Tor Browser 7.5.4 is released
Tor Browser 7.5.4 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox.
This release updates Firefox to 52.8.0esr, HTTPS Everywhere to 2018.4.11, and NoScript to 5.1.8.5. In addition, we exempt .onion domains from mixed content warnings, fixed a fingerprinting issue and an issue with localized content.
The full changelog since Tor Browser 7.5.3 is:
- All platforms
- Update Firefox to 52.8.0esr
- Update HTTPS Everywhere to 2018.4.11
- Update NoScript to 5.1.8.5
- Bug 23439: Exempt .onion domains from mixed content warnings
- Bug 22614: Make e10s/non-e10s Tor Browsers indistinguishable
- Bug 22659: Changes to `intl.accept.languages` get overwritten after restart
- Bug 25973: Backport off-by-one fix (bug 1352073)
- Bug 25020: Add a tbb_version.json file
Comments
Please note that the comment area below has been archived.
Thank you! <3
Thank you! <3
Nice.
Nice.
Nice
Nice
Nice
Nice
Nice
Nice
Thank you very much your…
Thank you very much your efficiency is valuable and unique. thanks XXX
your welcome
your welcome
Thank you very much for the…
Thank you very much for the good job!
Thank you! Nice job.
Thank you! Nice job.
Yea.
Yea.
Thank you for development!
Thank you for development!
You are cool.
You are cool.
Very Nice. :3
Very Nice. :3
God bless TOR
God bless TOR
GJ
GJ
When are you going to switch…
When are you going to switch to FF60?
The next alpha should be…
The next alpha should be based on FF60. For the stable series, it should be end of August.
I'm assuming you're going to…
I'm assuming you're going to make the switch when the 50.x ESR series ends and 60.2 ESR comes out. The release of the latter has been pushed from August to September:
https://wiki.mozilla.org/index.php?title=Release_Management%2FCalendar&…
Anyway, thanks for all your work!
Never going beyond FF 56…
Never going beyond FF 56 would be too soon for me. FF57 is when all 'legacy' extensions will cease to work and that will kill off my effectiveness as a full time researcher because vital extensions I need to use constantly are not being recoded to work under FF new ext scheme.
One cannot blame the extension devs because it is one hell of a lot of work to try and implement the full feature set they had in their legacy extensions --and even them most conversions have only partial functionality of the old ones
I love Tor and its devs and have nothing but praise for them and their great work --FF is another story as cosmetics, like rounded tab corners v square tab corners, seem to be more important to them than the functionality needed by power users.
"only partial functionality…
"only partial functionality of the old ones"
noscript, for example.
Mozilla talked about…
Mozilla talked about extending ESR52 support for another year, but, of course, it was a lie!
And later this year, your Tor Browser will turn into a pumpkin automatically! ;-(
it,[Tor] seems much better…
it,[Tor] seems much better now,what is FF60?
Latest release series60>…
Latest release series60> update for Firefox Nightly
COOL!!!
COOL!!!
Hello, how are you? I have…
Hello, how are you? I have always gotten an email regarding updates. This time I didn't. I would rather have the assurance that this is happening officially in an email in future, please. I don't know why this did not happen this time. Not a complaint, just feel safer this way. Thank you.
You should have received one…
You should have received one, if you are subscribed to the tor-announce mailing list:
https://lists.torproject.org/pipermail/tor-announce/2018-May/000156.html
I know I should have …
I know I should have received one 'cause, as I stated, I always have. Do I need to do anything? Thank you so much in advance.
Can you tell Mozilla to no…
Can you tell Mozilla to no longer show that "Your Firefox is out-of-date." warning when I go to their website with Tor Browser it's annoooooying... if user agent = (firefox 52.x or firefox 60.x) & ip == exit node; then don't show that annoying popup
And can you?
And can you?
I wanna thank who everyone…
I wanna thank who everyone that help build the program
User friendly!
User friendly!
Thanks for the work that you…
Thanks for the work that you do. It is greatly appreciated. I will be sure to donate again.
Thanks))
Thanks))
thanks
thanks
is there going to be a new…
is there going to be a new Tor version due to the release of Firefox ESR 60?
Thank you, thank you very…
Thank you, thank you very much for the good job!
This is awesome. What about…
This is awesome. What about Orbot guys?
Muito bom!
Muito bom!
Nice job ! Thanks a lot.
Nice job !
Thanks a lot.
gud job
gud job
Thankyou
Thankyou
Thanks very much . The…
Thanks very much . The browser is great.
I also have notice obfs4…
I also have notice obfs4 bridge doesn't shows which country is anymore
Any news regarding the…
Any news regarding the launch of Tor Browser Bundle for Android?
Orbot/Orfox are pretty much unusable now. I'm constantly blocked by websites that redirect me to Captcha challenges, which are absolutely unsolvable in Orfox, and the current version of Orbot no longer allows you to swipe the onion icon to create a new circuit, forcing you to restart Orbot if you want to change circuit.
An alpha release of Tor…
An alpha release of Tor Browser for Android is planned for later this year, however we don't have a precise date yet.
4931380D7F5AFDFE1AD6E7E98779…
4931380D7F5AFDFE1AD6E7E98779D72B549595B8CBF5B24693C2D178C9DFA2C6
torbrowser-install-7.5.4_en-US.exe correct?
That's correct. You can…
That's correct.
You can check it from this file:
https://dist.torproject.org/torbrowser/7.5.4/sha256sums-signed-build.txt
which is signed by the Tor Browser pgp key:
https://dist.torproject.org/torbrowser/7.5.4/sha256sums-signed-build.tx…
i love you......really....i…
i love you......really....i mean it.....thank you
Scramblesuite is still…
Scramblesuite is still missing for the Mac OS
The customization works nice…
The customization works nice.
Great Job Tor Project...
Keep up the good work folks :-)
Awesome work on the…
Awesome work on the development as per usual guys!
Thanks for everything you…
Thanks for everything you have done for us!
Bug 23439: Exempt .onion…
Many comments on that bug and tickets they link to debate how to treat HTTPS clearnet the same as HTTP onion services, but I don't see a perspective of the consequences from the insecure end. Meaning:
Now that HTTP onion services are treated as secure and now that HTTP onions are exempt from mixed content warnings, then is HTTP onion service traffic recognized and warned as different from HTTP to clearnet? If an HTTP .onion webpage loads content from an HTTP clearnet domain, does Tor Browser still warn about mixed content? Or since they are both HTTP, does the warning not appear?
I think yeah they do warn
I think yeah they do warn
post a new update about the…
post a new update about the new torbirdy along with "that bird."
i that the former post says…
i that the former post says that "Domain Fronting Is Critical to the Open Web" and also i note that the tor project tor browser has enabled the following about:configs
media.getusermedia.screensharing.allowed_domains;
media.getusermedia.screensharing.enabled;true
many many domains sharing and trusted and allowed!
so why not trust them for your other purposes as well?
Why does Tails include an…
Why does Tails include an ancient version of TorBirdy?
Brand new user here, still…
Brand new user here, still working my way around. I am not as technologically-inclined like a lot of you are, so I hope to get lots of tips on how to properly use TOR.
Welcome to the club! Good…
Welcome to the club!
Good advice on using Tor Browser wisely:
https://www.torproject.org/download/download-easy.html.en#warning
Advice on using Tails wisely:
https://tails.boum.org/doc/index.en.html
If you want help trying to explain to your friends why privacy matters, some of the best books I have read which explain why ordinary citizens need Tor are:
Julia Angwin, Dragnet Nation, 2014
Daniel J. Solove, Nothing to Hide, Yale U Press, 2011
Cathy O'Neill, Weapons of Math Destruction, Crown, 2016
Jennifer Granick, American Spies, Cambridge U Press, 2017
Virginia Eubanks, Automating Inequality, St Martin's Press, 2017
Cyrus Farivar, Habeus Data, Melville House, 2018
In coming months, look for upcoming stories (unless USIC kills them) on how US National Labs have constructed supercomputer models in which every USPER is individually modeled, along with their relations to family, friends, and coworkers. These models are built using USG and private databases holding information on education, employment, finances, health, travel, local government interactions, social media, &c. The models are run, tweaked by some possible government action, then rerun to see which alternative most increases the government's self-defined "utility value". This is, rather literally, surveillance of The People by the Government for the Good of the Government and against the Good of the People. Anything you (or your family or friends) say or do today can be used against you decades into the future. This is what Snowden is talking about when he uses the apt term "databases of ruin".
These population control supercomputer modeling programs were one of USG's most closely guarded secrets for decades, but former LANL scientists are finally beginning to hint in interviews with major news organizations what they have been doing, starting with modeling which might appear "benign" or even beneficial:
wired.com
Scientists Know How You’ll Respond to Nuclear War—and They Have a Plan
Using an unprecedented level of data from more than 40 different sources, resear
chers can now make synthetic populations of entire cities.
Megan Molteni
13 Feb 2018
Much of this work has been done under cover of "traffic engineering" (no joking). The people who do this work know very well that this is merely a cover for much nastier modeling. Think "predictive policing" on steroids.
Another leader in this is China, which is doing it openly. Joseph Stalin would have loved this technology.
Perfect!
Perfect!
Thanks your jobs !
Thanks your jobs !
THX a lot !!!
THX a lot !!!
thanks j00
thanks j00
None of my Obfs bridges work…
None of my Obfs bridges work anymore with Tails 3.7. They did work with Tails 3.6.2. Don't know if this is a Tor issue, Tor Browser issue or a Tails issue.
You could narrow the problem…
You could narrow the problem down by testing a vanilla Tor Browser downloaded from our website. Let us know how it goes so that we can look further into this bug.
In Linux, Ubunutu with Mate…
In Linux, Ubunutu 17.04 with Mate Desktop, Tor browser bundle leaves opened files that prevents of unmounting encrypted files. I have to find them with lsof and kill the processes. I've noticed that all of them are related with gvfsd.
Thanks for the great work.
Could that be https://trac…
Could that be https://trac.torproject.org/projects/tor/ticket/10607 or are you seeing something else?
Thank you.. I am not very…
Thank you.. I am not very computer literate, but really like this anonymous, and not being traced on the web. Thank you for the time, and effort that it takes to continue this.
The following info seems bl*…
The following info seems bl**dy diabolical!... I hope Tor, Mozilla and Firefox can address it...
.
https://www.popularmechanics.com/technology/a19734094/clever-technique-…
I don't understand your…
I don't understand your concern. Suppressing steganoography would be much like suppressing encryption itself--- hiding the fact, content, and destination of traffic is what Tor products are all about, so it doesn't really make sense to complain to Tor Project about steganography.
The article describes a long used method of steganography, which is useful for activists and endangered dissidents who live in repressive nations. It also mentions digital watermarking, which can be used by activists for good purposes as well as by censorship-enabling companies such as Forensicon for (apparently) bad purposes. In short, like everything else, software cannot know who is using it and why. Sometimes the bad guys use good things for bad purposes--- that's life.
In any event, I very much doubt Tor Project can "do something" about the use of steganography even if anyone wanted to do that.
Here Here for Orbot Captcha…
Here Here for Orbot Captcha hell...
I am here now because I have Tor on 3 windows lappies and when I accept the 7.5.4 update all of them give a ("general SOCKS server failure") I have a good copy of 7.5.3 and have reverted back on all 3 and they connect fine...
Not a complaint just an observation...
Keep up the necessary good work for the fight for anonymity...
Could that be that an old…
Could that be that an old Tor is not properly shut down during the update? Could you make sure that no Tor is running anymore and then install a fresh, new Tor Browser 7.5.4 to a different location and check whether that solves your problem?
How can i donate to the…
How can i donate to the cauze?
Thanks a lot.
Thanks a lot.
Nice!
Nice!
I don't know much about HTML…
I don't know much about HTML code, JavaScript, Scores of Languages or Linux operating systems but I feel as though computers might be my thing. Yeah.... a paradox. But I'm looking into going to college for IT next year and I would like to volunteer for Tor Browser. So any advice, tips, tricks, or special invitations to help me out?
You are welcome! What do you…
You are welcome! What do you want to work on or volunteering with? We have all sorts of things we need help with, thus I am pretty optimistic we have something for you as well. :)
Here is one piece of advice:…
Here is one piece of advice: get to know The Enemy. This is a project to work on over the next few months, not a easy path but I think essential for anyone who wants to work for Tor Project.
You should probably begin by downloading all the published Snowden links, ANT catalog, SpyFiles catalog, etc. before the end of Net Neutrality (11 Jun 2018) just to be sure you will be able to read them when you know enough to understand them. Then you can start reading the following links (roughly prioritized from easy/short/recent to technical/lengthy/dated):
Up to date and readable outline of the basic issues:
https://theyarewatching.org/
Dated but easy reading (WARNING: dodgy cert):
https://www.aclu.org/issues/privacy-technology/surveillance-technologies
A bit more technical, somewhat dated:
https://ssd.eff.org/
Excellent source for latest information on surveillance-as-a-service companies:
https://citizenlab.ca/
Good advice from Micah Lee:
https://theintercept.com/2016/11/12/surveillance-self-defense-against-t…
Fabulous compendium of surveillance-as-a-service companies and their products:
https://theintercept.com/surveillance-catalogue/
Another excellent source of information on surveillance-as-a-service-companies:
https://wikileaks.org/The-Spyfiles
Searchable index of the leaked emails from defunct spyco HB Gary Federal:
https://www.wikileaks.org/hbgary-emails/?q=&mfrom=&mto=&title=¬itle=…
Leaked newsletters from a spyco: Stratfor:
https://search.wikileaks.org/gifiles/
The best source of information on NSA surveillance (highly technical):
https://www.eff.org/nsa-spying/nsadocs
(Read Jennifer Granick's book American Spies for some help understanding Snowden leaks.)
The ANT catalog, the most important post-Snowden leak (includes copies of original NSA docs):
https://en.wikipedia.org/wiki/NSA_ANT_catalog
Information on CIA cyberespionage (technical and at the center of political controversy in USA):
https://wikileaks.org/vault7/
Excellent source of information on the revolving door between US miltary/USIC and spycos:
https://icwatch.wikileaks.org/search?action=index&controller=search&doc…
Dated but invaluble (WARNING: not an https site?)
http://projects.washingtonpost.com/top-secret-america/
(Many of the companies named have merged or changed names.)
The Intercept (theintercept.com) regularly publish stories on surveillance mercenaries, private security forces like BlackSwan, police misconduct around the world. The Guardian (theguardian.com) has published many important stories on outrageous infiltration by UK police of EU peace/environmental groups and extralegal killings of environmentalists and reporters. Human Rights Watch (hrw.org), Amnesty (amesty.org), Reporters without Borders (rsf.org) are excellent sources of information upon current human rights abuses, very few of which are covered by most major US/EU newspapers.
Years ago, Bloomberg News published many good articles on spycos, for example:
https://www.bloomberg.com/news/articles/2012-08-29/spyware-matching-fin…
But they appear to have removed their index to these stories after it was revealed the company was routinely spying on its own reporters.
Tor 7.5.4 hangs even worse…
Tor 7.5.4 hangs even worse than the past 2 versions e.g.
tripadvisor.com
vrbo.com
flipkey.com
suddenlink.com
nationwide.com
usps.com
Unusable.
What do you mean with "hangs…
What do you mean with "hangs"? Do you use a default Tor Browser or do you have customized it somehow? On which operating system does this happen?
99% sure that's because…
99% sure that's because https://blog.torproject.org/comment/275242#comment-275242
very good
very good
thank you for critical…
thank you for critical update.
we love you...
best regards
Nice
Nice
Thank you for your ongoing…
Thank you for your ongoing work. You help create as much liberty as we can experience in these times.
Donation in transit.
Health, happiness and prosperity to you and yours
Thanks!
Thanks!
Congratulation pour ce…
Congratulation pour ce travail qui participe au bien de tous.
One thing I have noticed…
One thing I have noticed that has arisen in 7.5.4 is that the entry (first country listed) circuit is static and cannot / will not change even when requested.
In one install I am forced to use United States.
In another install (yes, both 7.5.4) I am forced to use Switzerland.
In both cases the other two (second and third) circuits will change, but the first - never.
This is a Windows browser. Thanks.
That's not new and is in…
That's not new and is in fact a feature to prevent certain attacks on Tor. See: https://www.torproject.org/docs/faq.html.en#EntryGuards.
Thanks for the reply, gk. …
Thanks for the reply, gk.
And of course infinite thanks also to all the fine people who work on this project.
In this ver. my system hangs…
In this ver. my windows system hangs and i have to downgrade to ver. 7.5.3 :(
What does "hangs" mean? When…
What does "hangs" mean? When does this happen? On particular web sites? If so, on which? Which Windows version are you using? Do you have an antivirus/firewall software that could interefere with Tor Browser? If so, which one?
upgrade to Firefox Quantum…
upgrade to Firefox Quantum bitch
Thank you so very much for…
Thank you so very much for your constant great work. It is absolutely essential to have TOR available. I can not stress out how important it is.
So, thank you for your fantastic work.
In TBB media.gmp is off. How…
In TBB media.gmp is off.
How can i switch off this s..t in vanilla Firefox?
I have turn off all media.gmp but nevertheless FF is downloading
.dll in profile-directory 'gmp-gmpopenh264'.
First FSecure has discovered…
First FSecure has discovered AccessibleMarshal.dll as an "unwanted app" and blocked it.
https://www.f-secure.com/sw-desc/pua_w32_app_online.shtml
Then moments later FSecure discovered that it contained a "trojan" and deleted it.
https://www.f-secure.com/v-descs/trojan.shtml
Nice work thank I.T.
Nice work thank I.T.
I have a question similar to…
I have a question similar to one asked by a couple of Tor users under 7.5.3 but never answered.
I have noticed that occasionally when I switch between pages of the same web-site, the guard node changes. Why is this?
Why is the ‘new’ guard node trying to ‘muscle in’?
Please let me and the users from 7.5.3 know.
Thanks for all your work.
thanks
thanks
I just downloaded the Tor…
I just downloaded the Tor browser! Thanks for the update!
Cool!!
Cool!!
Yes Thank You very much. It…
Yes Thank You very much. It's nice to feel safe while on the net. I don't if I am not using TOR.
Wow, thanks
Wow, thanks
hahaha i love it much..
hahaha i love it much..
thanks for antifilter
thanks for antifilter
If you use bookmarks in the…
If you use bookmarks in the Tor Browser such as RSS feeds is it possible to deanonymize yourself if you have the same RSS feeds in a non-tor browser. I notice that the tor browser loads information from all the feeds when I click on the folder containing the feeds in the onion circuits.
Ran the update: now it won't…
Ran the update: now it won't load. If I set it for China, it opens in firefox, but when I type, nothing...blocked?
thanks guys :)
thanks guys :)
Thanks for all of your hard…
Thanks for all of your hard work...it's appreciated!
What's with the wack-a-mole…
What's with the wack-a-mole every time I try to access the Tor network?
In about:config "false"…
In about:config "false" value need to be set as default in next version for:
browser.taskbar.lists.frequent.enabled
browser.taskbar.lists.enabled
These two settings are actually allowing anyone who has access on PC where Tor is installed to run it, and with simple right click on taskbar icon of Tor Browser Bundle to see frequently visited web sites via Tor which actually acts as some kind of “View History” what definitely is flaw from privacy point of view.
Is it possible to choose the…
Is it possible to choose the first guard connection in TOR? Since sites have the capability to know all the exit nodes of Tor it would be a good feature to choose the first entry point into Tor circuit.
Thank you for contributing…
Thank you for contributing to our online privacy. The amazing improvements make such a noticeable difference to the protection you provide - especially during the past 12 months. Your service to the community is admirable.
Why has Tor become so slow?
Why has Tor become so slow?
Meltdown/Spectre strikes…
Meltdown/Spectre strikes again!
CVE-2018-3639 (Speculative Store Bypass) Spectre V4
CVE-2018-3640 (Rogue System Register Read) Spectre V3a
Do these affect Tor?
Good Job!
Good Job!
Checking it out
Checking it out
The web site https://www…
The web site https://www.pethealthinc.com/ always shows
"The requested service is temporarily unavailable. It is either overloaded or under maintenance. Please try later."
Even when I try new circuit
muchas gracias
muchas gracias
you people are great! you…
you people are great! you are making it possible for people to use the internet how it was intended to be used. I love what you're about. please i beg you don't give up . keep fighting the good fight.
thank you all very much ,
sincerely, Joe Stein
thank u so much for this…
thank u so much for this action :)
спасибо!
спасибо!
Thanks!!
Thanks!!
Well done TOR browser
Well done TOR browser
alles super
alles super