Tor Browser 7.0a4 is released
Tor Browser 7.0a4 is now available from the Tor Browser Project page and also from our distribution directory.
This will probably be the last alpha before the first stable release in the 7.0 series.
This release features a lot of improvements since the 7.0a3 release. Among other things Firefox has been updated to 52.1.1esr, fixing a security bug for Windows users (although by default Tor Browser users are not affected as WebGL is put behind click-to-play placeholders, thanks to NoScript). The canvas prompt is now shown again, the browser is not crashing anymore on about:addons with the security slider set to "high" and Selfrando has been integrated into the Linux 64bit build.
There are still some unresolved issues that we are working on getting fixed for the stable release. Among them, the browser is crashing (with e10s enabled) or the download is stalling (with e10s disabled) when opening/downloading files that need an external application to handle them (this is bug 21766 and bug 21886).
Note: comments were closed as we were upgrading our blog. They are now open.
Note for Linux users: You may get the error Directory /run/user/$uid/Tor does not exist after updating your browser. This is bug 22283. A workaround for this issue is to edit the file Browser/TorBrowser/Data/Tor/torrc and remove the ControlPort and SocksPort lines.
The full changelog since Tor Browser 7.0a3 is:
- All Platforms
- Update Firefox to 52.1.1esr
- Update Tor to 0.3.0.6
- Update Tor Launcher to 0.2.12.1
- Bug 20761: Don't ignore additional SocksPorts
- Translation update
- Update HTTPS-Everywhere to 5.2.16
- Update NoScript to 5.0.4
- Bug 21962: Fix crash on about:addons page
- Bug 21778: Canvas prompt is not shown in Tor Browser based on ESR52
- Bug 21569: Add first-party domain to Permissions key
- Bug 22165: Don't allow collection of local IP addresses
- Bug 13017: Work around audio fingerprinting by disabling the Web Audio API
- Bug 10286: Disable Touch API and add fingerprinting resistance as fallback
- Bug 13612: Disable Social API
- Bug 10283: Disable SpeechSynthesis API
- Bug 21675: Spoof window.navigator.hardwareConcurrency
- Bug 21792: Suppress MediaError.message
- Bug 16337: Round times exposed by Animation API to nearest 100ms
- Bug 21726: Keep Graphite support disabled
- Bug 21685: Disable remote new tab pages
- Bug 21790: Disable captive portal detection
- Bug 21686: Disable Microsoft Family Safety support
- Bug 22073: Make sure Mozilla's experiments are disabled
- Bug 21683: Disable newly added Safebrowsing capabilities
- Bug 22071: Disable Kinto-based blocklist update mechanism
- Bug 22072: Hide TLS error reporting checkbox
- Bug 20761: Don't ignore additional SocksPorts
- Bug 21340: Identify and backport new patches from Firefox
- Bug 22153: Fix broken feeds on higher security levels
- Bug 22025: Fix broken certificate error pages on higher security levels
- Bug 21710: Upgrade Go to 1.8.1
- Mac
- Linux
Comments
Please note that the comment area below has been archived.
I downloaded the new updated…
I downloaded the new updated tor 7.0a4 from here on this site and got this from my antivirus that the file contained a virus called Virus.Gen
Gen:Variant.Graftor.369260 (Traces) File E:\Tor Browser\Browser\Tor\Pluggable Transports\obfs4proxy.exe
the download is infected?
Very likely no…
Very likely no, not infected.
See https://www.torproject.org/docs/faq#VirusFalsePositives
When I use https://ipleak…
When I use https://ipleak.net/ or https://browserleaks.com/ip the public IP address doesn't match tor circuit report. for example the TOR circuit states
Bridge :obfs4 (sweden)
Netherlands (178.62.197.82)
Austria (193.171.202.146)
Internet
But the public IP information is 192.56.55.26 and 95.130.11.147 respectively. Both are in France.
Any idea why this occurs?
Two possibilities:…
Two possibilities:
A) Tor Browser isolates each tab on a different circuit, so if you go to a website and click on the green onion to see what path you're using, and then you go to a new tab and you load ipchicken or your favorite geoip tool, Tor Browser will be separating those two connections onto two different circuits, for your protection.
B) Some exit relays are multi-homed, meaning they advertise a different IP address than the one(s) they use for outgoing connections.
Without further information, I would bet on 'A' in this case.
C) The GeoIP database…
C) The GeoIP database shipped with Tor Browser disagrees with the GeoIP database that a random site is using.
D) Have a look at the…
D) Have a look at the circuit display when you are loading those sites. You might probably see that some circuits change. If that's the case timeouts or other errors in Tor lead to picking a new circuit. Now, the thing is that the measurement (IP address detection) takes place at time t with circuit X being active but you are probably looking at time t1 at the circuit display giving you a different impression due to the above described timeouts/errors.
Hi, before I try 7.0a4, I…
Hi, before I try 7.0a4, I would like to know one thing:
What is the average download size when Tor is updated from 6.5.0 to 6.5.2 on 64 bit Linux? Is 85 MB in a normal range? Seems quite a lot. Thank you
For a full update, yes. We…
For a full update, yes. We provide smaller updates, which are called incremental updates, for updating from the previous version (sometimes even from the version before the previous version). Those are usually way smaller. For instance the incremental update from 6.5 to 6.5.1 was about 8 MByte and the one from 6.5.1 to 6.5.2 around 5 MByte.
From TOR version 6.5.2 when…
From TOR version 6.5.2 when I perform an update it doees not recognize any newer version. Is this normal ?
Yes. 6.5.2 is the latest…
Yes. 6.5.2 is the latest stable Tor Browser. This is a release announcement for the alpha series of Tor Browser.
Incidentally, this alpha series is very close to being the new stable. Stay tuned for Tor Browser to tell you it has an update.
A Chinese famous proxy…
A Chinese famous proxy software named Freegate, which you can make Tor Browser tunnel through with its listening port provided, but first you have to clear any types of bridges out before you can do it, without the bridges you are easier to be tracked, doesn't Tor Project go through the Freegate's trick?