Tor Browser 7.5.2 is released
Tor Browser 7.5.2 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox.
Note: Users of the Tor Browser alpha series are strongly encouraged to use the stable series while we are preparing a new alpha release.
The full changelog since Tor Browser 7.5.1 is:
- All platforms
- Update Firefox to 52.7.2esr
Comments
Please note that the comment area below has been archived.
I need the link to a hidden…
I need the link to a hidden wiki
anyone have?
Use an onion search engine,…
Use an onion search engine, like http://msydqstlz2kzerdg.onion/ (https://ahmia.fi/).
I want to know how to browse…
I want to know how to browse the web anonymously
The easiest answer is …
The easiest answer is "install and use Tor Browser"--- the latest version, for the appropriate architecture (e.g. Windows, Linux) obtained from www.torproject.org.
For more privacy protections, you may want to consider using Tails:
https://tails.boum.org/about/index.en.html
Tails will enable you to browse the web anonymously:
https://tails.boum.org/doc/anonymous_internet/Tor_Browser/index.en.html
Within limits:
https://tails.boum.org/doc/about/warning/index.en.html
You can't. Tor provides no…
You can't. Tor provides no protection against global adversaries, but USA, People's Republic of China and other govenments are global adversaries because of MLATs and CLOUD. Say thank to Trump and the Congress.
What about spectre and…
What about spectre and meltdown?
Tor Project products such as…
Tor Project products, such as Tor Browser, cannot by themselves protect against flaws in your operating system, much less hardware vulnerabilities such as speculative execution.
If you are concerned about Spectre/Meltdown, good, and you may want to consider using Tails, which uses Tor Browser but has further protections; see
tails.boum.org
Tails Project is independent of Tor Project but allied with it.
The current version of Tails is hardened against some Spectre attacks and should be immune to known Meltdown attacks. It is not currently possible, and may never be possible, to be completely protected from Spectre attacks, for reasons discussed in previous comments in this blog.
Tor Browser, cannot by…
Actually, Retpoline does just that. Firefox was going to compile with Retpoline, but since Tor has its own build of Firefox, it would be great to hear that Retpoline is definitely enabled in the build target.
False overparanoid hype and…
False overparanoid hype and fearmongering as usual.
This version freezes and…
This version freezes and crashes instantly in Windows 10.
What does "instantly" mean?…
What does "instantly" mean? Just after trying to start Tor Browser? Or once you start surfing? I suspect your local AV/Firewall software does not like the new version. Could you try removing it and see whether it fixes your problem? Which previous version did work for you?
Very good!!!
Very good!!!
super bien
super bien
esta aplicacion esta super…
esta aplicacion esta super buena
Thanks,…
Thanks,
what so I do now you have told me re update?
Rob
Follow the first link in the…
Follow the first link in the post to the Tor Project download page, download the new version of Tor Browser, verify the file, unpack it, and surf! Feel free to flip the bird in the general direction of Cambridge Analytica.
Thanks for allowing comments…
Thanks for allowing comments, but where are the details about this vulnerability?
"Users of higher security levels are not affected", "do not allow ogg/vorbis" and so on?
We did not have time to…
We did not have time to analyze the implications for Tor Browser and don't have access to the PoC. So, it's hard to say something which is constructive at this point. That's the reason behind just saying: "Update!".
[Edit: I got told that setting
media.ogg.enabled
tofalse
would make sure the vulnerable code would not have been triggered. It's not clear yet whether settingmedia.webaudio.enabled
tofalse
, which is possible with the security slider, would have helped as well.]Okay. The most decent…
Okay. The most decent solution "Automatic updates" eliminates the need to even say "Update!" :) But is there some place where you publish (later) the results of analysis of effectiveness of the measures taken in Tor Browser (ssp, selfrando, etc)?
[Edit: I got told that…
https://trac.torproject.org/projects/tor/ticket/21601
Good point.
Good point.
Would've Selfrando helped…
Would've Selfrando helped with this?
Probably not. The underlying…
Probably not. The underlying flaw would still have been there and adapting the exploit would not have been that hard.
Sorry for a simple question…
Sorry for a simple question. I'm no security expert. Does 'Ghostery' work with Tor? If so, does it work well or ok? cheers.
Don't install it, it will…
Don't install it, it will alter your browser fingerprint.
Tor Project recommendation —…
Tor Project recommendation — Don't enable or install browser plugins. Tor Browser will block browser plugins such as Flash, RealPlayer, Quicktime, and others: they can be manipulated into revealing your IP address. Similarly, do not install additional addons or plugins into Tor Browser, as these may bypass Tor or otherwise harm your anonymity and privacy: https://www.torproject.org/download/download-easy.html.en#warning
So you should only have the…
So you should only have the three browser plugins with Tor, HTTPS, Torbutton and TorLauncer? cheers
Is the above correct? …
Is the above correct? Should you only have those three browser plugins? Thank you.
Plus Noscript.
Plus Noscript.
This work on window 81 !…
This work on window 81 !
An perfect!
i m new to this. how does it…
i m new to this. how does it work.
Watch Youtube. It can…
Watch Youtube. It can explain everything
It's simple, assuming you…
It's simple, assuming you want to use Tor Browser to surf the internet anonymously:
1. download Tor Browser from https://www.torproject.org/download/download-easy.html.en
2. verify the file (a tarball)
3. unpack the tarball on your computer using your regular OS
4. use the provide startup script to start Tor Browser
5. surf!
You should probably read a bit about how to use Tor Browser wisely before you do too much surfing, though:
https://www.torproject.org/download/download-easy.html.en#warning
Ideally you should also read a bit about how the Tor network (including the underlying Tor client/server software) works:
https://www.torproject.org/about/overview.html.en#thesolution
You may also want to consider using Tails for additional protections. But Tails, much less Tor Browser, cannot protect you against some threats:
https://tails.boum.org/doc/about/warning/index.en.html
@ Tor Project: the OP asked a FAQ. Why is there no one document easily found in the Tor Project site which answers it?
Good question. I am actually…
Good question. I am actually not sure whether we have an entry in the FAQ for the question or not as I am not sure what is meant by "How does it work?". But, yes, once we figured that out and the FAQ does indeed not contain it we should add an entry.
Very cool! And thanks for…
Very cool! And thanks for all your work on Tor!
Awesome work guys …
Awesome work guys ... however stuff synching is not working
Keep on rocking in the free…
Thank you for your work. Keep on rocking in the free world!
is very good!!!!…
is very good!!!!
Thank you for your work
any update on mobile Tor…
any update on mobile Tor Browser?
We plan to help the …
We plan to help the Guardian Project getting an updated Orfox out in the coming days. And meanwhile we are continuing to work on getting Tor Browser for Android into shape. The first alpha is planned for July, so stay tuned.
great job people!
great job people!
good
good
I use "tor".so my ISP could…
I use "tor".so my ISP could save my site witch i visited?
No, the ISP is only seeing…
No, the ISP is only seeing that you are using Tor but nothing more.
I hope the following…
I hope the following explainer will help, in which <--> means unencrypted data link and <==> means encrypted data link.
Ordinary websurfing with a browser other than Tor Browser works like this:
DNS.server <--> your.computer <--> your.ISP <--> some.website
Websurfing with Tor Browser works like this:
your.computer <==> your.ISP <==> entry.node <==> middle.node <==> exit.node <--> http.site
your.computer <==> your.ISP <==> entry.node <==> middle.node <==> exit.node <==> https.site
Details:
The Tor network consists of entry, middle, exit nodes, and special servers called Directory Authorities.
The Tor circuit entry <==> middle <==> exit is triply encrypted. Middle node knows IP of entry and exit, but exit node and entry node do not know each other's identity. The encryption is stripped off in layers by the next node in the circuit, as packets traverse the Tor network. Hence the term "onion routing", which is the core concept characterizing Tor.
The identity of exit nodes and some entry/middle nodes is public information. Nonpublished entry nodes are bridges, which can afford additional anonymity and censorship-resistance. There are various kinds of bridges, some especially designed to resist very censorious governmental monitoring.
When you first join the Tor network using Tor Browser, your computer contacts a Directory Authority via an encrypted connection, to get current information on which Tor nodes are operating, so your ISP can see that you are using Tor. Unless, possibly, if you use a bridge (because bridges are not publicly associated with Tor) to try to join the Tor network.
The exit node in a Tor circuit must contact a DNS server (via unencrypted data link) to locate the IP of the website you type into Tor Browser's location pane, but since it doesn't know your real IP, neither does the operator of the DNS server, nor the operator of the website you are visiting.
Tor Browser is a fully functional browser based on Mozilla Firefox, but carefully tailored to maximize anonymity via the Tor network.
Tor Project offers various other software in addition to Tor Browser. All of them use the underlying client/server Tor software and are open source and free to the public.
"Onions" are bit more complicated and offer additional protections for people who need to publish information anonymously.
Other names: "entry guard" = entry node, "relay" = entry/middle node, "hidden service" = onion.
excellent
excellent
How can I send bitcoin to you
How can I send bitcoin to you
После обновления не на все…
После обновления не на все сайты входит. Что то перемудрили похоже.
I am just getting started…
I am just getting started again, it has been a year or so since I have been here, just updating everything. Have a peaceful day...
Hi guys - After upgrading to…
Hi guys - After upgrading to 7.5.2, Tor always insists on connecting to the UK as its first relay node, no matter how many times I try a different circuit.
Has anyone experienced this, and what's up with it?
> Tor always insists on…
> Tor always insists on connecting to the UK as its first relay node, no matter how many times I try a different circuit.
Assuming you live in the UK, that sounds like how entry guards are supposed to work. (The first node in a Tor circuit is called an entry guard.) Your Tor client is supposed to choose two and stick with them for some time--- I forget how long exactly, but several months. Each new circuit should use new relay and exit nodes (second and third nodes). Your Tor client should try to choose an exit node "near" your destination website, so if that is in a country with few nodes, you might see the same exit node more often than you might desire.
The entry node business might sound like it weakens anonymity, but actually it is intended to strengthen your anonymity against certain kinds of de-anonymization attacks. IIRC, arma discussed the math behind this a few years ago. AFAIK, choosing the number of entry guards and the length of time to stick with those is subject to review as new information becomes available about how the bad guys (government agencies) are trying to mess with the Tor network.
Hi... thanks for the…
Hi... thanks for the response. If that was the case, why is it that v7.5.1 (and all the other versions I've been using) do not work that way? For example, now I am on 7.5.1 and my circuit shows as 'This browser - Netherlands - Russia - Germany - Internet'. If I were to change circuit it would show different countries but it would not stick to the UK, hope my question makes sense.
Say whaat? Someone claimed…
Say whaat? Someone claimed
> Tor always insists on connecting to the UK as its first relay node, no matter how many times I try a different circuit
and now you (I presume you are the OP) say
> my circuit shows as 'This browser - Netherlands - Russia - Germany - Internet'. If I were to change circuit it would show different countries but it would not stick to the UK
Netherlands? So not the UK after all?
Please explain:
1. how Tor Browser is behaving on your computer
2. what you want it to do instead
> hope my question makes sense
Not yet.
NoScript and TorButton both,…
NoScript and TorButton both, in about:addons, say: "Last Updated January 1, 2000"
I'm sure that's done for…
I'm sure that's done for reproducibility (the time stamps all get set to some fixed value, so that anybody else who compiles the Tor browser is able to produce a file that is 100% identical to the file that is released by Tor.)
It would be better to have these time stamps set to something sensible like the browser release date, or maybe just to hide the time stamps completely, but that would take more work and I'm sure this is a low priority for the developers. Having a reproducible binary is more important than fixing the appearance of an internal user interface (about:addons) that users shouldn't normally be messing with anyway.
Yes, we have an old ticket…
Yes, we have an old ticket for that https://trac.torproject.org/projects/tor/ticket/11506 but did not have time to implement a good solution yet. Help is appreciated!
very good
very good
Major problems with UBlock…
Major problems with UBlock Origin after installing in this TB release.
Tor Browser 7.5.2 seems to…
Tor Browser 7.5.2 seems to be working fine under Debian stretch on my computer!
Thanks to everyone for providing Tor! Your work is much appreciated.3
The Android phone has a…
The Android phone has a global setting which allows connection through the country of choice. Is the Desktop version going to have this capability?
No. We think that this might…
No. We think that this might risk your anonymity in serious ways and just rely on tor's path selection.
I have LastPass, a password…
I have LastPass, a password vault. Can I add that as an add-in?
yes. tor browser is…
yes. tor browser is supporting too many firefox extention.
What is the ETA of 64-bit…
What is the ETA of 64-bit Windows builds?
Memory corruption vulnerabilities are easier to exploit in 32-bit applications because of the limited address space.
We still need to iron out…
We still need to iron out some bugs in our 64bit bundles but plan to make them available to stable users with the switch to Firefox 60 ESR which is going to happen later this year, in August.
You shits STILL haven't…
You shits STILL haven't fixed this?!?
When initially starting, torbrowser allows several sites to install spyware:
addons.mozilla.org
testpilot.firefox.com
you can disallow them using
Edit > Preferences > Security > Exceptions > Remove All Sites
There is no any reason for these to be allowed unless torbrowser sucking GCHQ dick.
When restart these spyware sites are re-allowed!!!
This issue was reported several versions ago. Why is it still here?
GCHQ did not find alternative backdoor????
Is torbrowser SPYWARE????
So this is how you win…
So this is how you win friends and influence people? How's that working out?
In current version of TB, I…
In current version of TB, I see this in one of the torrc configs:
## snowflake configuration
ClientTransportPlugin snowflake exec ./TorBrowser/Tor/PluggableTransports/snowflake-client -url https://snowflake-reg.appspot.com/ -front www.google.com -ice stun:stun.l.google.com:19302
This is new to me, what exactly is it? I'm running as a Tor client only.
Which version are you using…
Which version are you using on which system? This is a new pluggable transport we are currently testing in our *alpha* series and which is available for macOS and Linux.
Hey i love tor browser. just…
Hey i love tor browser. just to let you know xD
Can anybody tell me why,…
Can anybody tell me why, since the update, every time I have closed TOR and then try to launch the next day, I keep getting this:
UNABLE TO START TOR
FAILED TO GET HASHED PASSWORD
So far, the only way I get TOR back is to re-install.
Any help for this?
Have you checked whether you…
Have you checked whether you still have a Tor process running in your background? It might be the case that is not shut down properly for whatever reason once you close Tor Browser.
I have an older version…
I have an older version. Should I just delete that directory and install the new version, or is another method of upgrading recommended?
Depends on how old your…
Depends on how old your version is. The recommended version is to use the Tor Browser updater. It should download an update automatically. If, however, your Tor Browser is too old for that then, yes, grabbing a new version from our website and starting over is the best solution.
is everybody can run a node?…
is everybody can run a node?
do you know any video teaching