all three platforms, so at least the performance improvements have arrived on Windows.
The new version of the Tor browser also brings some privacy improvements, such as increased resistance to online tracking by isolating cookies, view-source requests, and the Permissions API to the first-party URL bar domain.
To protect against fingerprinting, the Tor team also disabled WebGL2; the WebAudio, Social, SpeechSynthesis, and Touch APIs; and the MediaError.message property.
New System Requirements And Remaining Issues
The switch to version 7.0 also brings some new system requirements. The new Tor browser will no longer run on Windows 7 computers that don’t have support for the SSE2 or newer CPU instructions. On Apple’s computers, the OS X 10.9 operating system is the minimum supported version.
Because Mozilla dropped support for the Advanced Linux Sound Architecture (ALSA) framework, which provided an API for sound card device drivers. Only PulseAudio, an alternative sound system, will be supported.
The Tor team also said that the download button in the PDF viewer is currently broken, so they recommended users to use the “Save as” option as a workaround for saving PDF documents in the computer.
The Tor group also warned about the NoScript add-on (that comes pre-installed) may freeze some web pages, but this will be either fixed soon by the NoScript developers, or the Tor team itself will fix it in an update next week.
The new Tor browser 7.0 supports the latest versions of the Tor network (0.3.0.7), NoScript (5.0.5), and HTTPS Everywhere (5.2.17). You can now download it from Tor Project’s website.