![]() Bug 13861: Preserve user profiles after updates.Bug 14388: Secure automatic updates for Tor Messenger.Bug 17363: Remove redundant Tor Messenger folders.Bug 19053: Display plaintext in notifications.Use the THUNDERBIRD_45_3_0_RELEASE tag on comm-esr45.Use the THUNDERBIRD_45_3_0_RELEASE tag on mozilla-esr45.Fix OS X profile when application is not placed in /Applications.Here is the complete changelog since v0.1.0b6: Please verify the fingerprint from the signing keys page on Tor Project's website. txt file containing hashes of the bundles is signed with the key 0xB01C8B006DA77FAA (fingerprint: E4AC D397 5427 A5BA 8450 A1BE B01C 8B00 6DA7 7FAA). At-risk users should not depend on it for their privacy and safety. The purpose of this release is to help test the application and provide feedback. Please note that Tor Messenger is still in beta. All profile data will be preserved upon automatic update, including accounts and OTR keys ( #13861). Note that with the advent of the secure updater, this step will no longer be necessary in future releases. Please see the steps to back them up, or consider simply generating new ones after upgrading. You will need to back up your OTR keys to preserve them across this upgrade. This has been a collaboration between researchers Marcela Melara (CONIKS' project lead) from Princeton, Ismail Khoffi from EPFL, our student Huy, and the Tor Messenger team. So far, we've produced an implementation of a CONIKS keyserver and several patches to Tor Messenger to support the additional logic and interface. In this model, our users' keys are managed in a publicly (and cryptographically) auditable yet privacy preserving key directory in order to provide stronger security and better usability.Īlthough we hope to have a prototype deployed for testing in the near future, much work remains before we can consider turning it on in production. CONIKS is a key management and verification system for end-to-end secure communication services, using a model called key transparency. This summer, the Tor Messenger team participated in Google's Summer of Code program, mentoring a project by Vu Quoc Huy, titled "CONIKS for Tor Messenger" ( #17961). We are now signing the Windows and OS X bundles with the Tor Browser developer keys. In past releases, users may have seen cumbersome and scary warnings that the Tor Messenger application is not signed by a known developer ( #17452), and may not be trustworthy. Otherwise, the profile is stored beside the application bundle. ![]() However, this should only be case when the application is placed in /Applications. With that change, we can now follow suit and store the Tor Messenger profile in ~ /Library /Application\ Support /TorMessenger -Data ( #13861). Tor Browser has since switched courses and, in the 6.0 series, it now stores its profile in ~ /Library /Application\ Support /TorBrowser -Data ( #13252). This could lead to them unknowingly transferring accounts and OTR keys. While normally straightforward, this caused some trouble with Mac users who said that there's a common expectation to be able to copy extracted applications to someone else's computer. This was a result of the Tor Messenger team building on the work done for Tor Browser. In previous releases, Tor Messenger stored its profile directory inside the application bundle. Keeping Tor Messenger up-to-date should now be seamless, painless, and secure. Moving forward, Tor Messenger will prompt you when a new release is available, automatically download the update over Tor, and apply it upon restart. This is the first release that contains ported patches from Tor Browser to securely update the application ( #14388). ![]() All users are highly encouraged to upgrade. This release features a secure automatic updater and important security fixes to Instantbird. We are pleased to announce another public beta release of Tor Messenger.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |