AFIK it's a "fork" of the tor-browser (which is a fork of Firefox) but instead o...

rtpg · on April 3, 2023

Does the tor browser fork stay up to date quickly? I would be quite worried about stale browsers in this day and age, to an extent at least

notpushkin · on April 3, 2023

I believe Tor is collaborating with Mozilla very closely, to the point that Mozilla includes patches from Tor Browser now: https://wiki.mozilla.org/Security/Tor_Uplift

JoachimS · on April 3, 2023

And Mullvad is a Tor project sponsor.

notRobot · on April 3, 2023

And Mozilla's partner for the Mozilla VPN.

seanw444 · on April 3, 2023

Dang, it's a tight-knit group.

l8rlump · on April 4, 2023

I recently discovered the useful Firefox about:config setting “resistfingerprinting”, which I believe came from this collaboration.

cpeterso · on April 4, 2023

Yes, but beware that many websites are broken when “resistFingerprinting” is enabled. That’s why that mode is not enabled by default or an opt-in option in Firefox’s settings UI.

notpushkin · on April 4, 2023

I've ran into a couple ones that have some canvas-based features that break when resistFingerprinting is on. They get some visible noise added on top (which does indeed thwart fingerprinting, but also makes it harder / weirder to use those features).

l8rlump · on April 5, 2023

I believe you can turn off the canvas-based meddling per-site. There's a small icon that appears on the left of the URL input box on affected sites that allows you to do this.

cpeterso · on April 4, 2023

The Tor desktop browser is based on Firefox ESR (Extended Support Release), Mozilla’s LTS branch of Firefox that receives security fixes for 14 months. The Tor Android browser is based on Mozilla’s regular Firefox Android browser, updated every four weeks.

brnt · on April 3, 2023

Yes. They are aware that this is one attack vector they need to protect their users against.

pabs3 · on April 3, 2023

Tor Browser updates often come the same day as Mozilla releases, sometimes a bit longer.