In early July, the Tor Browser team released 4.5.3[1] and 5.0a3[2], and spent the remainder of the month preparing 5.0a4[3] (our final alpha before the switch to Firefox 38-ESR on August 11th).
The changes in 4.5.3 and 5.0a3 were covered in our June status report. The 5.0a4 release features updates to Tor, OpenSSL, HTTPS-Everywhere, and NoScript. It additionally features an experimental font fingerprinting defense[4] that ships a complete multilingual set of fonts (the Google Noto set[5]) in order to reduce the tracking potential from font-based fingerprinting. Based on initial tests with 5.0a4, however, we will likely opt to omit this defense from 5.0-stable, as it still requires more tweaking for proper font rendering, especially on Linux[6]. The release also featured some additional third party tracking defenses[7,8,9], as well as some UI improvements[10,11], a site breakage fix[12], and a crash fix[13]. The 5.0a4 release and the 5.0-stable release will also download updates automatically in the background[14,15], before informing the user that an update is available. We also attended the HTTP Workshop[16] at the end of the month, to discuss current state storage issues with HTTP/2, a wishlist for TLS 1.3, and our thoughts on QUIC[17]. The group was overall very welcoming and appreciative of our concerns, and we're hopeful that bringing our perspective of privacy and anonymity to this group will be helpful both for future standards, and for ensuring that we have more eyes than just ours looking out for statekeeping issues related to the HTTP, TLS, and transport layer. The full list of tickets closed by the Tor Browser team in July can be seen using the TorBrowserTeam201507 tag on our bug tracker[18]. In early August, we will fix the major remaining known issues with 5.0[19] and Firefox 38 for our release of 5.0-stable on August 11th. Following this release, we will focus on improvements to our fingerprinting defenses, finish auditing and possibly enabling new features (such as HTTP/2), and deal with any issues uncovered during the 5.0-stable launch. The full list of tickets that the Tor Browser team plans to work on in August can be seen using the TorBrowserTeam201508 tag on our bug tracker[20]. 1. https://blog.torproject.org/blog/tor-browser-453-released 2. https://blog.torproject.org/blog/tor-browser-50a3-released 3. https://blog.torproject.org/blog/tor-browser-50a4-released 4. https://trac.torproject.org/projects/tor/ticket/13313 5. https://en.wikipedia.org/wiki/Noto_fonts 6. https://trac.torproject.org/projects/tor/ticket/16672 7. https://trac.torproject.org/projects/tor/ticket/16429 8. https://trac.torproject.org/projects/tor/ticket/15703 9. https://trac.torproject.org/projects/tor/ticket/16625 10. https://trac.torproject.org/projects/tor/ticket/16268 11. https://trac.torproject.org/projects/tor/ticket/16488 12. https://trac.torproject.org/projects/tor/ticket/16528 13. https://trac.torproject.org/projects/tor/ticket/16495 14. https://trac.torproject.org/projects/tor/ticket/16639 15. https://trac.torproject.org/projects/tor/ticket/16632 16. https://httpworkshop.github.io/ 17. https://gitweb.torproject.org/tor-browser-spec.git/plain/position-papers/HTTP3/2015HTTPWorkshop-slides.pdf 18. https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201507 19. https://trac.torproject.org/projects/tor/query?keywords=~tbb-5.0&status=!closed 20. https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201508 -- Mike Perry
signature.asc
Description: Digital signature
_______________________________________________ tor-reports mailing list tor-reports@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-reports