Tor Browser 7.5.1 is released
Tor Browser 7.5.1 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox.
In addition to security updates to Firefox (52.7.0esr) this release includes newer versions of Tor (0.3.2.10), NoScript (5.1.8.4), and obfs4proxy (0.0.7).
Moreover, we fixed sandbox incompatibilities for 64bit Windows Vista users and amended the NoScript whitelist, which unbreaks extension panels on higher security levels.
Note: We did not include the latest HTTPS Everywhere release in Tor Browser 7.5.1 as we need to first test some changes in its new build system in an alpha release to make sure we still can build everything reproducibly. We expect to have this fixed in the next stable release, though. Sorry for any inconvenience.
The full changelog since Tor Browser 7.5 is:
- All platforms
- Update Firefox to 52.7.0esr
- Update Tor to 0.3.2.10
- Update Torbutton to 1.9.8.6
- Update Tor Launcher to 0.2.14.4
- Bug 25089: Special characters are not escaped in proxy password
- Translations update
- Update NoScript to 5.1.8.4
- Bug 25356: Update obfs4proxy to v0.0.7
- Bug 25000: Add [System+Principal] to the NoScript whitelist
- Windows
- Bug 25112: Disable sandboxing on 64-bit Windows <= Vista
Comments
Please note that the comment area below has been archived.
TAILS Linux v.3.6 is planned…
TAILS Linux v.3.6 is planned for release today - here's the download prior to any announcements:
http://dl.amnesia.boum.org/tails/stable/tails-amd64-3.6/
http://dl.amnesia.boum.org/tails/stable/tails-amd64-3.6/tails-amd64-3.6…
http://dl.amnesia.boum.org/tails/stable/tails-amd64-3.6/tails-amd64-3.6…
Have fun!
so just wondering but why…
so just wondering but why and how does tails have a custom tor
Tails uses a standard Tor…
Tails uses a standard Tor client (currently Tor 0.3.2.10 in Tails 3.6).
Tails uses Tor Browser with some enhancements. I believe the main one is this:
"Tor Browser in Tails is confined with AppArmor to protect the system and your data from some types of attack against Tor Browser. "
See
https://tails.boum.org/doc/anonymous_internet/Tor_Browser/index.en.html
Someone please correct me if I got anything wrong!
Tails uses a tor client, of…
I believe that the Tor Browser version included in Tails is the current version from Tor Project, but does come with some security enhancements such as an apparmor profile:
https://tails.boum.org/doc/about/features/index.en.html#index1h2
This should interest you:…
This should interest you:
https://tails.boum.org/doc/anonymous_internet/Tor_Browser/index.en.html
ш
ш
It seems appropriate that …
It seems appropriate that "Cambridge Analytica" can be sung to the tune of The Reapers Chorus (from Eugene Onegin).
But I interrupted you. Sorry. You were saying?
feature request:…
feature request:
"Open Link with new Tor Circuit" in context menu
If it's a link to a new…
If it's a link to a new domain, it will automatically build a new circuit, and if it's a domain you've already visited, the site will know it's still you, regardless of what circuit you're using. What's the point?
sites respond differently to…
sites respond differently to perceived IP of visitor.
> If it's a link to a new…
> If it's a link to a new domain, it will automatically build a new circuit, and if it's a domain you've already visited, the site will know it's still you, regardless of what circuit you're using. What's the point?
I think you are referring to the fact (yes?) that "new identity" should wipe any cookies stored in Tor Browser data directories, but "new circuit" will not, potentially enabling bad actors to track you to a new domain. But unless you did something foolish (like logging into a social media account registered under your real name or mixing Tor Browser surfing with another browser), that's still a long way from "knowing it's you" in the sense of knowing your exact real life identity.
If I missed your point, please explain.
many websites don't load…
many websites don't load properly or tor hangs. refresh or new tor circuit don't work.
new identity sucks sometimes!
nice
nice
Thanks for this release!…
Thanks for this release! Nice job.
what i don't understand is…
what i don't understand is what good is this script? every page,video, download,etc. always have to click on "temp.allow page" every time. never works on "ban scripts globally".unless i'm doing something wrong here,it gets to be a real pain in the /// to have to do it every time i want to do anything.anybody have any ideas on this? thanks for any help on this!!!
most sites that I visit do…
most sites that I visit do not need scripts allowed.
However, you can "permanently" add a domain to noscript extension's whitelist.
Are you talking about…
Are you talking about Noscript as included in Tor Browser?
> every page,video, download,etc. always have to click on "temp.allow page" every time
That does not sound right. Did you try adjusting the security slider?
what i don't understand is…
what i don't understand is what good is this script? every page,video, download,etc. always have to click on "temp.allow page" every time. never works on "ban scripts globally".unless i'm doing something wrong here,it gets to be a real pain in the /// to have to do it every time i want to do anything.anybody have any ideas on this? thanks for any help on this!!!
> script…
> script
Noscript?
> every page,video, download,etc. always have to click on "temp.allow page" every time.
Hmm... that doesn't sound right. Did you try adjusting the security slider? Try downloading documents from a few different commonly visited sites. I bet the problem is with a few misconfigured websites you happened to be using.
nice
nice
Отлично спасибо!
Отлично спасибо!
this blog is not often…
this blog is not often updated and the discussions are often broken ( reply censored?) :
something is wrong since a long time with tor-blog ...
- or you run it correctly
- or you close it definitely
fed up !!
> this blog is not often…
> this blog is not often updated
Eh? There have been three new posts in the past few days!
> or you close it definitely
Nooooo!
Tor Project needs some way to get feedback from the user base, and currently this blog is the only way which anyone can use.
There are some problems with the blog (e.g. if you set the slider to "High" and try to comment, the notification that your comment has been sent to the modification queue does not work), but in the overall scheme of things, this must count as a minor annoyance.
Tor is under constant assault (technical, political, legal) from numerous lavishly-resourced enemies. Consequently, TP must set priorities, and clearly must dealing with emergencies and keeping well maintained the most important/used products (Tor client/server, Tor Browser) has to come well ahead of revamping the website.
That said, it was just announced that the website has been under redesign for some time, and changes are coming.
> this blog is not often…
> this blog is not often updated
There have been at least three new posts in just the last few days!
I noticed Tor initializing…
I noticed Tor initializing time too long like 2 minutes for begin to respond, Why?
Here's my guess:…
Here's my guess:
If for some reason your system clock was set very incorrectly, it might take that long to adjust. One way this might happen is if the watch battery has died and when your computer boots, it thinks the date is midnight 1 Jan 1970.
The tor client also needs to download from the Directory Authorities information about what nodes are available for passing tor traffic. This usually takes several minutes (limited I assume by the fact that the DA's are busy, not by your internet connection speed).
The tor client running under…
The tor client running under the hood of your Tor Browser needs several minutes to download information about currently available Tor nodes from the Directory Authorities. That usually takes about two minutes (limited by the speed of the DAs not your own internet connection, I think).
Nice
Nice
love you tor
love you tor
Second that…
Second that.
TBB 7.5.1 seems to be working fine for me, BTW!
thank you for standing up…
thank you for standing up for freedom with your actions
Plus one.
Plus one.
You can help future…
You can help future improvements by donating https://donate.torproject.org/pdr
TOR GOOOOOOOOOOOO…
TOR GOOOOOOOOOOOO
THANKS FOR UPDATE ...
i hope THERE'S TOR PROGRAM WITHOUT BROWSER LIKE PROTON VPN
My computers' setup is to…
My computers' setup is to not accept any update at any program even for Tor.
Just I got a message which inform me:
"a security and stability update for tor browser has been downloaded and is ready to be installed".
The down loaded update is for tor browser 7.5.1
I didn't asked, and its downloaded even if my system setup is to not accept exceptions (I double checked it again after the received message).
I asked only at the message end to accept a restart tor browser later or immediately.
So, my point is: why the Tor team acting like the others (well known) who are working for braking our freedoms and violate our choices?
Does Tor team bought from those rapers ?
If it does, they will not announce it, we will understand it from small things like that.
They will not announce it because their will is to control every one and for us (the Tor users) they will do it very uneventfully.
For last 6 weeks, TOR ALWAYS…
For last 6 weeks, TOR ALWAYS & ONLY goes through Slovakia as its last IP causing slowness and security risks. TOR used to jumble the IPs and go through different ones and different countries.
> TOR ALWAYS & ONLY goes…
> TOR ALWAYS & ONLY goes through Slovakia as its last IP
You mean all your Tor circuits always use an exit node in Slovakia?
Do you only surf to websites in Slovakia? Tor client tries to build circuits with an exit node "close" in internet terms to your destination site, but it would be a bit odd, I think, if your circuits *always* use an exit node in Slovakia.
If you are not using the most recent stable release of Tor Browser, i.e., if you didn't install a version from www.torproject.org download page, there is no telling what you actually installed. It's a very good idea to verify the tarballs from torproject.org using the detached key, with PGP or GPG software.
It's possible to modify the Tor configuration so that it will choose only exit nodes in a particular country. If you were playing with the config file in your installed version of Tor Browser, could you have done that accidently?
Tor updated itself when I…
Tor updated itself when I opened it. Now it will not connect. Your download page says it is unstable. What do I do?
ok
ok
"NoScript whitelist, which…
"NoScript whitelist, which unbreaks extension panels on higher security levels"
Great, but without JavaScript i don't see options in HTTPS-Everywhere, the WebExtension-version -thank you mozilla for this eehm ...innovation.*sadlol*
With new ESR all users will be forced to this ....innovation.
You can admire the hard retrograde step with the webextensionversion -the future- of
NoScript and all other webextensions here:
https://hackademix.net/
Sie sind die besten ! Ihr…
Sie sind die besten ! Ihr Programm steht auf der Hut der Demokratie !
Thanks, you're the best,…
Thanks, you're the best, guys !
The Android Tobrowser can…
The Android Tobrowser can chooses the country to begin network through. Can the Mac or windows version get this capability?
Fucking Awesome!
Fncking Awesome!
A supposedly exploit for tor…
A supposedly exploit for tor browser
old version + windows only + javascript but that might be worth a look
https://github.com/offensive-security/exploit-database-bin-sploits/raw/…
You find extensive…
You find extensive discussion about that one in https://bugzilla.mozilla.org/show_bug.cgi?id=1321066.
TorProject needs cash. fact…
TorProject needs cash. fact.
maybe it sounds crazy but have you ever thought about cryptomining inside TBB,
on relays or about a TorDonationBundle?
every user could be encouraged to run a separate donating app some minutes (hours) a day
to support TorProject.
safe offline mining would enable those users to donate who have no money left or
aren't able to donate in the ways you offer.
poor english, sorry.
> TorProject needs cash…
> TorProject needs cash. fact.
Indubitably.
> maybe it sounds crazy but have you ever thought about cryptomining inside TBB,
on relays or about a TorDonationBundle?
Not crazy, and I wouldn't dismiss the idea out of hand, but I can think of at least three reasons why this might be a bad idea.
First, certain of our enemies have had it in for cryptocurrencies for some time, and appear to have done quite a bit of work to identify individual users of cryptocurrencies and to monitor blockchains. Literally mining Bitcoin (or another such) inside Tor Browser would likely only increase their fury toward the Tor community.
Second, mining cryptocurrency uses a lot of computing power, and relays are not likely to have any to spare (they need to use power to build new circuits and more generally, to do cryptography correctly). So relays should probably not be used to mine cryptocurrency.
Third, mining cryptocurrency inside your own computer, whether this is associated with Tor Browser use or not, is increasingly likely to be noticed by intelligence agencies which monitor in near real time the energy demand from individual households, via the "smart grids" which have been installed in many cities across the world, including Europe, the Americas, and Asia. So I would fear that if Tor users are allowed (or compelled) to mine cryptocurrency while using Tor, the tax authorities might turn up demanding a cut of the e-minted coinage, or the utility might retaliate against people whose Tor use or cryptocurrency mining is inferred from "suspicious patterns" of high demand from the CPUs in their computers.
Good
Good
Any progress on allowing…
Any progress on allowing file:/// links?
The Freedom of Tor Browser 7…
The Freedom of Tor Browser 7.5.1
In Tails 3.6, the add-on, …
In Tails 3.6, the add-on, "Ublock Origin" won't start in the browser. There's no sign of it either, not in extensions list or anything. When I searched through files in a terminal window I noticed remnants of UBo but that's it.
Should I load the .xpi manually into the browser to install it? If not, how may I resolve this issue?
Was wondering if anyone has…
Was wondering if anyone has heard of smart https for tor? Or if anyone has any suggestions on what to do to prevent, remove, incinerate ect. Keyloggers?
TBB 7.5 in Linux Mint never…
TBB 7.5 in Linux Mint never notified of v7.5.1 & I started v7.5 almost daily the last several weeks. For some reason immediately after launching TBB today 3/17/2018, v7.5 checked & notified v7.5.2 was available . Then I saw I'd missed v7.5.1 - which DID apply for Linux users.
Was there a problem w/ update servers or anything that might have prevented it from notifying for v7.5.1? Could be serious for some people.
It'd be a long shot that something on my system changed that prevented TBB checking / showing 7.5.1, but that "something" was corrected & now TBB can again notify of updates.
It's installed in my ~/ directory, so has ability to update - or at very least check for updates. Checking for updates has worked fine in Linux, up until v7.5.1.
The preferences setting is check for updates, but let me choose when to install.
Even though reg. Mozilla Fx & Tbird are installed in root owned partitions, they can still check if updates are available - they just can't automatically install updates; that is, when using manually installed Mozilla's full versions, not the distro's repo versions.
We are not aware of any…
We are not aware of any server issues that could have caused this. If you look at the graph at https://metrics.torproject.org/webstats-tb.html you can see that update pings worked and hundreds of thousands updates to 7.5.1 got downloaded. So, I am not sure what's going on.
ilove tor browser
ilove tor browser
Tor is doing a great job and…
Tor is doing a great job and anything to support the project is worth it. Thanks to you