Tor Browser 7.0.7 is released

by boklm | October 20, 2017

Tor Browser 7.0.7 is now available from the Tor Browser Project page and also from our distribution directory.

This release updates Firefox to 52.4.1esr, HTTPS-Everywhere to 2017.10.4 and NoScript to 5.1.2. On Linux the content sandboxing is now enabled. This release is also fixing some crashes and adding a donation banner starting on Oct 23 in order to point to our end-of-the-year 2017 donation campaign.

The full changelog since Tor Browser 7.0.6 is:

  • All Platforms
    • Update Firefox to 52.4.1esr
    • Update Torbutton to 1.9.7.8
      • Bug 23887: Update banner locales and Mozilla text
      • Bug 23526: Add 2017 Donation banner text
      • Bug 23483: Donation banner on about:tor for 2017 (testing mode)
      • Bug 22610: Avoid crashes when canceling external helper app related downloads
      • Bug 22472: Fix FTP downloads when external helper app dialog is shown
      • Bug 22471: Downloading pdf files via the PDF viewer download button is broken
      • Bug 22618: Downloading pdf file via file:/// is stalling
      • Translations update
    • Update HTTPS-Everywhere to 2017.10.4
    • Update NoScript to 5.1.2
      • Bug 23723: Loading entities from NoScript .dtd files is blocked
      • Bug 23724: NoScript update breaks Security Slider and its icon disappears
    • Bug 23745: Tab crashes when using Tor Browser to access Google Drive
    • Bug 22610: Avoid crashes when canceling external helper app related downloads
    • Bug 22472: Fix FTP downloads when external helper app dialog is shown
    • Bug 22471: Downloading pdf files via the PDF viewer download button is broken
    • Bug 22618: Downloading pdf file via file:/// is stalling
    • Bug 23694: Update the detailsURL in update responses
  • OS X
    • Bug 23807: Tab crashes when playing video on High Sierra
  • Linux
    • Bug 22692: Enable content sandboxing on Linux

Comments

Please note that the comment area below has been archived.

October 19, 2017

Permalink

This new version 7.0.7 and the previous version - which i think was the immediate preceding release version of TBB - cause the windows crash alert when shutdown by clicking the "X" in upper right (right end of titlebar). Commented previously, in https://blog.torproject.org/comment/271794#comment-271794

I am using a fresh install from the exe (the previous version).
I have hardly used TBB since.
However, I haven't left TBB exactly as installed. I've added no bookmarks, but I am using a custom userchrome.css and have used firefox's normal Customize GUI. I've chosen max security in TBB slider, then changed a few settings in noscript, and allowed history in Firefox options.

October 19, 2017

Permalink

more info.
eventviewer:
event D 1000 application error
Faulting application name: firefox.exe, version: 52.4.1.6242, time stamp: 0x00000000
Faulting module name: nssckbi.dll_unloaded, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7336da4c
Faulting process id: 0x930
Faulting application start time: 0x01d349599ac3bb7e
Faulting application path: (path)\Browser\firefox.exe
Faulting module path: nssckbi.dll

this is the event related to TBB crash when TBB wanted to restart after the update download. Also Event ID 1000 Application Error:
Faulting application name: firefox.exe, version: 52.4.0.6242, time stamp: 0x00000000
Faulting module name: nssckbi.dll_unloaded, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7336da4c
Faulting process id: 0x1158
Faulting application start time: 0x01d3495875729585
Faulting application path: (path)\Browser\firefox.exe
Faulting module path: nssckbi.dll

same dll in the earlier app crash, nssckbi.dll
but can see the earlier esr firefox.exe version

If it matters, hardware is common laptop of 2009 - penryn core 2 duo, intel chipset, and nvidia gpu

(preview page wants to redirect, which I allowed, but only after I copied text into memory as "backup". I needed that "backup".
Hope this is not duplicate comment)

Hard to say. But you could try. I asked the Tails folks a while ago to test 7.5a5 in particular as it contained the sandboxing enabled which 7.0.7 has now as well. I have not heard back from any issues so far (but am not sure either whether they actually tested the content sandboxing in a Tails context).

October 20, 2017

Permalink

2017.10.20 18:27:04.800 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
2017.10.20 18:27:04.800 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
2017.10.20 18:27:04.800 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
2017.10.20 18:27:04.800 [NOTICE] Opening Socks listener on 127.0.0.1:9150
2017.10.20 18:27:04.800 [NOTICE] Renaming old configuration file to "\Tor Browser\Browser\TorBrowser\Data\Tor\torrc.orig.1"
2017.10.20 18:27:05.000 [NOTICE] Bootstrapped 5%: Connecting to directory server
2017.10.20 18:27:06.400 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server
2017.10.20 18:27:07.300 [NOTICE] Bootstrapped 15%: Establishing an encrypted directory connection
2017.10.20 18:27:07.600 [NOTICE] Bootstrapped 20%: Asking for networkstatus consensus
2017.10.20 18:27:07.800 [NOTICE] Bootstrapped 25%: Loading networkstatus consensus
2017.10.20 18:27:15.300 [WARN] Problem bootstrapping. Stuck at 25%: Loading networkstatus consensus. (No route to host [WSAEHOSTUNREACH ]; NOROUTE; count 1; recommendation warn; host 79861CF8522FC637EF046F7688F5289E49D94576 at 171.25.193.131:443)
Other browsers work.

October 20, 2017

Permalink

I am totally flabbergasted

by reading this
"First, a warning: The sandboxing isn't very strong yet, especially for the threats that Tor Browser deals with: it still allows reading any file and doing arbitrary socket and connect calls, for example, so there's probably a way for a determined attacker to get a generic sandbox escape, and it definitely allows obtaining PII such as MAC addresses."
https://trac.torproject.org/projects/tor/ticket/22692

So all those years we thought Torbrowser was a solid privacy option, we were wrong because we are leaving our mac address everywhere?!
People are using standard browsers as well and a lot of tracking companies will probably have our mac addresses for use and sale.
So everyone that buys a database of mac addresses can compare this with Torbrowser web statistics to deanonymise Torbrowser users?

This is not a bad joke but just very dangerous for a lot of people.

The MAC address can only be seen from the local network. A website cannot get your MAC address, even in standard browsers, so I don't think tracking companies have databases of the MAC addresses of people who visited some websites. What is possible to do is a database of people who connected to a particular wifi network.

The warning you are quoting explains that in case of a vulnerability in the browser, the sandbox is not protecting access to the MAC addresses (and other things), so it still needs improvements to be able to protect anonymity in the case of someone exploiting an unknown vulnerability.

October 20, 2017

Permalink

why is there no option to uninstall the app either in windows "program and features" nor in windowsball menu?

October 20, 2017

Permalink

i notice that :
security.ssl3.dhe_rsa_aes_128_sha;true
security.ssl3.rsa_aes_128_sha;true
security.ssl3.rsa_des_ede3_sha;true
network.IDN_show_punycode;false
security.tls.version.min=1

it should be better set "false" and security.tls.version.min=3 (force TLS 1.2 & disables TLS 1.0 and TLS 1.1) , network.IDN_show_punycode;true. If you (additionally) want to force the usage of PFS, the only enabled ciphers should be of the ecdhe/dhe variants : security.ssl3.rsa_aes_256_sha=false. Enabling weakest ciphers is obsolete since 3 years and still present in Tor_october 2017.

Users must avoid unsecure/intrusive service which gmail, brand cloud, fun app & exotic site not because they are bad (i am speaking about the persons who are behind) ; but because the users are running Tor and/or debian/linux system(s). Do not use a linux o.s if you post with gmail : you lost & spoil all your advantages replacing by the worst inconvenient : a big incoherence.
All these services are built for a perfect transparency (not for yourself of course) running on microsoft/apple for the consumers (retarded & handicapped first) providing a great support (not free). These weaks ciphers are for microsoft users : just a minimal setting.

If it is true that running Tor on microsoft/apple is the first step for obtaining a minimal privacy ;
security in mind, anonymity, privacy, foss should have to be understood as a whole concept for a safe internet & personal usage not because it is geek, modern, fun ... it is at the opposite of the idea to be a consumer with a number labeled on your identity ... but because it is the only way to become the owner of his/her own private life and , following the same movement , re-appropriate for oneself his/her own e-space. If you are not involved (or do not wanted to be) in this choice _ it is not an obligation_ do not use debian/linux & harden tweaks.

I should prefer a hardened update version for linux users & the owners of site should have to update their configuration.

October 20, 2017

Permalink

this Tor browser is updating and applying despite the prefs for each extension are not autoupdate?!?!?!?!

when are you useless developers going to address and fix this?!

October 21, 2017

In reply to boklm

Permalink

Hello. I too have been experiencing the same problem: I installed Tor Browser 6.5.2, went into
Tools->Options->Advanced->Update
and selected EITHER of these options:
Check for updates, but let me choose whether to install them
Never check for updates (not recommended: security risk)
In either case, after using Tor Browser for 30-60 minutes, after exiting it, I would find that on the next relaunch, it will have updated itself contrary to the settings above.

I know this problem did not exist in 5.5.5; must have appeared somewhere between 6.0.0 and 6.5.2. Please fix, this is very annoying.

The 7.0.x versions that i'm forced to update to have broken functionality: they do not let me save web pages properly!!!

Have you filed a bug for the broken functionality somewhere? Staying on an old version without any security updates is not a good solution? Have you tested that 7.0.7 is still broken for your use case?

October 20, 2017

Permalink

Just upgraded to TB 7.0.7, and can hardly open pages I traditionally opened in older versions. The few pages that open, do it after a very long time spinning. What gives? Going back to older versions is not an option, and not using TB is not an option either. Any TB developers reading this? Thanks.

October 21, 2017

Permalink

just updated tor browser and when trying to start it, avast intercepts firefox.exe and says it has idp.generic virus.

October 21, 2017

Permalink

why has my comment not been approved yet?
after this update, when starting tor browser, avast says firefox.exe contains idp.generic virus and put it in the virus chest.

October 21, 2017

Permalink

How access gmail and Google Drive with Tor Browser?
I used the firefox add-on "Export Import Cookies" to import cookies and logs into email accounts like gmail and yahoo with Tor Browser 6.5 successfully, but that does not work in Tor Browser 7.07. Using Tor Browser 7.07, although cookies are imported, websites behave as if cookies do not exist and I can not get into my email accounts. I can not use a phone number to login because that breaks my anonymity. I need to import some cookies to enter the email accounts using different IPs because without those cookies the security of the email prevents the login if the IP is not the same used in the creation of the account. I do not understand why cookies are successfully imported by the "Export Import Cookies" but Tor Browser and the sites behave as if cookies were never imported. I can see imported cookies in "preferences> privacy> Show Cookies," but the sites can not find them. I tested the same add-on on firefox-esr 52.4.1, which is the basis of Tor Browser 7.07, and I was able to import cookies and log in to email accounts normally. Can anyone tell me how to import cookies using Tor Browser 7.0.7? Does anyone have any other ideas on how to access yahoo and gmail email accounts using Tor Browser? Tor Browser should support an add-on to export and import cookies.

October 21, 2017

Permalink

Just upgraded to TB 7.0.7, and can hardly open pages I traditionally opened in older versions. The few pages that open, do it after a very long time spinning. What gives? Going back to older versions is not an option, and not using TB is not an option either. Any TB developers reading this? Thanks.

October 21, 2017

Permalink

Same issue with avast and 7.07. Tried uninstalling, tried using older installs, creating an exception in avast, nothing seems to work.

October 21, 2017

Permalink

I am running Tor Browser on Windows 7-64.

Why does Tor Browser always cause my ZoneAlarm firewall to report that Tor Browser is trying to communicate with explorer.exe? It does this twice, every time I start Tor Browser, even though I tell ZoneAlarm to remember the setting to deny access.

This seems very suspect to me, and has been going on for some time now.

October 23, 2017

In reply to gk

Permalink

I again just downloaded the windows installer from the Tor website, and installed it to my desktop, the default location.

The installer triggered ZoneAlarm firewall twice, trying to access explorer.exe. I denied permission, and the installation proceeded normally.

Then, when I opened this new instance of Tor Browser, it again made two attempts to access explorer.exe, as indicated by ZoneAlarm firewall. I denied permission, twice, and the browser opened normally.

Here is the log:

10/24/2017 5:06:33 AM.800 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/24/2017 5:06:33 AM.800 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/24/2017 5:06:33 AM.800 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/24/2017 5:06:33 AM.800 [NOTICE] Opening Socks listener on 127.0.0.1:9150
10/24/2017 5:06:33 AM.800 [NOTICE] Renaming old configuration file to "C:\Users\XX\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc.orig.1"
10/24/2017 5:06:34 AM.000 [NOTICE] Bootstrapped 5%: Connecting to directory server
10/24/2017 5:06:34 AM.200 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server
10/24/2017 5:06:34 AM.700 [NOTICE] Bootstrapped 15%: Establishing an encrypted directory connection
10/24/2017 5:06:34 AM.900 [NOTICE] Bootstrapped 20%: Asking for networkstatus consensus
10/24/2017 5:06:35 AM.000 [NOTICE] Bootstrapped 25%: Loading networkstatus consensus
10/24/2017 5:06:38 AM.600 [WARN] Received directory with skewed time (DIRSERV:193.23.244.244:443): It seems that our clock is ahead by 1 hours, 57 minutes, or that theirs is behind. Tor requires an accurate clock to work: please check your time, timezone, and date settings.
10/24/2017 5:06:38 AM.600 [NOTICE] I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
10/24/2017 5:06:38 AM.800 [NOTICE] Bootstrapped 40%: Loading authority key certs
10/24/2017 5:06:39 AM.800 [WARN] Received directory with skewed time (DIRSERV:193.23.244.244:443): It seems that our clock is ahead by 1 hours, 57 minutes, or that theirs is behind. Tor requires an accurate clock to work: please check your time, timezone, and date settings.
10/24/2017 5:06:39 AM.800 [NOTICE] Bootstrapped 45%: Asking for relay descriptors
10/24/2017 5:06:39 AM.800 [NOTICE] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/6399, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of exit bw = 0% of path bw.)
10/24/2017 5:06:40 AM.500 [NOTICE] Bootstrapped 50%: Loading relay descriptors
10/24/2017 5:06:43 AM.600 [NOTICE] Bootstrapped 56%: Loading relay descriptors
10/24/2017 5:07:05 AM.300 [NOTICE] Bootstrapped 64%: Loading relay descriptors
10/24/2017 5:07:05 AM.600 [NOTICE] Bootstrapped 70%: Loading relay descriptors
10/24/2017 5:07:05 AM.800 [NOTICE] Bootstrapped 80%: Connecting to the Tor network
10/24/2017 5:07:06 AM.500 [NOTICE] Bootstrapped 85%: Finishing handshake with first hop
10/24/2017 5:07:06 AM.800 [NOTICE] Bootstrapped 90%: Establishing a Tor circuit
10/24/2017 5:07:07 AM.300 [NOTICE] Tor has successfully opened a circuit. Looks like client functionality is working.
10/24/2017 5:07:07 AM.300 [NOTICE] Bootstrapped 100%: Done
10/24/2017 5:07:08 AM.800 [NOTICE] New control connection opened from 127.0.0.1.
10/24/2017 5:07:09 AM.000 [NOTICE] New control connection opened from 127.0.0.1.

You might want to fix your clock offset:

10/24/2017 5:06:38 AM.600 [WARN] Received directory with skewed time (DIRSERV:193.23.244.244:443): It seems that our clock is ahead by 1 hours, 57 minutes, or that theirs is behind. Tor requires an accurate clock to work: please check your time, timezone, and date settings.

But that should not be the reason for the zonealarm trigger.

Does a normal Firefox trigger the same alarm?

October 24, 2017

In reply to gk

Permalink

My clock appears to show the correct time for my time zone. Haven't had any problems with that at all. It is set to synchronize automatically with the naval observatory time server.

What could be causing Tor Browser to report a severe clock skew problem? This did not use to happen, until fairly recently.

Once Tor Browser is up and running, it seems to function normally. But that could just be an illusion. What is going on beneath the surface could be a different story.

I have not noticed this issue with Firefox, which I have highly customized to tighten up security, to approximate that of Tor Browser. I get test scores comparable to Tor Browser when I test using Panopticlick and ip-check.info, though I know they don't tell the whole story.

Any help is appreciated.

"installed it to my desktop, the default location"

this might be what bothers the firewall.

"Desktop" is a special folder.
(The icons on the desktop you see may be in two different "Desktop" folders - C:\Users\yourusername\Desktop and C:\Users\Public\Desktop)

So, to keep things simpler, I would "install" TBB to a more typical folder such as C:program files\TBB\ or perhaps in a folder on the drive letter (C:\TBB\)

I had previously placed the Tor Browser folder in my C:\Program Files (x86) folder, to get it off my desktop.

Later, after experiencing this issue, and thinking this might be a problem, I tried putting a fresh installation of Tor Browser back on my desktop, the default location where the installer wants to put it.

It makes no difference. Same problem, either way.

October 24, 2017

In reply to gk

Permalink

From the ZoneAlarm Advisor page:

Tor Browser is trying to open an existing process.
ZoneAlarm is asking you whether to allow this behavior. Your computer is safe.

What should I do?

If Tor Browser needs to open an existing process in order to function correctly and you know what this program is, then give it permission. If it does not need to open a process, or you know that a process should not be opened, then deny it. If you are unsure, you can always deny it from opening a process and run the program again if it is required.

Why?

Tor Browser is potentially malicious. This is particularly true if opening an existing process will load malicious programs and/or utilize an excessive amount of CPU time, memory, and other resources.

October 25, 2017

In reply to gk

Permalink

Inside the OSFirewall alert

Alert property Alert property value Technical explanation
Program Name Tor Browser A program running on your computer, which attempted an action that was detected by the OSFirewall.
Filename firefox.exe The filename of the program that ZoneAlarm found on your computer.
Program Version 52.4.1 The version of Tor Browser running on your computer.
Program Size 337920 The size of the program executable file in bytes.
Program MD5 946fd9704dcddf0041eecb2beb28e342 The MD5 hash, or number, that uniquely identifies the executable.
Smart Checksum 4eadd97966ec4a78d2271d214f0d9272 The SKIMP hash, or number, that uniquely identifies the executable.
Date Modified Dec-31-1999 05:00:00 PM The date when firefox.exe was most recently modified.
Event Type Process The event involved starting or terminating a thread or process.
Sub Event Type OpenProcess Tor Browser attempted to open another process.
Command Line C:\Windows\Explorer.EXE The command being used to open another process.

Still have gotten no resolution of this problem.
Tor Browser has updated to 7.08, but the problem persists of Tor Browser invoking to access explorer.exe on Windows 7-64

October 21, 2017

Permalink

Runs a little slow on my macbook pro but wanted to update and keep it around for an occasional private search

With a totally informative bug report like that, never. Tor Browser 7.0.7 works fine on the maintainer's laptop. If you're lucky, this is #23915 that someone was kind enough to report with sufficient detail to root cause, which I fixed 3 days ago.

October 23, 2017

In reply to yawning

Permalink

Haha, you're right, that was a really stupid comment. Sorry about that. It wasn't really meant as a bug report (the error was blatant enough that I figured I oculdn't be the only one seeing it) - I was just griping.

What happens is that the browser window appears as normal, but trying to visit any URL results in a message "Your tab just crashed." I'll try to dig into this later when I have time.

But anyway, thanks for your hard work.

I assume you're the one that filed #23956. sandboxed-tor-browser 0.0.14 has a fix for that (as #23692), so I'm not sure why it's still busted.

`sandboxed-tor-browser --version` will dump the version to the console. Failing that, if you're on oldstable then there's a different issue due to the kernel being comparatively ancient that requires a patch from master to fix.

Tried it just yesterday on linux (free of NSA's-systemd) and it worked. Do you have bubblewrap firetools installed?
It does not work the same way it was before, I'm still trying to figure out where to place bookmark files withing amnesia's space or configure it like I used to, but it worked flawlessly and pretty fast.
Running it in terminal and collecting any error output would help in diagnosing the problem you have.

October 23, 2017

Permalink

NoScript updated to 5.1.3, then moved it's icon on the right side beside HTTPS EveryWhere. Should I be worried? I'm on Trisquel x86. Thanks and more power!

October 23, 2017

Permalink

Just want to say a very big thankyou for making TBBs and spending lots of time to make it for us [the public] for FREE. My life has changed because of TBB and I thankyou very much for doing it. Even if it is not fast sometime I keep trying because it is FREE and helping many persons around the world. I just make the "new TOR circuit" and everything is okay again. Everyone who complains-please SHUT UP and try to 1st say thankyou and 2nd be good manners. If you have 3rd then please complain nicely so they can help to fix for us, for FREE!!!!

October 23, 2017

Permalink

linux bug : go to a page with several https enforced (look at the number written on the red https symbol) then push the button 'home' (home symbol) or reload and you will see that the number is the same even using 'new identity' or 'new Tor circuit for this site'.
does it mean that it is buggy or you do not leave the page ?
It is reproducible by anybody without skill or background.
i did not try on windows:osx -android.
no-comment.

October 24, 2017

In reply to gk

Permalink

the icon of https-everywhere becomes 'red' as son as you turn ON this addon : left click
1° enable https-everywhere : check
2° block all unencrypted request : check
now, every 'connection' forced in https is shown on the icon by a number.
you must also set no-script & the security level in tor network settings.

October 23, 2017

Permalink

When one is forced to use Firefox or other browser because TB 7.0.7 doesn't open pages that have been traditionally opened by older versions, we are in serious trouble. It defeats the very purpose of its creation, which is to circumvent surveillance and enhance privacy and anonymity. Take for example Fort Russ (http://fortruss.blogspot.fr/), a Russian news portal. I never had any problems opening it, until TB 7.0.7 arrived, same with many other news sites, e.g., Zero Hedge (http://www.zerohedge.com/), BuzzFeed News (https://www.buzzfeed.com/news), ConsortiumNews (https://consortiumnews.com/), Russia Insider (http://russia-insider.com/en), among others. These are not news sites in North Korea, Iran or Mozambique, or any so-called "axis of evil" countries. I don't understand what is happening, but I find it extremely frustrating not to able to work with TB as I have usually done. Any suggestions? BTW, nothing has changed in my hardware/software, before, during, or after the TB upgrade to 7.0.7.

October 24, 2017

In reply to gk

Permalink

Solution: Erased old TB 7.0.7 installation, downloaded brand new TB 7.0.7, installed it, voilà!, same old, same old TB, slow as usual, but reliably safe, anonymous and private. Not a panacea for all encountered glitches after the latest upgrade, but I would suggest that anyone with problems, first erase old installation, start with a brand new one, and see what happens before defining there is a glitch. The problem may or may not be in the integration of the new version to the old template.

October 23, 2017

Permalink

Minor file downloading bug in Torbrowser 7.07 and 7.06 on Win7-64 (happened with.pdf files).

If filename is changed as part of the downloading short-cut menu Save File procedure then no file is saved.
No error is shown or any other hint that something is wrong. The lack of file is seen both in Explorer and in the browser's own download tracking page.

If a file is saved without a filename change then the file saves successfully.

Anti-malware SW logs show nothing noted during the times of attempted download.

Thank you.

October 31, 2017

In reply to gk

Permalink

gk thanks for your response and interest re the file download-rename issue.

It had happened on two different occasions after firing up TBB but then while writing down the steps for you it failed to fail. Will watch for another opportunity. Thank you.

October 23, 2017

Permalink

i read that (and it was confirmed by the dev & users) every tab has a different relay : it is normal for a minimum of 'privacy/security'.
it is not the case with 7.0.7
something is wrong with this version :
- relays are the same (open 4 tab then compare the relays).
- home (Tor page) keeps the settings of https (click on the home icon after your surf : https keeps the number , it is not reset at zero).
it sounds that the team(s) do not work since several months_years on Tor but on another projects which conference (sponsors & for themselves/business).
Tor is still recommended : for how long time ?

October 24, 2017

In reply to gk

Permalink

it works fine now but it was not the case 10 hours ago :
if it happens again, i should take some screenshots.

https-everywhere on : the number on the icon does not reset.
confirmed : surf opening several page/tab (test 5 different sites e.g) then you can see a number on the https_icon : it is the number of links forced in https.
now, if you push on the button / icon "Home" (you go to the Tor page : default) , the number is the same even if you reload the page.
Home redirect to the Tor page but keeps the old settings/address taken from your last surf (on the icon or in memory ? that's the point !)
you can see that easily if it appears a "+1" on the Tor page yet configured (default) in https !

relays : no problem but the question is relevant , if a malfunction/hack/censure/control happens how could i be informed ? how to be alerted of this behavior ? nothing show us that one opens the same "relays-set" when one surfs !

It is not about the relays on ONE site/page of course.
if the relays are the same on 2 different tab _ at least close one.
In short : the relays must be different , if not ; check "New Identity" or restart Tor.

i wonder if some malfunction are not coming from the usage of firefox-esr & firejail interfering with the use of Tor (i use Tor for onions & surfing but i download with firefox).
2 versions are on linux system : firefox & firefox-esr.

we need more and more relays operators ... and learning to be prudent.

October 23, 2017

Permalink

Try open a site i see a lot of re-routing/relaychanging before site opens. Or site is open and after minutes circits are changing, not on all sites.
Is this normal?

There are complex sites like Google that reroute users over different country domains (like google.ua, google.de etc.) which all cause different circuits to be built as they are bound to the domain you see in the URL bar. Then it can happen that a circuit gets unusable and a new one needs to get built for resources that are refetched from websites. So, this nothing which is unusual.

October 24, 2017

In reply to gk

Permalink

If this happen with one/same site, is this some kind of censoring exit(s) do?

October 24, 2017

Permalink

Hi,

thanks for Thor, great idea!
But why it is sooo slow? To come to your website took 45 secs. Download a new Tor browser (3.8 MB) took 11 min!
5 KB/s?

October 24, 2017

Permalink

sometimes i get the message 'Secure Connection Failed'.
if i choose 'New Tor Circuit for this Site' tbb tries to open the website with the same circuit.
is this behavior intended?

October 24, 2017

Permalink

This keeps crashing on my Windows 7 laptop. It starts to download a page but then just freezes so totally unusable.Please fix soon.

October 24, 2017

Permalink

Can you update me on this matter. As the law is now. Would you be obligated to provide a backdoor to agencies for TorBrowser, IF they asked you to do it? Is a law like this close to being passed?

October 25, 2017

In reply to gk

Permalink

Where is Tor organization based? Is it not based in USA? So it would be there the law would have to be. How can you not know about this law? I reading daily about new US laws being passed to allow agencies to have backdoor. Are you not supposed to be the one knowing this?

Well, not everyone working on Tor Browser is based in the US. Especially not those that are doing the releases and making sure the right code gets into the binaries we distribute. So, even if there existed such a law in the US and even if some agency in the US came to the Tor office in the US that does not mean that anything in Tor Browser changes as a result of that. Quite to the contrary.

October 24, 2017

Permalink

Why do you now require javascript activated to place comments on the blog? Pls revert back to old where you could comment without JS

October 25, 2017

Permalink

Dear Tor cooperatives ,
I like to raise an security issue - Tor Browser defends internet traffic analyses but are you aware
of the fact that everything that is being done on a computer is visable through interception of
Van -Eck radiation that can being received over a distance of many miles ?
Writing emails , you name and address , photo's and more , it is al visable .

At youtube it is explained how simple it is to make a device that modulates the Van-Eck radiation - Van Eck , was a Dutch telecommunications engineer -anyone is able to make
a device that modulates Van -Eck radiation and on youtube it is schowed how easy that is.
Local law enforcement units are making use of the Van-Eck radiation to create a database of local computers positions in cooperation with satellites..

Everything that is being done with the Tor-Browser is visable but even when one has no
internetconecction on , the computer screen /monitor stays visable as long the computer is
turned on.

with regards ,

Willem

they do not intercept (no one can do that_if you do that you cut the connection) they listen like 10 000 years ago.
In fact they are the owner of the submarine_cable (uk is a good example).
- on a computer , you cannot know (off) what a user is doing if you are not very near of the keyboard.
- on a computer you cannot know (on) what a user types if it is encrypted.
you are speaking about illegal teams/tools , it is not new but it is used more for on the cellphone/tablet than on the computer/laptop (wifi needs a registered number and a gps activated in most of model_not all).
how many vehicles are in your town ? a gps is included in the motor/electronic component (the same thing is deploying in china) so no, you cannot know where i am located and where i sent my messages if you have not 'an open-door' inside my area/zone/home/pc.
a gap pc is isolated against all emission/radiaton : not at all new.
In fact they ask to the isp and to the neighbor of a suspect then they wait ... a mistake.
i do not think that a team (francfort e.g) is able to uncrypt Tor or a gpg message or a vpn using this 'tip' : this trick is for obtaining a free zone for rescue or in a military zone or listening the space not for "intelligence" even if some tools were & are used for locating, listening,intercepting,controlling cellphone (ireland / uk ).

October 25, 2017

Permalink

Suddenly my torbrowser was closed. Error in terminal (I don't detach from terminal):

./start-tor-browser: line 368: 1619 Segmentation fault TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" -profile TorBrowser/Data/Browser/profile.default "${@}" < /dev/null
[Child 1675] WARNING: pipe error (3): Connection reset by peer: file /home/debian/build/tor-browser/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Child 1675] ###!!! ABORT: Aborting on channel error.: file /home/debian/build/tor-browser/ipc/glue/MessageChannel.cpp, line 2152
[Child 1675] ###!!! ABORT: Aborting on channel error.: file /home/debian/build/tor-browser/ipc/glue/MessageChannel.cpp, line 2152

In dmesg at same time:

Chrome_ChildThr[1679]: segfault at 0 ip 0000564b2ebd5225 sp 00007feca51fe470 error 6 in plugin-container[564b2ebd0000+1b000]

Sorry, I don't know how to make it reproducible, but want you to know it. JS was disabled in about:preferences, slider was at highest security. Dialogs to download files and save them to PC were opened sometimes.

October 25, 2017

In reply to gk

Permalink

I run my TBB inside PV domU, and this PV domU sometimes hang with kernel error. I think it is some known domU problem which is fixed in later Xen versions, but my Debian release doesn't backport them. Sometimes torbrowser even cannot start, and I need to restart my VM or particular device. It happens not so often, but I notice it sometimes.

The second possible source of problems is that I made my /etc/machine-id empty. Normally torbrowser writes warning about it, but works without any problem. However, I cannot exclude that this bug is triggered by this thing.

So, if the bug is not triggered by these 2 aforementioned problems, then it is in the firefox itself. My 10+ years of experience with Mozilla firefox and torbrowser tells my that ALL versions of browser in some cases crashed. So, all of them had some 0days, and I think many of them were not discovered yet. Btw, this is the reason to work inside VM only.

November 03, 2017

Permalink

Why youtube can still display correctly sometime (twice in the past month) ? I thought it should only show a blank page when security bar is set to high, after their 'important' upgrade.