tor package urgently needs update to v0.4.6.8 due to Tor Browser 11 stable fingerprintability

Today’s Tor Browser 11 stable release bundles tor v0.4.6.8 (which finally disables v2 onions).

But Whonix Gateway 16 is still at tor v0.4.5.x (which supports v2 onions). So it’s currently trivial to fingerprint that Tor Browser 11 is running on Whonix Workstation.

1 Like

Thanks for the report. Seems unfortunately required. Will work on that.


related:

1 Like

Progress on tor package version 0.4.6.8.

Downloaded from deb.torproject.org:

  • tor_0.4.6.8-1~d11.bullseye+1_amd64.deb
  • tor_0.4.6.8-1~d11.bullseye+1_arm64.deb
  • tor_0.4.6.8-1~d11.bullseye+1_i386.deb
  • [1]

uploaded to Whonix testers repository just now.


[1] Other architectures such as ppc64el are unfortunately unavailable from deb.torproject.org. Related: Existing Ports of and Porting Whonix ™ to other Architectures.

1 Like

That’s a very good point.

The vast majority of TB users just rely on the TB bundle, which pretty well always has the latest Tor stable version.

Considering Whonix, Tails etc. probably constitute less than 1% of the population, this will remain an ongoing fingerprinting risk if not addressed i.e. the platform should revert to the previous arrangement and forget Debian’s snail pace releases.

I can’t pretend I’m disappointed :slight_smile:

Tor 0.4.6.8 running smoothly in Whonix 16.

:slight_smile:

1 Like

Now in stable repository.

1 Like