Saturday13 August 2022

TOR releases version 5.5 of the TOR Browser Bundle; bug fixes galore

Reading time is around minutes.

Tor has pushed out a new version of its privacy enhancing Tor Browser Bundle. We are up to 5.5 now and, according to the Tor Project it is a full stable release. The update fixes a laundry list of bugs and also covers some usability issues that have been plaguing the software for some time. One interesting note is that they are finally working on blocking ways of fingerprinting users through different mechanisms (resolution, keyboard type etc.).

All of the changes are needed and will be appreciated by any user of TOR. The problem is that most of these fixes deal with userland problems. Hardware or system spec fingerprinting is not an uncommon method for tracking someone through TOR-Land, but as we saw in 2015 it is being replaced by even simpler unmasking techniques. Including one that has been around for quite a while (exit timing).

We had honestly expected TOR to have bundled in a little more traffic obfuscation by now (especially given that they worked on it for a side project). Hiding the traffic type from the client to the entry node can help to limit the exposure to surveillance. Now, if they are already watching your IP then you are pretty much screwed. Between Flow monitoring, packet timing and even policy based routing (to push your traffic to their entry point) you are pretty much screwed.

If you do use TOR then you should go ahead and grab this new release. If not, well here is your chance to try it out. Just remember that nothing will protect you 100%, there are far too many variables out there that can allow a determined (or skilled) hunter to find you and unmask you and; that is just the way it is.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.