Tor Browser 16.0a6 is now available from the Tor Browser download page and also from our distribution directory.
This version includes important security updates to Firefox.
⚠️ Reminder: The Tor Browser Alpha release-channel is for testing only. As such, Tor Browser Alpha is not intended for general use because it is more likely to include bugs affecting usability, security, and privacy.
Moreover, Tor Browser Alphas are now based on Firefox's betas. Please read more about this important change in the Future of Tor Browser Alpha blog post.
If you are an at-risk user, require strong anonymity, or just want a reliably-working browser, please stick with the stable release channel.
Send us your feedback
If you find a bug or have a suggestion for how we could improve this release, please let us know.
Full changelog
The full changelog since Tor Browser 16.0a5 is:
- All Platforms
- Updated tor to 0.4.9.7
- Updated NoScript to 13.6.18.90101984
- Updated OpenSSL to 3.5.6
- Bug tor-browser#43857: Review in-source TODOs
- Bug tor-browser#44402: Re-enable ESLint rule mozilla/no-browser-refs-in-toolkit as an error
- Bug tor-browser#44749: Check search engines parameter replacements
- Bug tor-browser#44792: Rebase alpha onto 150.0a1
- Bug tor-browser#44796: Adjust TorProviderBuilder to report the provider state to consumers
- Bug tor-browser#44828: Remove browser module references from toolkit/modules/ActorManagerParent.sys.mjs
- Bug tor-browser#44841: TorDomainIsolator proxy filter returns null on exception instead of preserving SOCKS proxy
- Bug tor-browser#44865: Block chrome:///locale/ to content
- Bug tor-browser#44868: Backport 138c33ea964b2e0a4875aadc39d8a948e0c2aace to 150 to fix Windows builds
- Bug tor-browser#44870: Remove legacy branch from gitlab templates
- Bug tor-browser#44895: Undo the patch for #44772
- Bug tor-browser-build#41775: Update list of Snowflake STUN servers in default bridge line, 2026 edition
- Bug tor-browser-build#41778: Remove base-browser from protected-branches.py
- Bug tor-browser-build#41780: Create sha256sums-unsigned-build.txt in artifacts/$platform directories
- Windows + macOS + Linux
- Updated Firefox to 150.0a1
- Bug tor-browser#43824: Switch resource:// modules to use moz-src:
- Bug tor-browser#44288: New identity fails to block loading a custom home page
- Bug tor-browser#44458: Fix the "Connect" and ".onion available" button height
- Bug tor-browser#44560: Customize the flags for alternate 'Application Data' directories
- Bug tor-browser#44630: Use settings config to hide settings, rather than data-hidden-from-search or commenting out
- Bug tor-browser#44648: Unexpected changes to SearchService.sys.mjs
- Bug tor-browser#44685: Use border radius for letterboxing
- Bug tor-browser#44798: Don't load
about:torconnect
into iframes - Bug tor-browser#44829: Hide the settings privacy card
- Bug tor-browser#44832: Hide the Firefox mascot in about:neterror
- Bug tor-browser#44846: about:torconnect redirect doesn't work with the new neterror page
- Bug tor-browser#44847: Drop letterboxing sidebar rounded corner logic
- Bug tor-browser#44902: Error in privacy preference initialisation due to missing
dataCollectionViewProfilesMultiProfileBackupWarning
- Bug tor-browser-build#31860: Start using LTO for firefox project
- Windows
- Bug tor-browser#44862: Fontvis is missing Segoe MDL2 Assets
- Bug tor-browser#44868: Backport 138c33ea964b2e0a4875aadc39d8a948e0c2aace to 150 to fix Windows builds
- macOS
- Bug tor-browser#44850: Wrong path for bootstrapped tor daemon on macOS
- Bug tor-browser-build#41476: Since 13.5-legacy is not longer supported, remove tools/signing/wrappers/sign-rcodesign
- Linux
- Bug tor-browser#44361: Notify Linux i686 users that they won't receive updates anymore
- Bug tor-browser#44521: Disable widget.wayland.fractional-scale.enabled
- Android
- Updated GeckoView to 150.0a1
- Bug tor-browser#44615: Remove ability to "Rate/Review in Google Play" in app
- Bug tor-browser#44827: Always enable noscript for android
- Bug tor-browser#44842: Replace instances of SwitchPreference with SwitchPreferenceCompat
- Bug tor-browser#44848: Do not overwrite Android toolchains on default mozconfigs
- Bug tor-browser#44880: Fix edgeToEdge display issue presented in 150 android rebase
- Bug tor-browser#44925: Fix bootstrap screen color styling for light mode presented in one of the rebases between 140 and 150
- Bug tor-browser#44935: Remove incorrectly shown "open in app" notification dot on settings button
- Build System
- All Platforms
- Bug tor-browser-build#41591: Remove support for old mar filenames when 13.5 legacy branch is EOL
- Bug tor-browser-build#41764: Update toolchains for Firefox 150
- Bug tor-browser-build#41767: Add jwilde to allowed signer for browser projects
- Bug tor-browser-build#41778: Remove base-browser from protected-branches.py
- Bug tor-browser-build#41780: Create sha256sums-unsigned-build.txt in artifacts/$platform directories
- Bug tor-browser-build#41786: Add comment to rbm.local.conf.example warning about potential recursive loops in tmp_dir definition
- Bug rbm#40106: Improve error message in case of recursive definition
- Windows + macOS + Linux
- Bug tor-browser-build#41759: Remove references to legacy release in tor-browser-build
- Windows + Linux + Android
- Bug tor-browser-build#41770: Update Go to 1.26.x
- Updated Go to 1.26.2
- Windows
- Bug tor-browser#44853: Update target in mozconfig-windows-x86_64 and mozconfig-windows-i686
- macOS
- Bug tor-browser-build#41773: Change the position of -mindepth when creating the dmg
- Linux
- Bug tor-browser#44555: Remove mozconfig-linux-i686
- Android
- Bug tor-browser#44848: Do not overwrite Android toolchains on default mozconfigs
- All Platforms
Comments
We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the moderators. Please do not comment as a way to receive support or to report bugs on a post unrelated to a release. If you are looking for support, please see our FAQ, user support forum or ways to get in touch with us.
Facts Only
Tor Browser 16.0a6 is now available for download.
The release includes security updates to Firefox.
Tor Browser Alpha is based on Firefox betas and is intended for testing only.
Updated components: Tor to 0.4.9.7, NoScript to 13.6.18.90101984, OpenSSL to 3.5.6.
Firefox has been updated to 150.0a1 across Windows, macOS, and Linux.
GeckoView has been updated to 150.0a1 for Android.
Multiple bugs have been fixed, including issues with search engines, letterboxing, and privacy settings.
Linux i686 users are notified they will no longer receive updates.
The build system has been updated, including Go to 1.26.2.
Feedback is requested for bugs and suggestions.
Executive Summary
Tor Browser 16.0a6 has been released as an alpha version, available for testing from the Tor Browser download page and distribution directory. This update includes critical security patches for Firefox, alongside upgrades to core components like Tor (0.4.9.7), NoScript (13.6.18.90101984), and OpenSSL (3.5.6). The alpha channel is now based on Firefox betas, marking a shift in development strategy, but it remains unsuitable for general use due to potential bugs affecting usability, security, and privacy. Users requiring strong anonymity or stability are advised to use the stable release channel instead.
The changelog highlights platform-specific fixes, including adjustments for Windows, macOS, Linux, and Android. Notable changes include improved letterboxing, privacy setting adjustments, and the removal of legacy support for Linux i686 users. The build system has also been updated, with Go upgraded to 1.26.2 and various optimizations for performance and security. Feedback is encouraged to refine the release before it progresses to stable status.
Full Take
This release reflects Tor Browser’s ongoing evolution, balancing security updates with structural changes like the shift to Firefox betas for alpha builds. The emphasis on testing—rather than general use—highlights the trade-offs between innovation and stability in privacy-focused software. The removal of legacy support (e.g., Linux i686) signals a pragmatic focus on modern architectures, though it may alienate users reliant on older systems.
Patterns detected: none
The broader implication is the tension between rapid iteration and reliability in tools designed for high-risk users. While alpha releases enable early bug detection, they also risk exposing vulnerabilities to those who might mistakenly use them for sensitive activities. The call for feedback underscores the collaborative nature of open-source development, but it also places responsibility on users to engage critically.
Key questions arise: How does the shift to Firefox betas affect long-term security? What safeguards exist for users who inadvertently use alpha builds for high-stakes anonymity? And how might the removal of legacy support impact marginalized users with older hardware? These considerations invite deeper reflection on the ethics of software lifecycle management in privacy tools.
Sentinel — Human
This text functions as a typical technical software release note, characterized by specific bug tracking and platform details, strongly suggesting a human-authored source by a developer or project maintainer.