After three months of testing, the browser bundle commonly used to access Bitcoin “dark net market” sites has been updated to a stable 5.0.
The update completely re-based the Tor Browser bundle on top of Firefox 38.2.0 ESR from 31.8.0 ESR. Due to the massive re-base, Firefox security updates, HTML5 video support, and many other browser improvements are included in the release. The update also includes new bundle specific features, including background updates and security defenses against keystroke fingerprinting and other timing-based fingerprinting.
As expected with such an ambitious update, it’s not without issues. Due to the Tor network architecture, it’s generally recommended users update to the latest version to limit identifiers which may single out users. Most new bugs and features have simple workarounds which allow most users to update without worry.
Users who set the “high” security setting will notice the revamped Firefox options menu is entirely unresponsive. As a workaround, users may restore the old menu interface by going to “about:config” in the address bar, double clicking “browser.preferences.inContent,” and restarting the browser.
Ip-check.info, a popular online anonymity test, reports the browser profile differs from the recommended profile. This report is not a bug, and is due to the Firefox update. The new browser reports it’s version as “Firefox/38.0,” not “Firefox/31.0” as expected. When ip-check.info updates their anonymity test, the new release will test as expected.
Despite the recommendations in favor of automatic background updating, many advanced users prefer to verify browser bundle releases themselves. To disable background updates, go to “about:config” in the address bar, double click “app.update.auto,” and restart the browser.
A complete changelog is available on the Tor Browser blog. The release may be obtained from the Tor Browser Project page.