New Alpha Release: Tor Browser 16.0a2
Tor Browser 16.0a2 is now available from the Tor Browser download page and also from our distribution directory.
This version includes important security updates to Firefox.
⚠️ Reminder: The Tor Browser Alpha release-channel is for testing only. As such, Tor Browser Alpha is not intended for general use because it is more likely to include bugs affecting usability, security, and privacy.
Moreover, Tor Browser Alphas are now based on Firefox's betas. Please read more about this important change in the Future of Tor Browser Alpha blog post.
If you are an at-risk user, require strong anonymity, or just want a reliably-working browser, please stick with the stable release channel.
Finally, we would like to thank the following community members for their contributions this release:
- NoisyCoil for their fixes for tor-browser-build#41706
If you would like to contribute, our contributor guide can be found here.
Catching up With Rapid-Release
Over the past few months we have been sprinting to catch Tor Browser Alpha up with Firefox Rapid-Release. Tor Browser Alpha is now based on Firefox 147 and the rebase to Firefox 148 is now underway. We also have a massive head-start on our bugzilla triage and have already flagged dozens of upstream patches which we will need to investigate further for ESR 153.
Unfortunately (though somewhat expectedly), all this progress has introduced some bugs and blockers.
🤖 Android APK Too Big
The upstream changes from Firefox pushed us over the approximate 100 MB size limit imposed by the Google Play Store on our Android packages. To trim off some more bytes and get us under the threshold we back-ported usage of the terser JavaScript minifier (to reduce the size of the JavaScript source) and we now conditionally compile out preferences for unrelated platforms (i.e. we no longer ship preferences on Tor Browser Android which only affect Desktop).
This issue has been resolved in tor-browser-build#41688.
🛑 Websites Failed to Load
In Tor Browser 16.0a1 we discovered an intermittent issue where websites would fail to load after bootstrapping. This has a resulted in the browser being essentially unusable for a significant number of testers.
The proximal cause for this that the NoScript extension would be put to sleep and unable to respond to requests made by the browser content process. Our engineers discovered this seems to have been fallout over upstream changes around how WebExtensions interact with the browser in permanent private-browsing mode. For now, we have worked-around this bug with patches to both NoScript and Tor Browser. When we know more, we will open an issue upstream with Mozilla.
This issue has been resolved in tor-browser#44398.
Send us your feedback
If you find a bug or have a suggestion for how we could improve this release, please let us know.
Full changelog
The full changelog since Tor Browser 16.0a1 is:
- All Platforms
- Updated NoScript to 13.5.11.90301984
- Updated Tor to 0.4.9.4-rc
- Updated OpenSSL to 3.5.5
- Bug tor-browser#44303: Extension update job might never work on Android
- Bug tor-browser#44416: Rebase alpha onto 147
- Bug tor-browser#44420: Drop "rights" from components.conf
- Bug tor-browser#44482: Script execution in Safest mode via data URI navigation
- Bug tor-browser#44492: Fix python linting warnings in our test files
- Bug tor-browser#44580: Registers noscript to check for updates on first run
- Bug tor-browser-build#41676: Update toolchains for Firefox 147
- Windows + macOS + Linux
- Updated Firefox to 147.0a1
- Bug tor-browser#44289: RFPHelper console error when
--toolbar-field-coloris set toinherit - Bug tor-browser#44343: Hide the default browser settings again after MozBug 1969949
- Bug tor-browser#44460: Payment methods and addresses setting headings are visible in settings
- Bug tor-browser#44522: Move common changes to about dialog to base-browser
- Bug tor-browser#44535: Letterboxing background colour is no longer used
- Bug tor-browser#44554: Unlabeled AI item in tab context menu in 147
- Linux
- Bug tor-browser#44410: Use system's size for UI font on Linux
- Android
- Updated GeckoView to 147.0a1
- Bug tor-browser#44398: Unable to load websites after a short amount of time on Android
- Bug tor-browser#44469: Fix branding on Android RR
- Bug tor-browser#44507: Drop the dependency on Sentry
- Bug tor-browser#44523: New circuit seems to have disappeared from 147 on Android
- Bug tor-browser#44532: Backport Bug 1967968: Minify the pdf.js code in order to improve the loading performance
- Bug tor-browser#44533: Update NoScript to the version bundled with the browser on Android
- Bug tor-browser#44591: TBA Alpha fails to initialize WebExtensions
- Build System
- All Platforms
- Bug tor-browser#44452: Improve tb-dev range-diff and diff-diff
- Bug tor-browser#44498: Update translations CI to account for 1.0 version gap between alpha and stable
- Bug tor-browser-build#41535: Update macOS and Windows containers to Debian trixie
- Bug tor-browser-build#41664: Investigate and fix issue with unexpected build_id changes
- Bug tor-browser-build#41668: Build mozharness.zip when building dev artifacts
- Bug tor-browser-build#41671: Update tools/signing/linux-signer-sign-android-apks to check for v3 signatures instead of v1
- Bug tor-browser-build#41678: Consider set -u and maybe set -o pipefail
- Bug tor-browser-build#41682: relprep.py should fail when a GitHub release is not found
- Bug tor-browser-build#41685: Add henry to list of taggers in relevant projects.
- Bug tor-browser-build#41687: Add single
make list_toolchain_updatescommand to list all toolchain updates - Bug tor-browser-build#41691: Update Lyrebird to v0.8.1
- Bug tor-browser-build#41705: Remove unnecessary workaround in projects/go/build
- Bug tor-browser-build#41707: firefox-l10n fails to build with
fetch_locale: 1: set: Illegal option -o pipefail - Bug tor-browser-build#41708: relprep.py fails to update extensions when out/browser does not exist
- Bug rbm#40095: cached checksums should not be used for input files when refresh_input is enabled
- Bug rbm#40096:
container extractis showing confusing error when target directory already exists - Bug rbm#40100: The GZIP variable makes set -u fail
- Windows + macOS + Linux
- Bug tor-browser-build#41427: Drop the openURL property from the update
- Windows + Linux + Android
- Updated Go to 1.25.6
- Linux
- Bug tor-browser-build#41706: Bump glibc to v2.28 in the linux cross-toolchain (aarch64)
- Android
- Bug tor-browser#44508: Drop clearkey also on Android
- Bug tor-browser-build#32200: only include required bits of OpenSSL in Android builds
- Bug tor-browser-build#41679: Android tor-expert-bundle archives missing version in filename
- Bug tor-browser-build#41684: Use only the NDK as var/compiler on Android
- Bug tor-browser-build#41688: 147 nightlies exceed the Play Store threshold
- Bug tor-browser-build#41699: Delete prefs specific to other architectures in omni.ja
- Bug tor-browser-build#41702: Replace uglifyjs with terser
- All Platforms
Comments
We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the moderators. Please do not comment as a way to receive support or to report bugs on a post unrelated to a release. If you are looking for support, please see our FAQ, user support forum or ways to get in touch with us.