Versie 4.0 is uitgekomen van de Tor Browser Bundle. Tor staat voor The Onion Router en is een netwerk dat gebruikt kan worden om anoniem over het internet te surfen. Al het tcp-verkeer van gebruikers wordt langs verschillende Tor-routers geleid, waarna het voor de ontvanger niet meer mogelijk is om na te gaan wie de oorspronkelijke verzender was. Binnen het Tor-netwerk is die informatie nog wel aanwezig, zodat antwoorden - uiteraard ook weer via het stelsel van routers - uiteindelijk weer op de juiste plek aankomen. De release notes voor deze uitgave kunnen hieronder worden gevonden.
Tor Browser 4.0 is releasedThe first release of the 4.0 series is available from the Tor Browser Project page and also from our distribution directory. This release features important security updates to Firefox. Additionally, due to the POODLE attack, we have also disabled SSLv3 in this release. The primary user-facing change since the 3.6 series is the transition to Firefox 31-ESR.
More importantly for censored users who were using 3.6, the 4.0 series also features the addition of three versions of the meek pluggable transport. In fact, we believe that both meek-amazon and meek-azure will work in China today, without the need to obtain bridge addresses.
This release also features an in-browser updater, and a completely reorganized bundle directory structure to make this updater possible. This means that simply extracting a 4.0 Tor Browser over a 3.6.6 Tor Browser will not work. Please also be aware that the security of the updater depends on the specific CA that issued the www.torproject.org HTTPS certificate (Digicert), and so it still must be activated manually through the Help ("?") "about browser" menu option. Very soon, we will support both strong HTTPS site-specific certificate pinning (ticket #11955) and update package signatures (ticket #13379). Until then, we do not recommend using this updater if you need stronger security and normally verify GPG signatures.
There are also a couple behavioral changes relating to NoScript since 3.6. In particular, by default it now enforces script enable/disable for all sub-elements of a page, so you only need to enable scripts once for a page to work, rather than enabling many sub-scripts. This will hopefully make it possible for more people to use the "High Security" setting in our upcoming Security Slider, which will have Javascript disabled globally via NoScript by default. While we do not recommend per-element whitelisting due to fingerprinting, users who insist on keeping this functionality may wish to check out RequestPolicy.
Note to MacOS users: We intend to deprecate 32bit OSX bundles very soon. If you are still using 32bit OSX 10.6, you soon will need to either update your OS to a later version, or begin using the Tails live operating system.
:strip_exif()/i/2005915840.png?f=thumbmedium)
:strip_icc():strip_exif()/u/370538/crop5ed0d9cf254d3_cropped.jpeg?f=community){kind=small}
:strip_icc():strip_exif()/u/140070/kalief.jpg?f=community){kind=small}