Questa nuova versione si basa sulle funzionalità introdotte in Tor Browser 10.5 per migliorare l'esperienza utente nel connettersi a Tor da regioni fortemente censurate.

Novità

Tor Browser 11.5

Rilevazione e aggiramento automatici della censura

L'anno scorso abbiamo cominciato la revisione dell'esperienza utente nel connettersi a Tor con Tor Browser 10.5, rimuovendo l'avviatore di Tor e integrando la procedura di connessione nella finestra del browser. Però aggirare la censura della rete Tor stessa era rimasto un processo manuale e poco chiaro, che richiedeva agli utenti di addentrarsi nelle impostazioni della rete Tor e capire come attivare un bridge per sbloccare Tor da soli. In più, la censura di Tor non è uniforme: il fatto che un certo trasporto collegabile o configurazione dei bridge funzioni in un paese non significa che funzioni altrove.

Perciò, il peso di capire che opzione scegliere veniva scaricato sugli utenti censurati (già sottoposti a una notevole pressione), risultando in tentativi, errori, e frustrazione. In collaborazione con il team Anti-Censura del Tor Project, abbiamo cercato di ridurre questo fardello con l'introduzione dell'Assistente di Connessione: una nuova funzionalità che quando richiesto imposterà la configurazione dei bridge che pensiamo funzionerà meglio nella tua regione per te.

Assistente di Connessione

Connection Assist works by looking up and downloading an up-to-date list of country-specific options to try using your location (with your consent). It manages to do so without needing to connect to the Tor Network first by utilizing moat – the same domain-fronting tool that Tor Browser uses to request a bridge from torproject.org.

While Connection Assist has reached the milestone of its first stable release, this is only version 1.0, and your feedback will be invaluable to help us improve its user experience in future releases. Users from countries where the Tor Network may be blocked (such as Belarus, China, Russia and Turkmenistan) can test the most recent iteration of this feature by volunteering as an alpha tester, and reporting your findings on the Tor forum.

Redesigned Tor Network settings

Connection settings

We hope that the majority of our users living under extreme censorship will be able to connect to Tor at the press of a button, thanks to Connection Assist. However we know there will always be exceptions to that, and there are many users who prefer to configure their connection manually as well.

That's why we've invested time redesigning Tor Network settings too – featuring:

  • A brand new name: Tor Network settings is now called Connection settings. This change is intended to clarify exactly what settings you can find within this tab.
  • Connection statuses: Your last known connection status can now be found at the top of the tab, including the option to test your Internet connection without Tor, using moat, to help you untangle the source of your connection woes.
  • Streamlined bridge options: Gone is the long list of fields and options. Each method to add a new bridge has been tidied away into individual dialog menus, which will help support further improvements to come.
  • Connection Assist: When Tor Browser's connection to the Tor Network isn't reachable due to suspected censorship, an additional option to select a bridge automatically becomes available.
  • Brand-new bridge cards: Bridges used to be almost invisible, even when configured. Now, your saved bridges appear in a handy stack of bridge cards – including new options for sharing bridges too.

Bridge card diagram

This is the anatomy of a bridge card when expanded. In addition to copying and sharing the bridge line, each bridge also comes with a unique QR code that will be readable by Tor Browser for Android (and hopefully other Tor-powered apps too) in a future release – helping facilitate the transfer of a working bridge from desktop to mobile.

When you have multiple bridges configured the cards will collapse into a stack – each of which can be expanded again with a click. And when connected, Tor Browser will let you know which bridge it's currently using with the purple "✔ Connected" pill. To help differentiate between your bridges without needing to compare long, unfriendly bridge lines, we've introduced bridge-moji: a short, four emoji visualization you can use to identify the right bridge at a glance.

Lastly, help links within Connection settings now work offline. To recap – there are two types of help links in Tor Browser's settings: those that point to support.mozilla.org, and those that point to tb-manual.torproject.org (i.e. the Tor Browser Manual). However, since web-based links aren't very useful when you're troubleshooting connection issues with Tor Browser, the manual is now bundled in Tor Browser 11.5 and is available offline. In addition to the help links within Tor Browser's settings, the manual can be accessed via the Application Menu > Help > Tor Browser Manual, and by entering "about:manual" into your browser's address bar too.

HTTPS-Only Mode, by default

Modalità HTTPS-Only

HTTPS-Everywhere era una delle due estensioni che prima venivano incluse in Tor Browser, e ha avuto un'illustre carriera nel proteggere i nostri utenti promuovendo automaticamente le loro connessioni a HTTPS ogni volta fosse possibile. Ora HTTPS è davvero ovunque e tutti i browser più diffusi includono nativamente la possibilità di promuovere in automatico le connessioni a HTTPS. Firefox, il browser su cui Tor Browser è basato, chiama questa funzionalità Modalità HTTPS-Only.

A partire da Tor Browser 11.5, HTTPS-Only sarà attivato in maniera predefinita su desktop e HTTPS-Everywhere non sarà più distribuito con Tor Browser.

Perché ora? Le ricerche condotte da Mozilla indicano che il numero di pagine insicure visitate dall'utente medio è molto basso, risultando in un disagio per l'esperienza utente limitato. In aggiunta, questo cambiamento proteggerà i nostri utenti da attacchi di SSL strip da parte degli exit relay malevoli e ridurrà fortemente gli incentivi ad avviare exit relay solo per condurre attacchi man in the middle.

You may or may not know that HTTPS-Everywhere also served a second purpose in Tor Browser, and was partly responsible for making SecureDrop's human-readable onion names work. Well, SecureDrop users can rest assured that we've patched Tor Browser to ensure that human-readable onion names still work in HTTPS-Everywhere's absence.

Note: Unlike desktop, Tor Browser for Android will continue to use HTTPS-Everywhere in the short term. Please see our separate update about Android below.

Improved font support

Improved fonts

One of Tor Browser's many fingerprinting defenses includes protection against font enumeration – whereby an adversary can fingerprint you using the fonts installed on your system. To counter this, Tor Browser ships with a standardized bundle of fonts to use in place of those installed on your system. However some writing scripts did not render correctly, while others had no font available in Tor Browser at all.

To solve this issue and expand the number of writing systems supported by Tor Browser, we've bundled many more fonts from the Noto family in this release. Naturally, we have to find a balance between the number of fonts Tor Browser supports without increasing the size of the installer too much, which is something we're very conscious of. So if you spot a language whose characters don't render correctly in Tor Browser, please let us know!

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know. Thanks to all of the teams across Tor, and the many volunteers, who contributed to this release.

Hai bisogno di aiuto?

See our community FAQ's

Visit Support

Mettiti in contatto

Chatta con noi dal vivo!

Join us on IRC