1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-11-27 14:12:09 +00:00
seirdy.one/content/notes/state-of-the-tor-uplift.md
2022-11-22 19:15:34 -08:00

2.3 KiB

title date syndicatedCopies
State of the Tor Uplift 2022-09-19T20:15:05-07:00
title url
The Fediverse https://pleroma.envs.net/notice/ANk750WNh4ufFOK3FI

Currently, the Tor Browser is based on Firefox Extended Support Release (ESR); it lags behind stable releases by up to and only receives the subset of security backports deemed to be a high-enough priority.

The Tor Uplift project is an initiative to upstream all the Tor Browser's patches into Firefox. Its goal is to make re-basing the Tor browser patches easy enough for the Tor Browser to track Firefox's stable release channel. The Tor Uplift has been in progress for , with several of the Tor Browser's biggest modifications successfully upstreamed (first-party isolation, fingerprinting resistance, and more robust proxy support).

On , Firefox 102 ESR was released. Today, on , Firefox 91 ESR will lose support. That gave a window of about three months (the duration of three Firefox stable releases) to re-base Tor Browser patches.

The first stable release of the Tor Browser based on 102 ESR hasn't yet shipped (it's close; an alpha version is available). Seven years into the Tor uplift, the Tor Project isn't able to keep up with the Firefox ESR release calendar. I don't think the Tor Uplift will succeed at getting the Tor Browser to track Firefox's stable channel; at best, it's keeping the Tor Browser from falling too far behind ESR.

Update : Almost since Firefox 102 became the latest ESR, over since Firefox 91 ESR reached end-of-life, the latest stable Tor Browser release (11.5.7) is still based on Firefox 91 ESR. Five CVEs fixes from v102 were backported. It's reasonable to assume that v91 has issues of its own that won't be addressed. Until the v102-based 12.x hits stable: if you don't use "safest", you might want to re-consider that with this information in mind.