Tor Browser 9.5 arrives with the option to automatically switch to more secure Onion versions of sites
Increasing numbers of internet users are becoming aware of the privacy and security implications of being online, and it is for this reason that secure browsers such as Tor are growing in popularity. Now, with the release of Tor Browser 9.5, the browser features an option that can automatically switch to the secure .onion version of a site if one is available.
In short this means that sites are able to actively promote the fact that they have a secure .onion site available. Publishers now can advertise their onion service to Tor users by adding an HTTP header, so if someone visits the regular version of a website, a notification will appear informing them of the more secure option.
Site owners just need to add the Onion-Location header to pages. Visitors will be offered to the chance to opt-in to upgrade to the onion service on their first use. While this is an extremely important change in Tor 9.5, it is far from the only thing that's new in this version of the browser.
There are also changes to Onion Authentication which allow it to manage authentication keys and tokens via about:preferences#privacy in the Onion Services Authentication section. Like other browser, Tor has improved its URL bar security notifications so users are made aware of when they are visiting secure sites, unsecure sites, or those which contain mixed content.
Error messages have also been improved so in the event that a .onion site is inaccessible, it is no longer the case that a standard Firefox (the browser on which Tor is based) error message is displayed. Instead, Tor now shows a simple diagram to illustrate where along the line the problem exists.
This particular build of the browser also marks the start of experimenting with ideas that will hopefully lead to .onion addresses that are easier to remember. The team behind the browser says: "we partnered with Freedom of the Press Foundation (FPF) and the Electronic Frontier Foundation's HTTPS Everywhere to develop the first proof-of-concept human-memorable names for SecureDrop onion services addresses".