Tor Browser 15.0.2 is now available from the Tor Browser download page and also from our distribution directory. This version includes important security updates to Firefox. ## Send us your feedback If you find a bug or have a suggestion for how we could improve this release, please let us know. ## Full changelog The full changelog since Tor Browser 15.0.1 is: * All Platforms * Updated Tor to 0.4.8.20 * Build System * Android * Bug tor-browser-build#41629: Bump JNA to 5.16.0 * applications * releases

* * * ### _This is a guest post from our friends atGlobal Voices._ * * * _Across at least the last two six-year presidential terms in Mexico, and through the first year of the current administration, access to the federal government's primary websites for information and public services over the Tor network was blocked._ A study by the authors of this article published October 9, 2023, reports that 21 government agencies blocked access from the Tor network. The blockage was partially lifted in the first days of July 2025. The Tor network is used by millions of users daily to securely access the internet, safeguard their right to information and free speech, and evade censorship or government surveillance. In Mexico, an estimated 20 thousand people use it, according to data published by the Tor Project. In Mexico, Tor has been adopted by civil society organizations and collectives, including the implementation of anonymous mailboxes in journalistic outlets and digital safeguards in human rights advocacies. Under the previous administration, the Mexican government acknowledged the benefits of using Tor for the purposes of combating corruption. It established a mailbox for the Ministry of the Civil Service using Tor. Thus, the government established a regulatory framework which acknowledges the need to guarantee anonymity for whistleblower activities within the civil service. A notice published in the Official Gazette of the Federation stated: > > _Safeguarding confidentiality: [...] is an obligation for all persons assigned to the Bureau[;] the Coordinator General, assisted by the Coordinator, shall supervise, control, and evaluate all activities of the System [to ensure that] they guarantee anonymity of whistleblowers and information, taking the measures they deem necessary, and shall implement actions for improvement in furtherance of such efforts._ The administration of [former] President Enrique Pena Nieto (2012-2018) did not acknowledge the blockage, whereas under Andres Manuel Lopez Obrador (2018-2024) the government acknowledged that it maintained the blockage and explained that it did so for security reasons. > > _(...) protective measures are taken, such as blocking network traffic considered malicious, automated, or potentially threatening, which affects users of the Tor network, since its very nature makes it impossible to distinguish between ordinary and automated users, which is considered a risk to gob.mx, for which reason access over that network is restricted._ Juan Carlos Guerrero Torres, Director of Legal Analysis and Document Management in the president's office, which is responsible for digital strategy and the development of lines and operation of digital infrastructure, replied to Global Voices. Regarding this response, the Tor Project, through its spokesman Pavel Zoneff, informed us that there are workarounds which show that it is possible to achieve a balance between minimizing risks for both users and websites without denying internet access to parties that depend on the Tor network. In his words: > > _"Blocking entire sections of the internet based on the outdated belief that all traffic from the Tor network is indistinguishable or malicious is a mistake and puts people at risk. There are many ways for websites to defend against threats such as DoS attacks, bots, and other malicious actions without isolating a significant part of the global online community." Zoneff_ ## Current administration reverses policy On the other hand, on May 6, the current administration under President Claudia Sheinbaum Pardo declared that it has no policy position or documented justification to block access by Tor users to the website www.gob.mx. As (sic) stated by Gabriela Ignacio Vazquez, Coordinator of Digital Infrastructure and Liaison for Transparency of the National Bureau of Digital Infrastructure in the Digital Transformation Agency, responsible for orienting the relevant policy. On July 5, in the course of routine monitoring for research purposes, we confirmed that the block on www.gob.mx had been lifted. Thus, it is now possible to access the Mexican government's primary information site -and by extension information from the different government agencies concentrated there- from the Tor network. However, we also found that datos.gob.mx maintains the blockage, and the whistleblower mailbox, which previously admitted support for Tor users, was disabled and replaced with the SIDEC platform, which does not permit access from the Tor network. * * * **To learn more about Global Voices' coverage of digital rights, internet freedom, and online privacy issues around the world, visitGlobal Voices.** * circumvention * community * reports * global south * partners

## Changes and updates * Update _Tor Browser_ to 15.0.1. _Tor Browser_ 15.0 is based on _Firefox_ 140 and inherits from it several new features that are particularly useful if you use many tabs: * Vertical tabs * Tab groups * New address bar with improved search * Update _Thunderbird_ to 140.4.0. * Update the _Linux_ kernel to 6.12.57. * Remove _Root Console_. To open a root console, you can execute the following command in a _Console_. sudo -i * Show _Don't ask again_ notifications only after the clock has been synchronized. ## Fixed problems * Disable connections that _Thunderbird_ was making to telemetry services run by Mozilla. (#21275) For more details, read our changelog. ## Get Tails 7.2 ### To upgrade your Tails USB stick and keep your Persistent Storage * Automatic upgrades are available from Tails 7.0 or later to 7.2. * If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade. ### To install Tails 7.2 on a new USB stick Follow our installation instructions: * Install from Windows * Install from macOS * Install from Linux * Install from Debian or Ubuntu using the command line and GnuPG The Persistent Storage on the USB stick will be lost if you install instead of upgrading. ### To download only If you don't need installation or upgrade instructions, you can download Tails 7.2 directly: * For USB sticks (USB image) * For DVDs and virtual machines (ISO image) ## Support and feedback For support and feedback, visit the Support section on the Tails website. * tails * releases

Tor Browser 15.0.1 is now available from the Tor Browser download page and also from our distribution directory. This version includes important security updates to Firefox. ## Send us your feedback If you find a bug or have a suggestion for how we could improve this release, please let us know. ## Full changelog The full changelog since Tor Browser 15.0 is: * All Platforms * Updated NoScript to 13.4 * Bug tor-browser#44319: Rebase Tor Browser onto 140.5.0esr * Bug tor-browser#44325: Backport Security Fixes from Firefox 145 * Bug tor-browser#44333: Add the "No AI" version of DuckDuckGo to available search engines * Bug mullvad-browser#487: Search engines are sorted alphabetically rather than the desired order * Windows + macOS + Linux * Updated Firefox to 140.5.0esr * Bug tor-browser#44310: Default zoom always resets to 100% * Bug tor-browser#44314: Upgrade message not shown in about:tor * Linux * Bug tor-browser#44273: Restore Noto CJK as Jigmo has a too low readability * Bug tor-browser#44315: Font/text issue with self-upgrade window * Android * Updated GeckoView to 140.5.0esr * Bug tor-browser#44303: Extension update job might never work on Android * Build System * All Platforms * Bug tor-browser-build#41618: Restore the expert bundle's version in the final release directory * Windows + Linux + Android * Updated Go to 1.24.10 * Android * Bug tor-browser-build#41617: Pass page size to zipalign * Bug tor-browser-build#41620: Do not rerun zipalign when signing * Bug tor-browser-build#41621: Remove support using older android build tools when signing 14.5 releases in tools/signing/wrappers/sign-apk * applications * releases

Arti is our ongoing project to create a next-generation Tor implementation in Rust. We're happy to announce the latest release, Arti 1.7.0. Arti 1.7.0 stabilizes the onion service restricted discovery feature, previously known as "client authorization". This requires Arti to be built with the `restricted-discovery` feature enabled, and for the appropriate configuration options to be enabled and configured for the onion service. In addition to Arti's existing SOCKS proxy, Arti now has experimental support for running an HTTP CONNECT proxy. When built with the experimental `http-connect` feature enabled, Arti's SOCKS listeners will also accept `HTTP CONNECT` tunnel requests, with support for Tor extensions as amended by proposal 365. This release of Arti continues behind-the-scenes development of functionality required to support relays and directory authorities. This development has focused on the routing architecture and protocol implementation (circuits and channels), parsing and generating Tor network documents, directory cache support, and the relay main-loop/front-end code. Arti 1.7.0 increases our MSRV (Minimum Supported Rust Version) to 1.86.0, in accordance with our MSRV policy. For full details on what we've done, including API changes, and for information about many more minor and less visible changes, please see the CHANGELOG. For more information on using Arti, see our top-level README, and the documentation for the `arti` binary. Thanks to everybody who's contributed to this release, including 5225225, hashcatHitman, hjrgrn, Neel Chauhan, and Niel Duysters. Also, our deep thanks to our sponsors for funding the development of Arti! * announcements * releases

Most of us lose it when the wifi goes out for even 5 minutes. Now imagine what happens when the internet shuts down more permanently, or in a moment of crisis? How do you access trustworthy information? How do you stay in touch with others? And how can you support your community during a crisis? Tune into the 2025 State of the Onion livestream, a virtual two-day event featuring the Tor Project & Tor community's efforts to serve as a lifeline for communities during moments of crisis. ### Save the Dates * Wednesday, November 12, 17:00 - 18:00 UTC -- Updates from the Tor Project * Wednesday, December 10, 17:00 - 18:00 UTC -- Updates from the Tor Community Both events will be live-streamed and available for replay on our YouTube channel. Engage in the conversation on social media with the hashtags #Tor #StateOfTheOnion2025 or post questions and comments in the chat during the event. ### Tor Project Day - November 12, 2025 Join us on Day 1 as the Tor Project's teams discuss the behind the scenes efforts that keep Tor users safe and secure against surveillance and attacks. * **Getting connected:** Hear more about how our teams collaborate to fight censorship in places like Iran, Russia, and China. * **Staying connected:** Learn about how we defend against attacks and keep the network strong. * **Keeping the lifeline alive:** Find out how we're making our tools and services easier to use and integrate, and manage the systems that empower a community of global collaborators. See you there! * * * We couldn't do the work we're sharing at this year's State of the Onion without your support! This event is part of our year-end fundraising campaign. You can fund the Tor Project's work by making a donation today. Right now, if you make a donation to Tor, your donation will be matched by a generous supporter. That means if you donate $25, they will also donate $25 --- effectively doubling your gift and raising $50 for our teams. You can check out our previous State of the Onion streams on our YouTube channel or replay some other virtual events we've participated in earlier this year like the Anonymity for a healthy democracy with Isabela Fernandes or IGF 2025: Truth Under Siege.

We are very excited to present you Tails 7.0, the first version of Tails based on Debian 13 (Trixie) and GNOME 48 (Bengaluru). Tails 7.0 brings new versions of many applications included in Tails. ## Dedication Tails 7.0 is dedicated to the memory of Lunar (1982–2024). Lunar was a traveling companion for Tails, a Tor volunteer, Free Software hacker, and community organizer. Lunar has always been by our side throughout Tails' history. From the first baby steps of the project that eventually became Tails, to the merge with Tor, he's provided sensible technical suggestions, out-of-the-box product design ideas, outreach support, and caring organizational advice. Outside of Tor, Lunar worked on highly successful Free Software projects such as the Debian project, the Linux distribution on which Tails is based, and the Reproducible Builds project, which helps us verify the integrity of Tails releases. Lunar will be deeply missed, both in our community and in the many other communities he participated in. See also what other projects have written about Lunar. ## Changes and updates ### Faster startup Tails 7.0 starts 10–15 seconds faster on most computers. We achieve this by changing the compression algorithm of the Tails USB and ISO images from `xz` to `zstd`. As a consequence, the image is 10% bigger than it would be with the previous algorithm. While testing this change, we noticed that Tails on USB sticks of poor quality can also start 20 seconds slower than on quality USB sticks. If you are in a place where counterfeit electronics are common, we recommend that you buy your USB stick from an international supermarket chain, which should have a more reliable supply chain. ### Included software * Replace _GNOME Terminal_ with _GNOME Console_. * Replace _GNOME Image Viewer_ with _GNOME Loupe_. * Update _Tor Browser_ to 14.5.7. * Update the _Tor_ client to 0.4.8.17. * Update _Thunderbird_ to 128.14.0esr. * Update _Electrum_ from 4.3.4 to 4.5.8. * Update _OnionShare_ from 2.6.2 to 2.6.3. * Update _KeePassXC_ from 2.7.4 to 2.7.10. * Update _Kleopatra_ from 4:22.12 to 4:24.12 * Update _Inkscape_ from 1.2.2 to 1.4. * Update _GIMP_ from 2.10.34 to 3.0.4. * Update _Audacity_ from 3.2.4 to 3.7.3. * Update _Text Editor_ from 43.2 to 48.3. * Update _Document Scanner_ from 42.5 to 46.0. ### Changes in GNOME * Many sections of the _Settings_ utility have been redesigned, for example Accessibility, Sound, and Mouse & Keyboard in GNOME 44 Accessibility settings also include new accessibility features, such as Overamplication and Always Show Scrollbars. * The Activities button has been replaced with a dynamic workspace indicator in GNOME 45. * The Screen Reader has been improved in different ways, for example, with better table navigation and a sleep mode in GNOME 46. * A new option to perserve battery health is available in the power settings in GNOME 48. ### Removals * Remove the **Places** menu. You can access the same shortcuts from the sidebar of the _Files_ browser. * Remove _Kleopatra_ from the Favorites menu. To start _Kleopatra_ , choose **Apps ▸ Accessories ▸ Kleopatra**. * Remove `unar`. The _File Roller_ utility still opens most RAR archives. * Remove the `aircrack-ng` package. You can still install `aircrack-ng` using the Additional Software feature. * Remove the _Power Statistics_ utility. * Remove the `sq` package. * Remove the obsolete Network Connection option from the Welcome Screen. ### Hardware support * Update the _Linux_ kernel to 6.12.43. This improves support for newer hardware: graphics, Wi-Fi, and so on. * Increase the memory requirements from 2 GB of RAM to 3 GB. (#21114) Tails 7.0 displays a notification when the RAM requirements are not met. We estimate that less than 2% of users are affected. ## Fixed problems * Fix selecting the correct keyboard for certain languages. (#12638) For more details, read our changelog. ## Get Tails 7.0 ### To upgrade your Tails USB stick and keep your Persistent Storage * Automatic upgrades are only available from Tails 7.0~rc1 and 7.0~rc2 to 7.0. All other users have to do a manual upgrade. ### To install Tails 7.0 on a new USB stick Follow our installation instructions: * Install from Windows * Install from macOS * Install from Linux * Install from Debian or Ubuntu using the command line and GnuPG The Persistent Storage on the USB stick will be lost if you install instead of upgrading. ### To download only If you don't need installation or upgrade instructions, you can download Tails 7.0 directly: * For USB sticks (USB image) * For DVDs and virtual machines (ISO image) ## Support and feedback For support and feedback, visit the Support section on the Tails website. * tails * releases

Tor Browser 15.0a3 is now available from the Tor Browser download page and also from our distribution directory. This version includes important security updates to Firefox. ## Send us your feedback If you find a bug or have a suggestion for how we could improve this release, please let us know. ⚠️ **Reminder** : Tor Browser Alpha release channel is for testing only. If you are at risk or need strong anonymity, stick with the stable release channel. ## Full changelog The full changelog since Tor Browser 15.0a2 is: * All Platforms * Updated Tor to 0.4.9.3-alpha * Updated OpenSSL to 3.5.3 * Bug tor-browser#43009: Backport Bug 1973265 - Put WebCodecs API behind RFP Target * Bug tor-browser#43093: Refactor the patch to disable LaterRun * Bug meta#43745: Review Mozilla 1842838: HEVC (H265) playback related bugs. See the support status on the User Story. [tor-browser] * Bug tor-browser#44032: Implement YEC 2025 Takeover for Desktop Stable * Bug tor-browser#44199: Backport Security Fixes from Firefox 143 * Bug tor-browser-build#41429: Add a note about user safety to Tor Browser Alpha blog posts * Bug tor-browser-build#41563: Do not copy Noto Color Emoji on Windows * Windows + macOS + Linux * Updated Firefox to 140.3.0esr * Bug tor-browser#42025: Purple elements (e.g. Tor buttons) need dark theme variants * Bug tor-browser#43664: Review Mozilla 1842832: Move the private browsing toggle to initial install dialog * Bug tor-browser#43770: Bugzilla 1958070: More BrowserGlue simplification/splitting * Bug tor-browser#43966: Notify the user when they are in a custom security level (desktop) * Bug tor-browser#44142: Missing document_pdf.svg from our branding directories * Bug tor-browser#44145: Switch onion connection icons to use --icon-color-critical and --icon-color * Bug tor-browser#44180: Clear YEC 2024 preference * Linux * Bug tor-browser#43950: Review Mozilla 1894818: Support HEVC playback on Linux * Bug tor-browser#43959: Make Noto Color Emoji the default emoji font on Linux * Android * Updated GeckoView to 140.3.0esr * Bug tor-browser#43755: Restore functionality of "switch to tab" urlbar suggestion * Bug tor-browser#43943: Review Mozilla 1928705: Ship Android Font Restrictions as part of FPP * Bug tor-browser#44172: Fix crash in TorAndroidIntegration.handleMessage() * Build System * All Platforms * Bug tor-browser-build#41064: Update tools/signing/README and add a tools/signing/machines-setup/README * Bug tor-browser-build#41474: update README to explain moat-settings project requires `jq` to be installed * Windows + Linux + Android * Updated Go to 1.24.7 * Linux * Bug tor-browser-build#41561: Ship Noto Color Emoji on Linux * applications * releases

Arti is our ongoing project to create a next-generation Tor implementation in Rust. We're happy to announce the latest release, Arti 1.6.0. Arti 1.6.0 brings experimental support for circuit padding, mitigations for DropMark side channel attacks, improvements to congestion control, a new `arti keys check-integrity` command, and experimental support for exporting debugging information via OpenTelemetry. It also includes behind-the-scenes work towards enabling Arti to act as a directory authority, a directory mirror, and a relay. Arti 1.6.0 increases our MSRV (Minimum Supported Rust Version) to 1.85.1, in accordance with our MSRV policy. For full details on what we've done, including API changes, and for information about many more minor and less visible changes, please see the CHANGELOG. For more information on using Arti, see our top-level README, and the documentation for the `arti` binary. Thanks to everybody who's contributed to this release, including 5225225, Aiden McClelland, disha, hashcatHitman, hjrgrn, Niel Duysters, Tobias Pulls, Tobias Stoeckmann, and trinity-1686a. Also, our deep thanks to our sponsors for funding the development of Arti! * announcements * releases

## Changes and updates * Change the home page of _Tor Browser_ in Tails to an _offline_ page, very similar to the home page of _Tor Browser_ outside of Tails, instead of an _online_ page from our website. * Improve the message when an administration password is required to open an application but no administration password was set in the Welcome Screen. * Update _Tor Browser_ to 14.5.8. * Update the _Tor_ client to 0.4.8.19. * Update _Thunderbird_ to 140.3.0. * Remove the package `ifupdown`. ## Fixed problems * Hide the message "_Your connection to Tor is not being managed by Tor Browser_ " in new tabs of _Tor Browser_. (#21215) For more details, read our changelog. ## Get Tails 7.1 ### To upgrade your Tails USB stick and keep your Persistent Storage * Automatic upgrades are available from Tails 7.0 or later to 7.1. * If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade. ### To install Tails 7.1 on a new USB stick Follow our installation instructions: * Install from Windows * Install from macOS * Install from Linux * Install from Debian or Ubuntu using the command line and GnuPG The Persistent Storage on the USB stick will be lost if you install instead of upgrading. ### To download only If you don't need installation or upgrade instructions, you can download Tails 7.1 directly: * For USB sticks (USB image) * For DVDs and virtual machines (ISO image) ## Support and feedback For support and feedback, visit the Support section on the Tails website. * tails * releases

Tor Browser 14.5.8 is now available from the Tor Browser download page and also from our distribution directory. This version includes important security updates to Firefox. ## Send us your feedback If you find a bug or have a suggestion for how we could improve this release, please let us know. ## Full changelog The full changelog since Tor Browser 14.5.7 is: * All Platforms * Updated Tor to 0.4.8.19 * Updated OpenSSL to 3.5.4 * Bug tor-browser#44239: DDG HTML page and search results displayed incorrectly with Safest security setting * Bug tor-browser#44240: Typo on dom.security.https_first_add_exception_on_failure * Bug tor-browser#44244: Backport Security Fixes from Firefox 144 * Bug tor-browser-build#41574: Update Snowflake builtin bridge lines * Windows + macOS + Linux * Bug tor-browser#44032: Implement YEC 2025 Takeover for Desktop Stable * Android * Bug tor-browser#44031: Implement YEC 2025 Takeover for Android Stable * applications * releases

Is the internet today the internet you want for future generations? What if instead of for-profit greed, rampant privacy violations, and pervasive government spying, we could have a different relationship with the internet? What if we could FREE THE INTERNET from the chains of surveillance and censorship? At the Tor Project, along with our incredible community of supporters, we're not just imagining a free internet — **we're building it** : * In countries like Turkmenistan where access to information is tightly controlled, Turkmen.news trusts Tor to provide safe access to the free internet where it once did not exist. * Freedom of the Press Foundation uses Tor as the backbone of SecureDrop, a tool that allows journalists and sources to communicate freely without fear of retaliation or exposure. * In Russia and Egypt, where authorities often block encrypted tools to control communications, individuals use Tor Browser to access encrypted email services like Tuta Mail to freely communicate. Tor is a building block for a free internet, and it takes our collective efforts to improve and amplify it. That’s why during the next three months, the Tor Project will be holding a fundraising campaign during which we ask for your support to advance digital freedom. As a 501(c)3 nonprofit, the Tor Project relies on donations to power its tools – the Tor network, Tor Browser, Tails OS, and the Tor ecosystem. These tools are trusted by millions and always **free** to use, without collecting, selling, trading, or renting any of your data for profit. This year we are calling to **FREE THE INTERNET** by supporting Tor. If you give now during the campaign, your donation will be matched by our supporters at Power Up Privacy. This means a $25 donation will have a $50 impact – and all donations over $25 will qualify you for fun Tor merchandise. 👀 In the 2023-2024 fiscal year, 84% of our expenses were associated with program services. That means that a very significant portion of our budget goes directly into building Tor and making it better. Those program services include building Tor technology, conducting outreach, and keeping Tor tools up-to-date and secure. We are proud to have a Four-Star Charity rating from Charity Navigator, and have been awarded Candid’s Platinum Seal of Transparency. This demonstrates the Tor Project’s commitment to openness and honesty in how the organization manages its finances and uses your investment for a greater impact. Join us in being defiant against profit-driven tech tools and keeping Tor tools FREE, private, and accessible. Your support today helps build a better internet for tomorrow. * * * To learn more about how Tor is freeing the internet from surveillance and censorship, and how we are putting charitable donations to work, please tune into our annual _State of the Onion_ virtual event to learn more. Save these dates and make your donation today! # Upcoming events * **State of the Onion – the Tor Project (Wednesday, November 12)** * The State of the Onion is the Tor Project's annual virtual event where we share updates from the Tor Project and the Tor community. The event on November 12 will focus on the Tor Project and the organization’s work. * 📺 Stream live on our YouTube channel * **State of the Onion – Community (Wednesday, December 10)** * The State of the Onion is the Tor Project's annual virtual event where we share updates from the Tor Project and the Tor community. The event on December 10 will be a special day celebrating the UN’s adoption and proclamation of the Universal Declaration of Human Rights (UDHR) in 1948 as well. * 📺 Stream live on our YouTube channel # Ways to contribute * **Make a donation** : Donate through our website (or any other method listed on our FAQ and your donation will be matched, 1:1, up to $250,000. * **Ask the company you work for if they will match your donation** : Many corporations will match their employees’ donations to charitable organizations. Ask at work if your company will match your gift. * **Share on social media** : Let the people in your networks know that all donations to the Tor Project are currently being matched. You can easily share a post from our social channels: Mastodon, Bluesky, X, and more. * **Subscribe to Tor News** : No ads. No tracking. Just low-traffic Tor updates via email. * * * # 1:1 Match provided by Power Up Privacy Power Up Privacy is matching all donations to the Tor Project between now and December 31, 2025. Power Up Privacy is an advocacy group that funds privacy-related research and development projects. They seek to make maximum impact by identifying key, underfunded areas in the privacy software ecosystem and injecting resources, financial and otherwise, in order to strengthen the necessary infrastructure we need to preserve freedom and human rights.

Tor Browser 14.5.9 is now available from the Tor Browser download page and also from our distribution directory. This is a minor update fixing a bug with our Year End Campaign takeover on Tor Browser Android. ## Send us your feedback If you find a bug or have a suggestion for how we could improve this release, please let us know. ## Full changelog The full changelog since Tor Browser 14.5.8 is: * Android * Bug tor-browser#44263: YEC does not display on Tor Browser 14.5.8 Android * applications * releases

Tor Browser 15.0a4 is now available from the Tor Browser download page and also from our distribution directory. This version includes important security updates to Firefox. ## Release Candidate If all goes as planned, this will be our last alpha release in the 15.0 series before it is promoted to stable in the last week of October. Next week we will be focusing primarily on QA and ensuring all the various features and scenarios supported in Tor Browser still work as expected. This QA work will be tracked in the following gitlab issues: * tor-browser#43984 - Tor Browser 15.0 Release QA - Desktop * tor-browser#43985 - Tor Browser 15.0 Release QA - Android As we reach the home stretch, now would be a great time to download and try out Tor Browser Alpha! We would appreciate it if the community would evaluate and exercise these following changes: ### 🤖 Removal of Various AI Features Over the past year Mozilla has been working on integrating various AI features and integrations into Firefox (e.g. the AI chatbot sidebar). Such machine learning systems and platforms are inherently un-auditable from a security and privacy perspective. We also do not want to imply recommendation or promotion of such systems by including them in Tor Browser. Therefore, we have done what we can to remove such features from the browser. ### ☁️ Rename `meek-azure` pluggable-transport to just `meek` In the past, we have used various cloud platform to host `meek` pluggable-transport backends including Google, Amazon, and Azure. However, as time passed these backends have moved and migrated and thus the cloud provider-specific name has become an historical artifact. Therefore, we have dropped the Azure part of the name and now just call it `meek`. Let this be a lesson to you about naming things! ### 🟪 Improved Dark Theme Support in Browser Chrome We have improved the styling for our various Tor Browser-specific UI components for dark browser themes. All of our various purple elements should now look like they belong. ### 🦊 Removal/Replacement of New Firefox/Mozilla-specific Branding and Features As part of ordinary incremental UI updates over the past year and the implementation of new features, Mozilla has added various new brand assets and service integrations. This includes things like those cute little fox graphics, Firefox Home, and the new History Sidebar. As of this release, there should not be any more Firefox or Mozilla specific branding, features, or service integrations accessible in Tor Browser. The new history sidebar in particular has been replaced with the legacy history panel from previous Tor Browser versions. ### 🐧 Updated Emoji Font for Linux We have included the Noto Color Emoji font with our Linux builds. Linux users should now have all the latest and greatest emoji provided by Noto Emoji. ### 🈴️ Improved CJK Glyph Rendering At the suggestion of a cypherpunk, we have swapped out the Noto font family for Jigmo. This _should_ allow more Chinese, Japanese, and Korean graphemes to render accurately in web content. ### ✉️ Letterboxing Styling Improvements We have tweaked our custom styling of the web-content letterboxing feature to confirm with and adapt to Firefox's own styling changes in Firefox 140. These tweaks should also play nicely with upstream's vertical tabs feature. ### 🚫 WebAssembly Restrictions Now Managed by NoScript Historically, we have disabled WebAssembly globally when the browser is in the `Safer` and `Safest` security levels. However, with the latest Firefox version this has proven to be too aggressive, as doing so broke functionality in the built-in PDF reader. We therefore now rely on the NoScript extension built into the browser to handle disabling WebAssembly functionality in web content while the browser is in the `Safer` and `Safest` security levels, while also allowing WebAssembly to run unhindered in safe+privileged contexts like the PDF reader. ### 🔍 Stopped Hiding Protocol in URL on Desktop Mozilla has reversed course on when the protocol portion (e.g. `http` or `https`) of the URL in the URL bar is hidden since Firefox 128. We used to have logic in one of our patches around Onion Services (which are always end-to-end encrypted regardless of the application-level protocol used) to follow whatever Firefox does for `https`. However, with the latest changes in Firefox, this patch became a bit gnarly to apply correctly so we took a step back and thought to ourselves, why are we even conditionally hiding this from the user? So for now, we have decided not to hide the protocol from the user on Desktop platforms using a supported Firefox pref. We continue to follow upstream and _always_ hide the protocol in the URL bar on Android (where horizontal space is at a premium). Users of Tor Browser Android can simply click the icon in the URL bar to get all the info about a websites HTTPS usage. ## Send us your feedback If you find a bug or have a suggestion for how we could improve this release, please let us know. ⚠️ **Reminder** : Tor Browser Alpha release channel is for testing only. If you are at risk or need strong anonymity, stick with the stable release channel. ## Full changelog The full changelog since Tor Browser 15.0a3 is: * All Platforms * Updated NoScript to 13.2.1 * Updated OpenSSL to 3.5.4 * Bug tor-browser#19741: Opensearch (contextual search) does not obey FPI * Bug tor-browser#43850: Modify the Contrast Control settings for RFP * Bug tor-browser#43869: Hide pens with RFP * Bug tor-browser#44068: Handle migration from meek-azure to meek built-in bridge type * Bug tor-browser#44234: No images in PDF * Bug tor-browser#44240: Typo on dom.security.https_first_add_exception_on_failure * Bug tor-browser#44242: Hand over Security Level's WebAssembly controls to NoScript * Bug tor-browser#44250: Rebase Tor Browser Alpha onto 140.4esr * Bug tor-browser-build#41574: Update Snowflake builtin bridge lines * Windows + macOS + Linux * Updated Firefox to 140.4.0esr * Bug tor-browser#43900: Open newtab rather than firefoxview when unloading the last tab * Bug tor-browser#44101: Toolbar connection status is not visible when using vertical tabs * Bug tor-browser#44107: Switch tab search action is missing an icon * Bug tor-browser#44108: Fix the new history sidebar * Bug tor-browser#44123: Do not trim protocol off of URLs ever * Bug tor-browser#44153: Test search engines * Bug tor-browser#44159: Change or hide the sidebar settings description * Bug tor-browser#44177: Remove more urlbar actions * Bug tor-browser#44178: Search preservation does not work with duckduckgo in safest security level * Bug tor-browser#44184: Duckduckgo Onion Lite search does not work properly in safest when added as a search engine * Bug tor-browser#44187: TLS session tickets leak Private Browsing mode * Bug tor-browser#44192: Hovering unloaded tab causes console error * Bug tor-browser#44213: Reduce linkability concerns of the "Search with" contextual search action * Bug tor-browser#44214: Update letterboxing to reflect changes in ESR 140 * Bug tor-browser#44215: Hide Firefox home settings in about:preferences * Bug tor-browser#44221: Backport MozBug 1984333 Bump Spoofed Processor Count * Bug tor-browser#44239: DDG HTML page and search results displayed incorrectly with Safest security setting * Bug tor-browser#44262: Disable adding search engines from HTML forms * Linux * Bug tor-browser#44227: Some CJK characters cannot be rendered by Tor which uses the Noto font family * Bug tor-browser-build#41586: Replace Noto CJK with Jigmo on Linux * Android * Updated GeckoView to 140.4.0esr * Bug tor-browser#43401: Replace the constructor of Locale with a builder * Bug tor-browser#43643: Clean out unused tor connect strings * Bug tor-browser#43650: Survey banner behaves like a dialog on Android, rather than a card * Bug tor-browser#43676: Preemptively disable unified trust panel by default so we are tracking for next ESR * Bug tor-browser#44031: Implement YEC 2025 Takeover for Android Stable * Bug tor-browser#44218: Tor Browser Alpha for Android (15.0a2) doesn't work on Huawei devices P20 and P30 * Bug tor-browser#44237: Revoke access to all advertising ids available in Android * Build System * All Platforms * Bug tor-browser-build#41568: Update instructions for manually building 7zip * Bug tor-browser-build#41576: Build expert bundles outside containers * Bug tor-browser-build#41579: Add zip to the list of Tor Browser Build dependencies * Bug tor-browser-build#41588: Restore legacy channel support in projects/release/update_responses_config.yml * Bug tor-browser-build#41589: Backport tor-browser-build-browser#41270: Add updater rewriterules to make 13.5.7 a watershed * Windows + macOS + Linux * Bug tor-browser-build#41373: Remove `_ALL` from mar filenames * Bug tor-browser#44131: Generate torrc-defaults and put it in objdir post-build * Windows + Linux + Android * Updated Go to 1.24.9 * Windows * Bug tor-browser#44167: Move the nsis-uninstall.patch to tor-browser repository * macOS * Bug tor-browser-build#41571: Work-around to prevent older 7z versions to break rcodesign. * Linux * Bug tor-browser-build#41558: Share descriptions between Linux packages and archives * Bug tor-browser-build#41569: Use var/display_name in .desktop files * Android * Bug tor-browser#44220: Disable the JS minifier as it produces invalid JS * Bug tor-browser-build#41577: Minify JS with UglifyJS on Android x86 * Bug tor-browser-build#41582: Drop --pack-dyn-relocs=relr * Bug tor-browser-build#41583: Align tor and PTs to 16kB on Android * applications * releases

Tor Browser 15.0 is now available from the Tor Browser download page and distribution directory. This is our first stable release based on Firefox ESR 140, incorporating a year's worth of changes that have been shipped upstream in Firefox. As part of this process, we've also completed our annual ESR transition audit, where we reviewed and addressed around 200 Bugzilla issues for changes in Firefox that may negatively affect the privacy and security of Tor Browser users. Our final reports from this audit are now available in the tor-browser-spec repository on our GitLab instance. The ongoing development of Tor Browser is made possible thanks to the support of our community. If Tor Browser is important to you, now is a great time to support our mission to **FREE THE INTERNET** , as all donations will be matched by Power Up Privacy through December 31, 2025. ## What's new? ### Desktop Tor Browser 15.0 inherits a multitude of useful new features and usability improvements from Firefox that have passed our audit. For desktop, these include vertical tabs: providing a more manageable, alternative layout with open and pinned tabs stacked in a sidebar rather than across the top of the window. For ease of access, Bookmarks can be retrieved directly from the sidebar when expanded too. However, regardless of whether you prefer horizontal or vertical tabs, everyone benefits from the addition of tab groups: helping you keep on top of the clutter by organizing tabs into collapsible groups that can be given names and color-coded. Tor Browser 15.0 also inherits elements of Firefox's recent address bar refresh, including a new unified search button that allows you to switch search engines on the fly, search bookmarks or tabs, and reference quick actions from the same menu. Note that Tor Browser tabs are still private tabs, and will clear when you close the browser. This enforces a kind of natural tidiness in Tor Browser since each new session starts fresh – however for privacy-conscious power users, project managers, researchers, or anyone else who accumulates tabs frighteningly quickly, we hope these organizational improvements will give you a much needed productivity boost. ### Android On Android, screen lock adds an extra layer of security to your browsing sessions. After enabling screen lock in Settings > Tabs, your tabs will lock automatically when you switch away from the browser without closing it. Upon returning to the app, you'll be prompted to unlock your tabs using your fingerprint, face, or pass code, depending on which option your device is configured to use. Like Tor Browser for Desktop, your browsing session will still be cleared when Tor Browser is closed. However, this feature provides peace of mind in a specific scenario: by ensuring that your browsing remains private even if someone has gained temporary access to your unlocked phone with Tor Browser open in the background – whether you've handed it to a friend, or left your device sitting on a table. ## What's changing? ### Updates to Android and Linux device compatibility At present, Firefox 140 and Tor Browser 15.0 support Android 5.0 or later, which was released almost 11 years ago. While Mozilla's commitment to support such an old version of Android is admirable, it introduces several technical and security challenges for developers. As a consequence, Firefox have announced their intention to increase the minimum support requirements to Android 8.0, and have also decided to drop support for x86 CPUs for Android and Linux. Sadly, it's not possible for the Tor Project to maintain support for these platforms on our own without official support from Mozilla. While these changes won't impact Tor Browser users immediately, we expect them to take effect with the release of Tor Browser 16.0 mid-next year. This means that Tor Browser 15.0 will be the last major release to support x86 for Linux and Android, in addition to Android 5.0, 6.0, and 7.0. However, we will continue to release minor updates with security fixes for these platforms until Tor Browser 16.0's eventual release. Although nobody wants to see support for their platform get dropped, it's an important step to maintain the stability and security of both Firefox and Tor Browser over time, and will allow developers to utilize newer technologies in both browsers. In addition, supporting x86 for Android has been particularly challenging for our developers due to the 100MB package size limit imposed by Google Play. While we have deployed several workarounds to stay within this limit in the recent past, these often come at a cost – such as x86 Android users missing out on the Conjure pluggable transport, for example. ### Disabling of WebAssembly now managed by NoScript WebAssembly (or Wasm) is a web technology that helps websites and web apps run faster. It allows web developers to write programs in languages like C, C++ or Rust, and compiles these into a special format that web browsers can run more efficiently. As has been suggested in this meta-analysis from 2024, further investigation of Wasm's potential exploits is necessary – therefore Wasm is currently disabled in the Safer and Safest security levels in order to reduce Tor Browser's attack surface. Up until now, this was achieved by setting the global preference `javascript.options.wasm` to false – however this approach was no longer viable after Mozilla implemented part of their PDF reader in Wasm between versions 128 and 140. Consequently, we have decided to move control of Wasm to NoScript, which is bundled with Tor Browser, and already manages JavaScript and other security features. This means that Wasm now works on privileged browser pages such as the PDF renderer, but NoScript will continue blocking the technology on regular websites at the Safer and Safest security levels. Users who have manually set `javascript.options.wasm` to "false" while in the Standard security level will see their security level represented as "Custom" instead. To mitigate any issues that may arise with the browser's PDF reader, we encourage those users to switch the preference back to "true", thereby passing management of Wasm over to NoScript. Furthermore, manually disabling Wasm at the Standard security level (either via NoScript or `javascript.options/wasm`) may also make your fingerprint more unique by deviating from Tor Browser's default configuration. To avoid this scenario, we recommend sticking with one of the pre-defined security levels and caution users against making further changes to individual preferences in about:config. Alternatively, should you wish to keep Wasm disabled in future, we invite you to increase your security level to Safer or Safest going forward. Note that both Safer and Safest users may notice `javascript.options.wasm` switch to "true" automatically as management of Wasm is passed over to and blocked by NoScript, meaning that you are still protected regardless. In addition, Safest users in particular are not vulnerable to any potential vulnerabilities introduced by Wasm since the format requires JavaScript to work. ## Known issues Tor Browser 15.0 comes with a number of known issues that can be found in Tor Browser's issue tracker. In particular, we would like to highlight the following: ### Desktop The initial release of vertical tabs in Tor Browser includes a couple of quirks: * When the sidebar is visible (such as when vertical tabs are enabled), the window may visibly resize when Tor Browser is launched. * Due to variations in window size, Letterboxing may be visible. You still get the anti-fingerprinting protections provided by Letterboxing, but the default window size will be different than intended. We are currently working to issue a fix for both of these bugs. Please see tor-browser#44096 for details. ### Android * Web pages may not load after updating Tor Browser on older versions of Android. This can be fixed by clearing your app cache manually in `Settings > Apps > Tor Browser > Storage & cache`. ## Get involved If you find a bug or have a suggestion for how we could improve this release, we'd love to hear your feedback. If you would like to contribute to a future release, please see our guide for new contributors to get started. ## Full changelog The full changelog since Tor Browser 14.5.9 is: * All Platforms * Updated NoScript to 13.2.2 * Updated Lyrebird to 0.6.2 * Bug tor-browser#19741: Opensearch (contextual search) does not obey FPI * Bug tor-browser#43009: Backport Bug 1973265 - Put WebCodecs API behind RFP Target * Bug tor-browser#43093: Refactor the patch to disable LaterRun * Bug tor-browser#43727: Update moz-toggle customisation for ESR 140 * Bug tor-browser#43745: Disable HEVC (H265) playback support * Bug tor-browser#43772: Do not use official branding for BB/TB/MB * Bug tor-browser#43784: Get confirmation from NoScript that settings are applied * Bug tor-browser#43832: Drop eslint-env * Bug tor-browser#43850: Modify the Contrast Control settings for RFP * Bug tor-browser#43853: DomainFrontedRequests: setData is no longer a function * Bug tor-browser#43864: Remove features from the unified search button * Bug tor-browser#43869: Hide pens with RFP * Bug tor-browser#43880: Update moat's domain front url * Bug tor-browser#44045: Drop AI and machine learning components * Bug tor-browser#44068: Handle migration from meek-azure to meek built-in bridge type * Bug tor-browser#44069: Update `meek-azure` related strings to `meek` * Bug tor-browser#44140: Refactored patch to prevent writing temp PDF files to disk * Bug tor-browser#44234: No images in PDF * Bug tor-browser#44275: Reduce console noise on security level guess * Bug tor-browser#44280: Test stream isolation * Bug tor-browser-build#41429: Add a note about user safety to Tor Browser Alpha blog posts * Bug tor-browser-build#41442: Update our audit CSVs to use the new Audit template * Bug tor-browser-build#41502: Application services build is failing on isNetworkAllowed() * Bug tor-browser-build#41609: Use new CDN77 fronts for snowflake * Windows + macOS + Linux * Updated Firefox to 140.4.0esr * Bug tor-browser#42025: Purple elements (e.g. Tor buttons) need dark theme variants * Bug tor-browser#42738: Tidy up the commit structure for browser updates UI * Bug tor-browser#43111: Delete our webextensions for search engines when Bug 1885953 is fixed upstream * Bug tor-browser#43519: Replace tor-loading.png with SVG * Bug tor-browser#43525: Check if our search engine customization still works after ESR 140 transition * Bug tor-browser#43590: Move letterboxing rules out of browser/base/content/browser.css * Bug tor-browser#43610: Use newer CSS variable names for ESR 140 * Bug tor-browser#43629: All migrations in migrateUIBB are run for new profiles * Bug tor-browser#43636: Tor exiting during startup with "connect automatically" leads to "Try a bridge" page * Bug tor-browser#43638: Fix up our `<command>` elements * Bug tor-browser#43664: Review Mozilla 1842832: Move the private browsing toggle to initial install dialog * Bug tor-browser#43728: Update search engine icon sizes * Bug tor-browser#43765: Temporarily disable Lox * Bug tor-browser#43766: Only save the relevant TorSettings changes to preferences. * Bug tor-browser#43770: Bugzilla 1958070: More BrowserGlue simplification/splitting * Bug tor-browser#43776: Set branding files for l10n merging * Bug tor-browser#43795: Restore the URL classifier XPCOM components. * Bug tor-browser#43817: Write e2e test for verifying if the browser is connected to the Tor network * Bug tor-browser#43844: Security level shield icon should be flipped for RTL locales * Bug tor-browser#43874: Incorporate our unified extension button hiding logic into mozilla's changes for ESR 140 * Bug tor-browser#43879: tor-branding.css declarations are overwritten * Bug tor-browser#43886: Fix new tab for ESR 140 * Bug tor-browser#43900: Open newtab rather than firefoxview when unloading the last tab * Bug tor-browser#43901: Modify about:license for Tor Browser and drop about:rights * Bug tor-browser#43902: Hide Sidebar buttons * Bug tor-browser#43903: Report broken site is disabled rather than hidden * Bug tor-browser#43905: base-browser.ftl missing from about:addons * Bug tor-browser#43906: Extension.sys.mjs change in the wrong commit * Bug tor-browser#43913: Context menu not properly populated * Bug tor-browser#43929: two about:tor pages opened after update * Bug tor-browser#43930: Onionize toggle not centre aligned in about:tor * Bug tor-browser#43947: Console error from ContentBlockingPrefs.init * Bug tor-browser#43966: Notify the user when they are in a custom security level (desktop) * Bug tor-browser#43989: Switch off AI chatbot preference * Bug tor-browser#44030: Security Level selector does not get confirmation before restarting * Bug tor-browser#44034: Update string used for checkbox on New Identity confirmation dialog * Bug tor-browser#44040: Modify nsIPrompt and the commonDialog code to allow destructive buttons * Bug tor-browser#44090: Several of our XUL pages cause a crash because of missing CSP * Bug tor-browser#44095: Rename connectionPane.xhtml and remove it from the jar * Bug tor-browser#44101: Toolbar connection status is not visible when using vertical tabs * Bug tor-browser#44106: Make sure background tasks are not used for shutdown cleanup * Bug tor-browser#44107: Switch tab search action is missing an icon * Bug tor-browser#44108: Fix the new history sidebar * Bug tor-browser#44115: Make remove all bridges dialog use a destructive red button * Bug tor-browser#44123: Do not trim protocol off of URLs ever * Bug tor-browser#44125: Do not offer to save signatures by default in Private Browsing Mode * Bug tor-browser#44141: Hide "Report broken site" items by default * Bug tor-browser#44142: Missing document_pdf.svg from our branding directories * Bug tor-browser#44145: Switch onion connection icons to use --icon-color-critical and --icon-color * Bug tor-browser#44153: Test search engine customization * Bug tor-browser#44159: Change or hide the sidebar settings description * Bug tor-browser#44177: Remove more urlbar actions * Bug tor-browser#44178: Search preservation does not work with duckduckgo in safest security level * Bug tor-browser#44180: Clear YEC 2024 preference * Bug tor-browser#44184: Duckduckgo Onion Lite search does not work properly in safest when added as a search engine * Bug tor-browser#44187: TLS session tickets leak Private Browsing mode * Bug tor-browser#44192: Hovering unloaded tab causes console error * Bug tor-browser#44213: Reduce linkability concerns of the "Search with" contextual search action * Bug tor-browser#44214: Update letterboxing to reflect changes in ESR 140 * Bug tor-browser#44215: Hide Firefox home settings in about:preferences * Bug tor-browser#44221: Backport MozBug 1984333 Bump Spoofed Processor Count * Bug tor-browser#44239: DDG HTML page and search results displayed incorrectly with Safest security setting * Bug tor-browser#44262: Disable adding search engines from HTML forms * Bug tor-browser#44270: Match Firefox's TLS fingerprint * Bug tor-browser#44279: Disable contextual search install prompt * Windows + Android * Bug tor-browser#44062: Force touch enabled on Windows and Android * Windows * Bug tor-browser#44046: Replace BASE_BROWSER_UPDATE with BASE_BROWSER_VERSION in the font visibility list * macOS * Bug tor-browser#44127: Do not show macOS Privacy hint on network error pages * Linux * Bug tor-browser#43950: Review Mozilla 1894818: Support HEVC playback on Linux * Bug tor-browser#43959: Make Noto Color Emoji the default emoji font on Linux * Bug tor-browser#44227: Some CJK characters cannot be rendered by Tor which uses the Noto font family * Bug tor-browser#44286: Hardcode GTK system font * Bug tor-browser-build#41586: Replace Noto CJK with Jigmo on Linux * Android * Updated GeckoView to 140.4.0esr * Bug tor-browser#43179: Make persistent 'private tabs' notification distinct from Firefox's * Bug tor-browser#43401: Replace the constructor of Locale with a builder * Bug tor-browser#43577: Flush settings fails on Android * Bug tor-browser#43643: Clean out unused tor connect strings * Bug tor-browser#43650: Survey banner behaves like a dialog on Android, rather than a card * Bug tor-browser#43676: Preemptively disable unified trust panel by default so we are tracking for next ESR * Bug tor-browser#43699: Dummy "about:" pages are not cleared from recently closed tabs (and possibly elsewhere) because they are normal tabs, not private tabs. * Bug tor-browser#43755: Restore functionality of "switch to tab" urlbar suggestion * Bug tor-browser#43757: Disable setting for trending search * Bug tor-browser#43826: Review Mozilla 1960122: Use `MOZ_BUILD_DATE` in Fenix build configuration * Bug tor-browser#43855: brand.properties merging on Android is broken in 140 * Bug tor-browser#43943: Review Mozilla 1928705: Ship Android Font Restrictions as part of FPP * Bug tor-browser#44021: Android settings page colors are sometimes messed up (seems to be on the first launch) * Bug tor-browser#44029: Search/url bar doesn't work on android after ESR 140 * Bug tor-browser#44036: Crash on opening "Search Settings" on android * Bug tor-browser#44042: Debug crash when opening settings too quickly after launching app * Bug tor-browser#44047: Tor Browser's home doesn't have the background at the first load on Android * Bug tor-browser#44080: Further remove "Analytics data collection and usage" * Bug tor-browser#44083: "snowflake" is lower case on Android * Bug tor-browser#44098: Bookmarks offer a way to go to sync in 15.0a1 * Bug tor-browser#44133: Hide the "Allow in private browsing" checkboxes from WebExtension management UI * Bug tor-browser#44139: Restore the (inactive) YouTube and Reddit search plugins on Android * Bug tor-browser#44172: Fix crash in TorAndroidIntegration.handleMessage() * Bug tor-browser#44196: Persistent notification sometimes does not clear * Bug tor-browser#44237: Revoke access to all advertising ids available in Android * Bug tor-browser#44293: Force immediate NoScript update checks after bootstrap * Bug tor-browser-build#41494: Update GeckoView build scripts for ESR140 * Build System * All Platforms * Bug tor-browser#43615: Add Gitlab Issue and Merge request templates * Bug tor-browser#43616: Customize Gitlab Issue and Merge templates * Bug tor-browser#43891: Update the translation CI to use the new mozilla versions * Bug tor-browser#43954: Update tb-dev to handle lightweight tags * Bug tor-browser#43962: update tb-dev auto-fixup for git 2.50 * Bug tor-browser#44061: "Contributing" link is broken * Bug tor-browser#44067: Move --enable-geckodriver only to Linux-only mozconfigs * Bug tor-browser#44103: git's export-subst is a reproducibility problem * Bug tor-browser#44104: Don't run linter when there are no overall changes * Bug tor-browser-build#26408: Make MAR signature checks clearer when creating incremental MAR files * Bug tor-browser-build#34434: Remove unused variables from rbm.conf * Bug tor-browser-build#40551: Drop go reproducibility patches * Bug tor-browser-build#40697: Delete repackage_browser.sh * Bug tor-browser-build#40698: Update locale in tbb_version.json * Bug tor-browser-build#41064: Update tools/signing/README and add a tools/signing/machines-setup/README * Bug tor-browser-build#41227: Update projects/common/list_toolchain_updates-common-firefox-geckoview to include check for binutils * Bug tor-browser-build#41434: Go updates shouldn't target all platforms until macOS is on legacy in the changelogs * Bug tor-browser-build#41444: Build artifacts to support artifact builds of Tor/Muillvad/Base Browser * Bug tor-browser-build#41448: Update toolchains for Firefox ESR 140 * Bug tor-browser-build#41459: Update taskcluster/ci paths in README and comments * Bug tor-browser-build#41465: Disable development artifacts generation by default, keep it enabled for nightly builds * Bug tor-browser-build#41474: update README to explain moat-settings project requires `jq` to be installed * Bug tor-browser-build#41478: Add vim and others missing basic tools to base container image * Bug tor-browser-build#41486: Track bundletool and osslicenses-plugin versions in list_toolchain_updates_checks * Bug tor-browser-build#41496: Clean up unused projects * Bug tor-browser-build#41501: cargo_vendor generated archive maintains timestamps * Bug tor-browser-build#41514: Remove var/build_go_lib from projects/go/config * Bug tor-browser-build#41532: Rename meek-azure to meek in pt_config.json * Bug tor-browser-build#41534: Copy geckodriver only for Linux x86-64 * Bug tor-browser-build#41537: Add script to count mar downloads from web logs * Bug tor-browser-build#41539: Update Ubuntu version used to run mmdebstrap to 24.04.3 * Bug tor-browser-build#41568: Update instructions for manually building 7zip * Bug tor-browser-build#41576: Build expert bundles outside containers * Bug tor-browser-build#41579: Add zip to the list of Tor Browser Build dependencies * Bug tor-browser-build#41594: Remove version from tor-expert-bundle and tor-expert-bundle-aar filenames * Bug tor-browser-build#41600: update lyrebird version to v0.6.2 * Bug tor-browser-build#41602: Update tools/changelog-format-blog-post * Bug rbm#40084: Always use bash for the debug terminal * Bug rbm#40087: Downloaded files getting stricter permissions than expected * Windows + macOS + Linux * Bug tor-browser#44131: Generate torrc-defaults and put it in objdir post-build * Bug tor-browser-build#41373: Remove `_ALL` from mar filenames * Bug tor-browser-build#41457: Set mar IDs as env variables in tor-browser-build * Bug tor-browser-build#41604: Keep update-responses files from previous release * Windows + Linux + Android * Updated Go to 1.24.9 * Windows * Bug tor-browser#44167: Move the nsis-uninstall.patch to tor-browser repository * macOS * Bug tor-browser-build#41503: Error 403 when downloading macOS SDK * Bug tor-browser-build#41527: Update libdmg-hfsplus and enable LZMA compression on dmgs * Bug tor-browser-build#41538: Bump macOS SDK to 15.5 * Bug tor-browser-build#41571: Work-around to prevent older 7z versions to break rcodesign. * Linux * Bug tor-browser-build#41458: Ship geckodriver only on Linux * Bug tor-browser-build#41488: Disable sys/random.h for Node.js * Bug tor-browser-build#41558: Share descriptions between Linux packages and archives * Bug tor-browser-build#41561: Ship Noto Color Emoji on Linux * Bug tor-browser-build#41569: Use var/display_name in .desktop files * Android * Bug tor-browser#43984: Update android build scripts and docs for ESR 140 * Bug tor-browser#43987: 140 Android is not reproducible * Bug tor-browser#44078: Modify ./autopublish-settings.gradle for building a-s and glean with uniffi-bindgen no-op * Bug tor-browser#44220: Disable the JS minifier as it produces invalid JS * Bug tor-browser-build#41453: Update application-services and uniffi-rs for ESR140 * Bug tor-browser-build#41467: Remove list_toolchain_updates-firefox-android from Makefile * Bug tor-browser-build#41483: geckoview_example-withGeckoBinaries-....apk doesn't exist anymore in Firefox 140 * Bug tor-browser-build#41484: Create a fork of application-services * Bug tor-browser-build#41500: Optimize tor and its dependencies for size on Android * Bug tor-browser-build#41506: Use appilcation-services branch for nightlies builds * Bug tor-browser-build#41507: Single-arch build fails because artifacts don't have arch subdirectories * Bug tor-browser-build#41523: Use custom built Glean package on Android * Bug tor-browser-build#41548: Hide tor's symbols on Android and add other linker options to save space * Bug tor-browser-build#41577: Minify JS with UglifyJS on Android x86 * Bug tor-browser-build#41583: Align tor and PTs to 16kB on Android * Bug tor-browser-build#41605: Ignore incrementals if we're not building desktop * applications * releases

Privacy technology is only as powerful as people's ability to use it. Every day, millions of people rely on Tor to protect their privacy and freedom online. But until now, finding answers to their questions meant navigating between different websites: one for the Tor Browser Manual, another for the Support portal. This fragmented experience made it harder to navigate and maintain. That's why we've been working to simplify how people find help using Tor. ### One home for all user documentation Today, we're launching the new Support portal. Everything now lives under one roof. You can now find all user-facing documentation in one place: clearer, better organized, and easier to read on both desktop and mobile. After this migration, tb-manual.torproject.org will redirect automatically to the new portal. Our goal is simple: to make sure Tor users everywhere can easily find the information they need, without jumping between different websites. And don't worry, documentation for other parts of the Tor ecosystem remains available where it belongs: * Tails documentation remains available at Tails website. * Guides for relay operators, digital security trainers, translators, and user researchers continue to live on the Community portal. ### Help us translate the new Support portal We are a global community, and it's crucial that our tools and portals are available in every language. Volunteers from all around the world help us with this translation work. Because we've restructured and updated much of the content, the new portal needs fresh translations. At the moment the Support portal is available in these languages: Spanish, Farsi, German, Turkish, Russian, Ukrainian, Hungarian, Japanese, Arabic, and Simplified Chinese. If you'd like to help make Tor documentation available in your language, please contribute through our project in Weblate. If you're new to translating Tor, follow our Becoming a Tor translator guide to get started. ### A community effort This new portal is the result of collaboration across multiple Tor teams - UX, Community, Sysadmin and the work of Sutty. Based on Tor’s designs for the new support site, Sutty built a reusable component library. This modular approach has made the system easier to maintain, extend, and adapt to future needs. This lays a strong foundation for new, future websites. > > _"This collaboration-with Tor and through working with a static site generator similar to Jekyll, which we specialize in-has also helped us refine our own tooling. In addition, working and contributing to Tor, an organization that has long inspired a vision of a more private internet, represents a proud milestone for us as a worker-owned coop."_ >> >>> _- Sutty_ We believe that privacy should be accessible to everyone. And the more people who use privacy tools, the stronger privacy becomes for all of us. Every improvement to our documentation helps more people understand, use, and trust Tor. We hope this new Support portal makes it easier for users everywhere to find the answers they need - and to feel part of a global community working for privacy and freedom online. ### Share your feedback To give feedback about the website or report an issue, you can create a ticket on GitLab. You can also reach out and chat with us on Matrix (#tor-www:matrix.org) or IRC (#tor-www on irc.oftc.net). * * * ### Donate today As a 501(c)3 nonprofit, the Tor Project relies on donations to power its tools - the Tor network, Tor Browser, Tails OS, and the Tor ecosystem. These tools are trusted by millions and always free to use, without collecting, selling, trading, or renting any of your data for profit. Make your donation today! * community * usability * announcement

Tor Browser 14.5.7 is now available from the Tor Browser download page and also from our distribution directory. This version includes important security updates to Firefox. ## Send us your feedback If you find a bug or have a suggestion for how we could improve this release, please let us know. ## Full changelog The full changelog since Tor Browser 14.5.6 is: * All Platforms * Updated OpenSSL to 3.5.2 * Bug tor-browser#44136: Backport tor-browser#44081: Swiping away the "private tabs" notification requires rebootstrapping * Bug tor-browser#44199: Backport Security Fixes from Firefox 143 * Bug tor-browser-build#41441: Backport tor-browser-build#41432: Bump OpenSSL to 3.5.0 * Bug tor-browser-build#41462: Backport #40994 and #41280: Add support in signing scripts to sign release for some archs only & Update download-android-*.json files for android-only releases * Bug tor-browser-build#41543: mmdebstrap-image fails to build bookworm images on maint-14.5 * Build System * All Platforms * Bug tor-browser-build#41554: Export SIGNING_PROJECTNAME and tbb_version in linux-signer-sign-android-apks, in maint-14.5 * applications * releases

We are very excited to present you Tails 7.0, the first version of Tails based on Debian 13 (Trixie) and GNOME 48 (Bengaluru). Tails 7.0 brings new versions of many applications included in Tails. ## Dedication Tails 7.0 is dedicated to the memory of Lunar (1982–2024). Lunar was a traveling companion for Tails, a Tor volunteer, Free Software hacker, and community organizer. Lunar has always been by our side throughout Tails' history. From the first baby steps of the project that eventually became Tails, to the merge with Tor, he's provided sensible technical suggestions, out-of-the-box product design ideas, outreach support, and caring organizational advice. Outside of Tor, Lunar worked on highly successful Free Software projects such as the Debian project, the Linux distribution on which Tails is based, and the Reproducible Builds project, which helps us verify the integrity of Tails releases. Lunar will be deeply missed, both in our community and in the many other communities he participated in. See also what other projects have written about Lunar. ## Changes and updates ### Faster startup Tails 7.0 starts 10–15 seconds faster on most computers. We achieve this by changing the compression algorithm of the Tails USB and ISO images from `xz` to `zstd`. As a consequence, the image is 10% bigger than it would be with the previous algorithm. While testing this change, we noticed that Tails on USB sticks of poor quality can also start 20 seconds slower than on quality USB sticks. If you are in a place where counterfeit electronics are common, we recommend that you buy your USB stick from an international supermarket chain, which should have a more reliable supply chain. ### Included software * Replace _GNOME Terminal_ with _GNOME Console_. * Replace _GNOME Image Viewer_ with _GNOME Loupe_. * Update _Tor Browser_ to 14.5.7. * Update the _Tor_ client to 0.4.8.17. * Update _Thunderbird_ to 128.14.0esr. * Update _Electrum_ from 4.3.4 to 4.5.8. * Update _OnionShare_ from 2.6.2 to 2.6.3. * Update _KeePassXC_ from 2.7.4 to 2.7.10. * Update _Kleopatra_ from 4:22.12 to 4:24.12 * Update _Inkscape_ from 1.2.2 to 1.4. * Update _GIMP_ from 2.10.34 to 3.0.4. * Update _Audacity_ from 3.2.4 to 3.7.3. * Update _Text Editor_ from 43.2 to 48.3. * Update _Document Scanner_ from 42.5 to 46.0. ### Changes in GNOME * Many sections of the _Settings_ utility have been redesigned, for example Accessibility, Sound, and Mouse & Keyboard in GNOME 44 Accessibility settings also include new accessibility features, such as Overamplication and Always Show Scrollbars. * The Activities button has been replaced with a dynamic workspace indicator in GNOME 45. * The Screen Reader has been improved in different ways, for example, with better table navigation and a sleep mode in GNOME 46. * A new option to perserve battery health is available in the power settings in GNOME 48. ### Removals * Remove the **Places** menu. You can access the same shortcuts from the sidebar of the _Files_ browser. * Remove _Kleopatra_ from the Favorites menu. To start _Kleopatra_ , choose **Apps ▸ Accessories ▸ Kleopatra**. * Remove `unar`. The _File Roller_ utility still opens most RAR archives. * Remove the `aircrack-ng` package. You can still install `aircrack-ng` using the Additional Software feature. * Remove the _Power Statistics_ utility. * Remove the `sq` package. * Remove the obsolete Network Connection option from the Welcome Screen. ### Hardware support * Update the _Linux_ kernel to 6.12.43. This improves support for newer hardware: graphics, Wi-Fi, and so on. * Increase the memory requirements from 2 GB of RAM to 3 GB. (#21114) Tails 7.0 displays a notification when the RAM requirements are not met. We estimate that less than 2% of users are affected. ## Fixed problems * Fix selecting the correct keyboard for certain languages. (#12638) For more details, read our changelog. ## Get Tails 7.0 ### To upgrade your Tails USB stick and keep your Persistent Storage * Automatic upgrades are only available from Tails 7.0~rc1 and 7.0~rc2 to 7.0. All other users have to do a manual upgrade. ### To install Tails 7.0 on a new USB stick Follow our installation instructions: * Install from Windows * Install from macOS * Install from Linux * Install from Debian or Ubuntu using the command line and GnuPG The Persistent Storage on the USB stick will be lost if you install instead of upgrading. ### To download only If you don't need installation or upgrade instructions, you can download Tails 7.0 directly: * For USB sticks (USB image) * For DVDs and virtual machines (ISO image) ## Support and feedback For support and feedback, visit the Support section on the Tails website. * tails * releases

Tor Browser 15.0 is now available from the Tor Browser download page and distribution directory. This is our first stable release based on Firefox ESR 140, incorporating a year's worth of changes that have been shipped upstream in Firefox. As part of this process, we've also completed our annual ESR transition audit, where we reviewed and addressed around 200 Bugzilla issues for changes in Firefox that may negatively affect the privacy and security of Tor Browser users. Our final reports from this audit are now available in the tor-browser-spec repository on our GitLab instance. The ongoing development of Tor Browser is made possible thanks to the support of our community. If Tor Browser is important to you, now is a great time to support our mission to **FREE THE INTERNET** , as all donations will be matched by Power Up Privacy through December 31, 2025. ## What's new? ### Desktop Tor Browser 15.0 inherits a multitude of useful new features and usability improvements from Firefox that have passed our audit. For desktop, these include vertical tabs: providing a more manageable, alternative layout with open and pinned tabs stacked in a sidebar rather than across the top of the window. For ease of access, Bookmarks can be retrieved directly from the sidebar when expanded too. However, regardless of whether you prefer horizontal or vertical tabs, everyone benefits from the addition of tab groups: helping you keep on top of the clutter by organizing tabs into collapsible groups that can be given names and color-coded. Tor Browser 15.0 also inherits elements of Firefox's recent address bar refresh, including a new unified search button that allows you to switch search engines on the fly, search bookmarks or tabs, and reference quick actions from the same menu. Note that Tor Browser tabs are still private tabs, and will clear when you close the browser. This enforces a kind of natural tidiness in Tor Browser since each new session starts fresh – however for privacy-conscious power users, project managers, researchers, or anyone else who accumulates tabs frighteningly quickly, we hope these organizational improvements will give you a much needed productivity boost. ### Android On Android, screen lock adds an extra layer of security to your browsing sessions. After enabling screen lock in Settings > Tabs, your tabs will lock automatically when you switch away from the browser without closing it. Upon returning to the app, you'll be prompted to unlock your tabs using your fingerprint, face, or pass code, depending on which option your device is configured to use. Like Tor Browser for Desktop, your browsing session will still be cleared when Tor Browser is closed. However, this feature provides peace of mind in a specific scenario: by ensuring that your browsing remains private even if someone has gained temporary access to your unlocked phone with Tor Browser open in the background – whether you've handed it to a friend, or left your device sitting on a table. ## What's changing? ### Updates to Android and Linux device compatibility At present, Firefox 140 and Tor Browser 15.0 support Android 5.0 or later, which was released almost 11 years ago. While Mozilla's commitment to support such an old version of Android is admirable, it introduces several technical and security challenges for developers. As a consequence, Firefox have announced their intention to increase the minimum support requirements to Android 8.0, and have also decided to drop support for x86 CPUs for Android and Linux. Sadly, it's not possible for the Tor Project to maintain support for these platforms on our own without official support from Mozilla. While these changes won't impact Tor Browser users immediately, we expect them to take effect with the release of Tor Browser 16.0 mid-next year. This means that Tor Browser 15.0 will be the last major release to support x86 for Linux and Android, in addition to Android 5.0, 6.0, and 7.0. However, we will continue to release minor updates with security fixes for these platforms until Tor Browser 16.0's eventual release. Although nobody wants to see support for their platform get dropped, it's an important step to maintain the stability and security of both Firefox and Tor Browser over time, and will allow developers to utilize newer technologies in both browsers. In addition, supporting x86 for Android has been particularly challenging for our developers due to the 100MB package size limit imposed by Google Play. While we have deployed several workarounds to stay within this limit in the recent past, these often come at a cost – such as x86 Android users missing out on the Conjure pluggable transport, for example. ### Disabling of WebAssembly now managed by NoScript WebAssembly (or Wasm) is a web technology that helps websites and web apps run faster. It allows web developers to write programs in languages like C, C++ or Rust, and compiles these into a special format that web browsers can run more efficiently. As has been suggested in this meta-analysis from 2024, further investigation of Wasm's potential exploits is necessary – therefore Wasm is currently disabled in the Safer and Safest security levels in order to reduce Tor Browser's attack surface. Up until now, this was achieved by setting the global preference `javascript.options.wasm` to false – however this approach was no longer viable after Mozilla implemented part of their PDF reader in Wasm between versions 128 and 140. Consequently, we have decided to move control of Wasm to NoScript, which is bundled with Tor Browser, and already manages JavaScript and other security features. This means that Wasm now works on privileged browser pages such as the PDF renderer, but NoScript will continue blocking the technology on regular websites at the Safer and Safest security levels. Users who have manually set `javascript.options.wasm` to "false" while in the Standard security level will see their security level represented as "Custom" instead. To mitigate any issues that may arise with the browser's PDF reader, we encourage those users to switch the preference back to "true", thereby passing management of Wasm over to NoScript. Furthermore, manually disabling Wasm at the Standard security level (either via NoScript or `javascript.options/wasm`) may also make your fingerprint more unique by deviating from Tor Browser's default configuration. To avoid this scenario, we recommend sticking with one of the pre-defined security levels and caution users against making further changes to individual preferences in about:config. Alternatively, should you wish to keep Wasm disabled in future, we invite you to increase your security level to Safer or Safest going forward. Note that both Safer and Safest users may notice `javascript.options.wasm` switch to "true" automatically as management of Wasm is passed over to and blocked by NoScript, meaning that you are still protected regardless. In addition, Safest users in particular are not vulnerable to any potential vulnerabilities introduced by Wasm since the format requires JavaScript to work. ## Known issues Tor Browser 15.0 comes with a number of known issues that can be found in Tor Browser's issue tracker. In particular, we would like to highlight the following: ### Desktop The initial release of vertical tabs in Tor Browser includes a couple of quirks: * When the sidebar is visible (such as when vertical tabs are enabled), the window may visibly resize when Tor Browser is launched. * Due to variations in window size, Letterboxing may be visible. You still get the anti-fingerprinting protections provided by Letterboxing, but the default window size will be different than intended. We are currently working to issue a fix for both of these bugs. Please see tor-browser#44096 for details. ### Android * Web pages may not load after updating Tor Browser on older versions of Android. This can be fixed by clearing your app cache manually in `Settings > Apps > Tor Browser > Storage & cache`. ## Get involved If you find a bug or have a suggestion for how we could improve this release, we'd love to hear your feedback. If you would like to contribute to a future release, please see our guide for new contributors to get started. ## Full changelog The full changelog since Tor Browser 14.5.9 is: * All Platforms * Updated NoScript to 13.2.2 * Updated Lyrebird to 0.6.2 * Bug tor-browser#19741: Opensearch (contextual search) does not obey FPI * Bug tor-browser#43009: Backport Bug 1973265 - Put WebCodecs API behind RFP Target * Bug tor-browser#43093: Refactor the patch to disable LaterRun * Bug tor-browser#43727: Update moz-toggle customisation for ESR 140 * Bug tor-browser#43745: Disable HEVC (H265) playback support * Bug tor-browser#43772: Do not use official branding for BB/TB/MB * Bug tor-browser#43784: Get confirmation from NoScript that settings are applied * Bug tor-browser#43832: Drop eslint-env * Bug tor-browser#43850: Modify the Contrast Control settings for RFP * Bug tor-browser#43853: DomainFrontedRequests: setData is no longer a function * Bug tor-browser#43864: Remove features from the unified search button * Bug tor-browser#43869: Hide pens with RFP * Bug tor-browser#43880: Update moat's domain front url * Bug tor-browser#44045: Drop AI and machine learning components * Bug tor-browser#44068: Handle migration from meek-azure to meek built-in bridge type * Bug tor-browser#44069: Update `meek-azure` related strings to `meek` * Bug tor-browser#44140: Refactored patch to prevent writing temp PDF files to disk * Bug tor-browser#44234: No images in PDF * Bug tor-browser#44275: Reduce console noise on security level guess * Bug tor-browser#44280: Test stream isolation * Bug tor-browser-build#41429: Add a note about user safety to Tor Browser Alpha blog posts * Bug tor-browser-build#41442: Update our audit CSVs to use the new Audit template * Bug tor-browser-build#41502: Application services build is failing on isNetworkAllowed() * Bug tor-browser-build#41609: Use new CDN77 fronts for snowflake * Windows + macOS + Linux * Updated Firefox to 140.4.0esr * Bug tor-browser#42025: Purple elements (e.g. Tor buttons) need dark theme variants * Bug tor-browser#42738: Tidy up the commit structure for browser updates UI * Bug tor-browser#43111: Delete our webextensions for search engines when Bug 1885953 is fixed upstream * Bug tor-browser#43519: Replace tor-loading.png with SVG * Bug tor-browser#43525: Check if our search engine customization still works after ESR 140 transition * Bug tor-browser#43590: Move letterboxing rules out of browser/base/content/browser.css * Bug tor-browser#43610: Use newer CSS variable names for ESR 140 * Bug tor-browser#43629: All migrations in migrateUIBB are run for new profiles * Bug tor-browser#43636: Tor exiting during startup with "connect automatically" leads to "Try a bridge" page * Bug tor-browser#43638: Fix up our `<command>` elements * Bug tor-browser#43664: Review Mozilla 1842832: Move the private browsing toggle to initial install dialog * Bug tor-browser#43728: Update search engine icon sizes * Bug tor-browser#43765: Temporarily disable Lox * Bug tor-browser#43766: Only save the relevant TorSettings changes to preferences. * Bug tor-browser#43770: Bugzilla 1958070: More BrowserGlue simplification/splitting * Bug tor-browser#43776: Set branding files for l10n merging * Bug tor-browser#43795: Restore the URL classifier XPCOM components. * Bug tor-browser#43817: Write e2e test for verifying if the browser is connected to the Tor network * Bug tor-browser#43844: Security level shield icon should be flipped for RTL locales * Bug tor-browser#43874: Incorporate our unified extension button hiding logic into mozilla's changes for ESR 140 * Bug tor-browser#43879: tor-branding.css declarations are overwritten * Bug tor-browser#43886: Fix new tab for ESR 140 * Bug tor-browser#43900: Open newtab rather than firefoxview when unloading the last tab * Bug tor-browser#43901: Modify about:license for Tor Browser and drop about:rights * Bug tor-browser#43902: Hide Sidebar buttons * Bug tor-browser#43903: Report broken site is disabled rather than hidden * Bug tor-browser#43905: base-browser.ftl missing from about:addons * Bug tor-browser#43906: Extension.sys.mjs change in the wrong commit * Bug tor-browser#43913: Context menu not properly populated * Bug tor-browser#43929: two about:tor pages opened after update * Bug tor-browser#43930: Onionize toggle not centre aligned in about:tor * Bug tor-browser#43947: Console error from ContentBlockingPrefs.init * Bug tor-browser#43966: Notify the user when they are in a custom security level (desktop) * Bug tor-browser#43989: Switch off AI chatbot preference * Bug tor-browser#44030: Security Level selector does not get confirmation before restarting * Bug tor-browser#44034: Update string used for checkbox on New Identity confirmation dialog * Bug tor-browser#44040: Modify nsIPrompt and the commonDialog code to allow destructive buttons * Bug tor-browser#44090: Several of our XUL pages cause a crash because of missing CSP * Bug tor-browser#44095: Rename connectionPane.xhtml and remove it from the jar * Bug tor-browser#44101: Toolbar connection status is not visible when using vertical tabs * Bug tor-browser#44106: Make sure background tasks are not used for shutdown cleanup * Bug tor-browser#44107: Switch tab search action is missing an icon * Bug tor-browser#44108: Fix the new history sidebar * Bug tor-browser#44115: Make remove all bridges dialog use a destructive red button * Bug tor-browser#44123: Do not trim protocol off of URLs ever * Bug tor-browser#44125: Do not offer to save signatures by default in Private Browsing Mode * Bug tor-browser#44141: Hide "Report broken site" items by default * Bug tor-browser#44142: Missing document_pdf.svg from our branding directories * Bug tor-browser#44145: Switch onion connection icons to use --icon-color-critical and --icon-color * Bug tor-browser#44153: Test search engine customization * Bug tor-browser#44159: Change or hide the sidebar settings description * Bug tor-browser#44177: Remove more urlbar actions * Bug tor-browser#44178: Search preservation does not work with duckduckgo in safest security level * Bug tor-browser#44180: Clear YEC 2024 preference * Bug tor-browser#44184: Duckduckgo Onion Lite search does not work properly in safest when added as a search engine * Bug tor-browser#44187: TLS session tickets leak Private Browsing mode * Bug tor-browser#44192: Hovering unloaded tab causes console error * Bug tor-browser#44213: Reduce linkability concerns of the "Search with" contextual search action * Bug tor-browser#44214: Update letterboxing to reflect changes in ESR 140 * Bug tor-browser#44215: Hide Firefox home settings in about:preferences * Bug tor-browser#44221: Backport MozBug 1984333 Bump Spoofed Processor Count * Bug tor-browser#44239: DDG HTML page and search results displayed incorrectly with Safest security setting * Bug tor-browser#44262: Disable adding search engines from HTML forms * Bug tor-browser#44270: Match Firefox's TLS fingerprint * Bug tor-browser#44279: Disable contextual search install prompt * Windows + Android * Bug tor-browser#44062: Force touch enabled on Windows and Android * Windows * Bug tor-browser#44046: Replace BASE_BROWSER_UPDATE with BASE_BROWSER_VERSION in the font visibility list * macOS * Bug tor-browser#44127: Do not show macOS Privacy hint on network error pages * Linux * Bug tor-browser#43950: Review Mozilla 1894818: Support HEVC playback on Linux * Bug tor-browser#43959: Make Noto Color Emoji the default emoji font on Linux * Bug tor-browser#44227: Some CJK characters cannot be rendered by Tor which uses the Noto font family * Bug tor-browser#44286: Hardcode GTK system font * Bug tor-browser-build#41586: Replace Noto CJK with Jigmo on Linux * Android * Updated GeckoView to 140.4.0esr * Bug tor-browser#43179: Make persistent 'private tabs' notification distinct from Firefox's * Bug tor-browser#43401: Replace the constructor of Locale with a builder * Bug tor-browser#43577: Flush settings fails on Android * Bug tor-browser#43643: Clean out unused tor connect strings * Bug tor-browser#43650: Survey banner behaves like a dialog on Android, rather than a card * Bug tor-browser#43676: Preemptively disable unified trust panel by default so we are tracking for next ESR * Bug tor-browser#43699: Dummy "about:" pages are not cleared from recently closed tabs (and possibly elsewhere) because they are normal tabs, not private tabs. * Bug tor-browser#43755: Restore functionality of "switch to tab" urlbar suggestion * Bug tor-browser#43757: Disable setting for trending search * Bug tor-browser#43826: Review Mozilla 1960122: Use `MOZ_BUILD_DATE` in Fenix build configuration * Bug tor-browser#43855: brand.properties merging on Android is broken in 140 * Bug tor-browser#43943: Review Mozilla 1928705: Ship Android Font Restrictions as part of FPP * Bug tor-browser#44021: Android settings page colors are sometimes messed up (seems to be on the first launch) * Bug tor-browser#44029: Search/url bar doesn't work on android after ESR 140 * Bug tor-browser#44036: Crash on opening "Search Settings" on android * Bug tor-browser#44042: Debug crash when opening settings too quickly after launching app * Bug tor-browser#44047: Tor Browser's home doesn't have the background at the first load on Android * Bug tor-browser#44080: Further remove "Analytics data collection and usage" * Bug tor-browser#44083: "snowflake" is lower case on Android * Bug tor-browser#44098: Bookmarks offer a way to go to sync in 15.0a1 * Bug tor-browser#44133: Hide the "Allow in private browsing" checkboxes from WebExtension management UI * Bug tor-browser#44139: Restore the (inactive) YouTube and Reddit search plugins on Android * Bug tor-browser#44172: Fix crash in TorAndroidIntegration.handleMessage() * Bug tor-browser#44196: Persistent notification sometimes does not clear * Bug tor-browser#44237: Revoke access to all advertising ids available in Android * Bug tor-browser#44293: Force immediate NoScript update checks after bootstrap * Bug tor-browser-build#41494: Update GeckoView build scripts for ESR140 * Build System * All Platforms * Bug tor-browser#43615: Add Gitlab Issue and Merge request templates * Bug tor-browser#43616: Customize Gitlab Issue and Merge templates * Bug tor-browser#43891: Update the translation CI to use the new mozilla versions * Bug tor-browser#43954: Update tb-dev to handle lightweight tags * Bug tor-browser#43962: update tb-dev auto-fixup for git 2.50 * Bug tor-browser#44061: "Contributing" link is broken * Bug tor-browser#44067: Move --enable-geckodriver only to Linux-only mozconfigs * Bug tor-browser#44103: git's export-subst is a reproducibility problem * Bug tor-browser#44104: Don't run linter when there are no overall changes * Bug tor-browser-build#26408: Make MAR signature checks clearer when creating incremental MAR files * Bug tor-browser-build#34434: Remove unused variables from rbm.conf * Bug tor-browser-build#40551: Drop go reproducibility patches * Bug tor-browser-build#40697: Delete repackage_browser.sh * Bug tor-browser-build#40698: Update locale in tbb_version.json * Bug tor-browser-build#41064: Update tools/signing/README and add a tools/signing/machines-setup/README * Bug tor-browser-build#41227: Update projects/common/list_toolchain_updates-common-firefox-geckoview to include check for binutils * Bug tor-browser-build#41434: Go updates shouldn't target all platforms until macOS is on legacy in the changelogs * Bug tor-browser-build#41444: Build artifacts to support artifact builds of Tor/Muillvad/Base Browser * Bug tor-browser-build#41448: Update toolchains for Firefox ESR 140 * Bug tor-browser-build#41459: Update taskcluster/ci paths in README and comments * Bug tor-browser-build#41465: Disable development artifacts generation by default, keep it enabled for nightly builds * Bug tor-browser-build#41474: update README to explain moat-settings project requires `jq` to be installed * Bug tor-browser-build#41478: Add vim and others missing basic tools to base container image * Bug tor-browser-build#41486: Track bundletool and osslicenses-plugin versions in list_toolchain_updates_checks * Bug tor-browser-build#41496: Clean up unused projects * Bug tor-browser-build#41501: cargo_vendor generated archive maintains timestamps * Bug tor-browser-build#41514: Remove var/build_go_lib from projects/go/config * Bug tor-browser-build#41532: Rename meek-azure to meek in pt_config.json * Bug tor-browser-build#41534: Copy geckodriver only for Linux x86-64 * Bug tor-browser-build#41537: Add script to count mar downloads from web logs * Bug tor-browser-build#41539: Update Ubuntu version used to run mmdebstrap to 24.04.3 * Bug tor-browser-build#41568: Update instructions for manually building 7zip * Bug tor-browser-build#41576: Build expert bundles outside containers * Bug tor-browser-build#41579: Add zip to the list of Tor Browser Build dependencies * Bug tor-browser-build#41594: Remove version from tor-expert-bundle and tor-expert-bundle-aar filenames * Bug tor-browser-build#41600: update lyrebird version to v0.6.2 * Bug tor-browser-build#41602: Update tools/changelog-format-blog-post * Bug rbm#40084: Always use bash for the debug terminal * Bug rbm#40087: Downloaded files getting stricter permissions than expected * Windows + macOS + Linux * Bug tor-browser#44131: Generate torrc-defaults and put it in objdir post-build * Bug tor-browser-build#41373: Remove `_ALL` from mar filenames * Bug tor-browser-build#41457: Set mar IDs as env variables in tor-browser-build * Bug tor-browser-build#41604: Keep update-responses files from previous release * Windows + Linux + Android * Updated Go to 1.24.9 * Windows * Bug tor-browser#44167: Move the nsis-uninstall.patch to tor-browser repository * macOS * Bug tor-browser-build#41503: Error 403 when downloading macOS SDK * Bug tor-browser-build#41527: Update libdmg-hfsplus and enable LZMA compression on dmgs * Bug tor-browser-build#41538: Bump macOS SDK to 15.5 * Bug tor-browser-build#41571: Work-around to prevent older 7z versions to break rcodesign. * Linux * Bug tor-browser-build#41458: Ship geckodriver only on Linux * Bug tor-browser-build#41488: Disable sys/random.h for Node.js * Bug tor-browser-build#41558: Share descriptions between Linux packages and archives * Bug tor-browser-build#41561: Ship Noto Color Emoji on Linux * Bug tor-browser-build#41569: Use var/display_name in .desktop files * Android * Bug tor-browser#43984: Update android build scripts and docs for ESR 140 * Bug tor-browser#43987: 140 Android is not reproducible * Bug tor-browser#44078: Modify ./autopublish-settings.gradle for building a-s and glean with uniffi-bindgen no-op * Bug tor-browser#44220: Disable the JS minifier as it produces invalid JS * Bug tor-browser-build#41453: Update application-services and uniffi-rs for ESR140 * Bug tor-browser-build#41467: Remove list_toolchain_updates-firefox-android from Makefile * Bug tor-browser-build#41483: geckoview_example-withGeckoBinaries-....apk doesn't exist anymore in Firefox 140 * Bug tor-browser-build#41484: Create a fork of application-services * Bug tor-browser-build#41500: Optimize tor and its dependencies for size on Android * Bug tor-browser-build#41506: Use appilcation-services branch for nightlies builds * Bug tor-browser-build#41507: Single-arch build fails because artifacts don't have arch subdirectories * Bug tor-browser-build#41523: Use custom built Glean package on Android * Bug tor-browser-build#41548: Hide tor's symbols on Android and add other linker options to save space * Bug tor-browser-build#41577: Minify JS with UglifyJS on Android x86 * Bug tor-browser-build#41583: Align tor and PTs to 16kB on Android * Bug tor-browser-build#41605: Ignore incrementals if we're not building desktop * applications * releases

Arti is our ongoing project to create a next-generation Tor implementation in Rust. We're happy to announce the latest release, Arti 1.6.0. Arti 1.6.0 brings experimental support for circuit padding, mitigations for DropMark side channel attacks, improvements to congestion control, a new `arti keys check-integrity` command, and experimental support for exporting debugging information via OpenTelemetry. It also includes behind-the-scenes work towards enabling Arti to act as a directory authority, a directory mirror, and a relay. Arti 1.6.0 increases our MSRV (Minimum Supported Rust Version) to 1.85.1, in accordance with our MSRV policy. For full details on what we've done, including API changes, and for information about many more minor and less visible changes, please see the CHANGELOG. For more information on using Arti, see our top-level README, and the documentation for the `arti` binary. Thanks to everybody who's contributed to this release, including 5225225, Aiden McClelland, disha, hashcatHitman, hjrgrn, Niel Duysters, Tobias Pulls, Tobias Stoeckmann, and trinity-1686a. Also, our deep thanks to our sponsors for funding the development of Arti! * announcements * releases

Tor Browser 15.0a3 is now available from the Tor Browser download page and also from our distribution directory. This version includes important security updates to Firefox. ## Send us your feedback If you find a bug or have a suggestion for how we could improve this release, please let us know. ⚠️ **Reminder** : Tor Browser Alpha release channel is for testing only. If you are at risk or need strong anonymity, stick with the stable release channel. ## Full changelog The full changelog since Tor Browser 15.0a2 is: * All Platforms * Updated Tor to 0.4.9.3-alpha * Updated OpenSSL to 3.5.3 * Bug tor-browser#43009: Backport Bug 1973265 - Put WebCodecs API behind RFP Target * Bug tor-browser#43093: Refactor the patch to disable LaterRun * Bug meta#43745: Review Mozilla 1842838: HEVC (H265) playback related bugs. See the support status on the User Story. [tor-browser] * Bug tor-browser#44032: Implement YEC 2025 Takeover for Desktop Stable * Bug tor-browser#44199: Backport Security Fixes from Firefox 143 * Bug tor-browser-build#41429: Add a note about user safety to Tor Browser Alpha blog posts * Bug tor-browser-build#41563: Do not copy Noto Color Emoji on Windows * Windows + macOS + Linux * Updated Firefox to 140.3.0esr * Bug tor-browser#42025: Purple elements (e.g. Tor buttons) need dark theme variants * Bug tor-browser#43664: Review Mozilla 1842832: Move the private browsing toggle to initial install dialog * Bug tor-browser#43770: Bugzilla 1958070: More BrowserGlue simplification/splitting * Bug tor-browser#43966: Notify the user when they are in a custom security level (desktop) * Bug tor-browser#44142: Missing document_pdf.svg from our branding directories * Bug tor-browser#44145: Switch onion connection icons to use --icon-color-critical and --icon-color * Bug tor-browser#44180: Clear YEC 2024 preference * Linux * Bug tor-browser#43950: Review Mozilla 1894818: Support HEVC playback on Linux * Bug tor-browser#43959: Make Noto Color Emoji the default emoji font on Linux * Android * Updated GeckoView to 140.3.0esr * Bug tor-browser#43755: Restore functionality of "switch to tab" urlbar suggestion * Bug tor-browser#43943: Review Mozilla 1928705: Ship Android Font Restrictions as part of FPP * Bug tor-browser#44172: Fix crash in TorAndroidIntegration.handleMessage() * Build System * All Platforms * Bug tor-browser-build#41064: Update tools/signing/README and add a tools/signing/machines-setup/README * Bug tor-browser-build#41474: update README to explain moat-settings project requires `jq` to be installed * Windows + Linux + Android * Updated Go to 1.24.7 * Linux * Bug tor-browser-build#41561: Ship Noto Color Emoji on Linux * applications * releases

Tor Browser 14.5.9 is now available from the Tor Browser download page and also from our distribution directory. This is a minor update fixing a bug with our Year End Campaign takeover on Tor Browser Android. ## Send us your feedback If you find a bug or have a suggestion for how we could improve this release, please let us know. ## Full changelog The full changelog since Tor Browser 14.5.8 is: * Android * Bug tor-browser#44263: YEC does not display on Tor Browser 14.5.8 Android * applications * releases

Tor Browser 14.5.8 is now available from the Tor Browser download page and also from our distribution directory. This version includes important security updates to Firefox. ## Send us your feedback If you find a bug or have a suggestion for how we could improve this release, please let us know. ## Full changelog The full changelog since Tor Browser 14.5.7 is: * All Platforms * Updated Tor to 0.4.8.19 * Updated OpenSSL to 3.5.4 * Bug tor-browser#44239: DDG HTML page and search results displayed incorrectly with Safest security setting * Bug tor-browser#44240: Typo on dom.security.https_first_add_exception_on_failure * Bug tor-browser#44244: Backport Security Fixes from Firefox 144 * Bug tor-browser-build#41574: Update Snowflake builtin bridge lines * Windows + macOS + Linux * Bug tor-browser#44032: Implement YEC 2025 Takeover for Desktop Stable * Android * Bug tor-browser#44031: Implement YEC 2025 Takeover for Android Stable * applications * releases

Is the internet today the internet you want for future generations? What if instead of for-profit greed, rampant privacy violations, and pervasive government spying, we could have a different relationship with the internet? What if we could FREE THE INTERNET from the chains of surveillance and censorship? At the Tor Project, along with our incredible community of supporters, we're not just imagining a free internet — **we're building it** : * In countries like Turkmenistan where access to information is tightly controlled, Turkmen.news trusts Tor to provide safe access to the free internet where it once did not exist. * Freedom of the Press Foundation uses Tor as the backbone of SecureDrop, a tool that allows journalists and sources to communicate freely without fear of retaliation or exposure. * In Russia and Egypt, where authorities often block encrypted tools to control communications, individuals use Tor Browser to access encrypted email services like Tuta Mail to freely communicate. Tor is a building block for a free internet, and it takes our collective efforts to improve and amplify it. That’s why during the next three months, the Tor Project will be holding a fundraising campaign during which we ask for your support to advance digital freedom. As a 501(c)3 nonprofit, the Tor Project relies on donations to power its tools – the Tor network, Tor Browser, Tails OS, and the Tor ecosystem. These tools are trusted by millions and always **free** to use, without collecting, selling, trading, or renting any of your data for profit. This year we are calling to **FREE THE INTERNET** by supporting Tor. If you give now during the campaign, your donation will be matched by our supporters at Power Up Privacy. This means a $25 donation will have a $50 impact – and all donations over $25 will qualify you for fun Tor merchandise. 👀 In the 2023-2024 fiscal year, 84% of our expenses were associated with program services. That means that a very significant portion of our budget goes directly into building Tor and making it better. Those program services include building Tor technology, conducting outreach, and keeping Tor tools up-to-date and secure. We are proud to have a Four-Star Charity rating from Charity Navigator, and have been awarded Candid’s Platinum Seal of Transparency. This demonstrates the Tor Project’s commitment to openness and honesty in how the organization manages its finances and uses your investment for a greater impact. Join us in being defiant against profit-driven tech tools and keeping Tor tools FREE, private, and accessible. Your support today helps build a better internet for tomorrow. * * * To learn more about how Tor is freeing the internet from surveillance and censorship, and how we are putting charitable donations to work, please tune into our annual _State of the Onion_ virtual event to learn more. Save these dates and make your donation today! # Upcoming events * **State of the Onion – the Tor Project (Wednesday, November 12)** * The State of the Onion is the Tor Project's annual virtual event where we share updates from the Tor Project and the Tor community. The event on November 12 will focus on the Tor Project and the organization’s work. * 📺 Stream live on our YouTube channel * **State of the Onion – Community (Wednesday, December 10)** * The State of the Onion is the Tor Project's annual virtual event where we share updates from the Tor Project and the Tor community. The event on December 10 will be a special day celebrating the UN’s adoption and proclamation of the Universal Declaration of Human Rights (UDHR) in 1948 as well. * 📺 Stream live on our YouTube channel # Ways to contribute * **Make a donation** : Donate through our website (or any other method listed on our FAQ and your donation will be matched, 1:1, up to $250,000. * **Ask the company you work for if they will match your donation** : Many corporations will match their employees’ donations to charitable organizations. Ask at work if your company will match your gift. * **Share on social media** : Let the people in your networks know that all donations to the Tor Project are currently being matched. You can easily share a post from our social channels: Mastodon, Bluesky, X, and more. * **Subscribe to Tor News** : No ads. No tracking. Just low-traffic Tor updates via email. * * * # 1:1 Match provided by Power Up Privacy Power Up Privacy is matching all donations to the Tor Project between now and December 31, 2025. Power Up Privacy is an advocacy group that funds privacy-related research and development projects. They seek to make maximum impact by identifying key, underfunded areas in the privacy software ecosystem and injecting resources, financial and otherwise, in order to strengthen the necessary infrastructure we need to preserve freedom and human rights.

## Changes and updates * Change the home page of _Tor Browser_ in Tails to an _offline_ page, very similar to the home page of _Tor Browser_ outside of Tails, instead of an _online_ page from our website. * Improve the message when an administration password is required to open an application but no administration password was set in the Welcome Screen. * Update _Tor Browser_ to 14.5.8. * Update the _Tor_ client to 0.4.8.19. * Update _Thunderbird_ to 140.3.0. * Remove the package `ifupdown`. ## Fixed problems * Hide the message "_Your connection to Tor is not being managed by Tor Browser_ " in new tabs of _Tor Browser_. (#21215) For more details, read our changelog. ## Get Tails 7.1 ### To upgrade your Tails USB stick and keep your Persistent Storage * Automatic upgrades are available from Tails 7.0 or later to 7.1. * If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade. ### To install Tails 7.1 on a new USB stick Follow our installation instructions: * Install from Windows * Install from macOS * Install from Linux * Install from Debian or Ubuntu using the command line and GnuPG The Persistent Storage on the USB stick will be lost if you install instead of upgrading. ### To download only If you don't need installation or upgrade instructions, you can download Tails 7.1 directly: * For USB sticks (USB image) * For DVDs and virtual machines (ISO image) ## Support and feedback For support and feedback, visit the Support section on the Tails website. * tails * releases