Tor Browser 7.0.4 is released
Tor Browser 7.0.4 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox.
A lot of Tor Browser components have been updated in this release. Apart from the usual Firefox update (to 52.3.0esr) we include a new Tor stable release (0.3.0.10) + an updated HTTPS-Everywhere (5.2.21) and NoScript (5.0.8.1).
In this new release we continue to fix regressions that happened due to the transition to Firefox 52. Most notably, we avoid the scary warnings popping up when entering passwords on .onion sites without a TLS certificate (bug 21321). Handling of our default start page (about:tor) has improved, too, so that using the searchbox on it is working again and it does no longer need enhanced privileges in order to function.
The full changelog since Tor Browser 7.0.2 (for Linux since Tor Browser 7.0.3) is:
- All Platforms
- Update Firefox to 52.3.0esr
- Update Tor to 0.3.0.10
- Update Torbutton to 1.9.7.5
- Update Tor Launcher to 0.2.12.3
- Bug 22592: Default bridge settings are not removed
- Translations update
- Update HTTPS-Everywhere to 5.2.21
- Update NoScript to 5.0.8.1
- Bug 21321: Exempt .onions from HTTP related security warnings
- Bug 22073: Disable GetAddons option on addons page
- Bug 22884: Fix broken about:tor page on higher security levels
- Windows
- OS X
- Bug 22829: Remove default obfs4 bridge riemann.
Comments
Please note that the comment area below has been archived.
Just wanted to share my…
Just wanted to share my gratitude for keeping with the Firefox release cycle. Over these past few years, I've deeply appreciated the team's sync to avoid TBB users using known-outdated firefox code!
Thanks for these kind words…
Thanks for these kind words. Really appreciated.
Very true…
Very true.
Tor Browser is really an amazing product, and I wish everyone were using it.
Minor bug: in the "Help"…
Minor bug: in the "Help" menu there is a clickable empty line under "About Tor Browser"
Yes, thanks. This is https:/…
Yes, thanks. This is https://trac.torproject.org/projects/tor/ticket/22942.
more than any other kangaroo…
more than any other kangaroo.
H0w d0 I c0nfigure Wget f0r…
H0w d0 I c0nfigure Wget f0r use with the t0r br0wser bundle? please, i'm starving 0ut here and need s()me fast f00d via Wget!
It's much simpler to use…
It's much simpler to use system tor for that.
# apt-get install tor
# apt-get install torsocks
$ torsocks wget 'URL'
+ add iptables rules to block tor's bypassing and DNS.
yes, system tor is the way…
yes, system tor is the way to go, but if you aren't on a system where it is easily installable (or you are, but you don't have root) you can easily tell programs that support SOCKS to use the Tor Browser Bundle's tor process (its SocksPort is listening on port 9150 instead of the 9050 that system tor uses).
Unfortunately wget doesn't seem to support SOCKS, so, if you can't use torsocks (which makes wget or most any other TCP program use socks automatically) maybe you can use curl instead of wget? Just tell curl --proxy socks5://localhost:9150 and it will use your tbb tor. HTH,HAND,LLAP
thanks! ps- i love pandas.
thanks!
ps- i love pandas.
Could you please link to a…
Could you please link to a tutorial document that covers step 4:
"+ add iptables rules to block tor's bypassing and DNS.".
Many heartfelt thanks to all…
Many heartfelt thanks to all the Tor devs! I shudder to think where we would be without all of you and all the great things you have since years now!!!
Tor Browser 7.5a4 and Tor…
Tor Browser 7.5a4 and Tor Browser 7.0.4 both released on Aug 8 2017. There is probably a simple answer to this which as yet I do not know. Why both and or what is the difference.
When I use https://sedvblmbog.tudasnich.de/download/download it shows 7.0.4 which I am using. Is this the stable, or whatever, version and 7.5a4 is not? Sorry if I do not know the basics. Thank you.
Regards
What most people want to use…
What most people want to use is version 7.0.4 which is the stable version.
The 7.5a4 version is an alpha version (as all versions which have an 'a' in their version number). It contains experimental features that have not yet been tested enough to be included in the stable release. You can use this version if you want to see new features earlier, or want to help us at finding bugs.
Thank you.
Thank you.
Thanks for another release!…
Thanks for another release! Can I know when (roughly) will windows users get content sandboxing in TB? :)
Good question. This is one…
Good question. This is one of our top priorities and tricky to get done. I hope we have something to test in the next alpha. If it will already be content sandboxing or just sandboxing without having the content covered yet I don't know. https://trac.torproject.org/projects/tor/ticket/16010 is the bug to follow in case you are interested.
wäre schön das die…
wäre schön das die Übersetzung auf deutsch ist wenn man schon eine deutsche Installation hat !
Which translation are you…
Which translation are you talking about?
Many thanks to all of you…
Many thanks to all of you who create this browser.
Finally!I was beginning to…
Finally!I was beginning to wonder about the warning on pwrds on onion sites.Caused some very worrying searching for a reason.Figured it out,but still had that little nagging doubt.
do you know why everytime…
do you know why everytime the Atlas is used, this pops up?
"No Results found!
No Tor relays or bridges matched your query :("
Hello,…
Hello,
Thank you for reporting this issue. We have opened a ticket on our bug tracker at https://trac.torproject.org/projects/tor/ticket/23156.
Are you allowing (or temp…
Are you allowing (or temp allowing) scripts? Or, do you have 'bridge' enabled in Tor settings... but have invalid or outdated Bridges? those are the first two causes that come to mind...
Hi…
Hi
have involuntarily/automatically updated to 7.04
Now there is no more sound in webpages. Have tested it with various youtube and other sources. A very small bar in the top area of the browser content area tells 'to play audio you may need to install the required pulseaudio software'
???
my os is debian 7 32bit
Yes, Firefox 52 is not…
Yes, Firefox 52 (which Tor Browser 7 is based on) is not working anymore without Pulseaudio. This has been a deliberate decision made by Mozilla. You can find more information about that in https://bugzilla.mozilla.org/show_bug.cgi?id=1345661.
It was already discussed in…
It was already discussed in comments for previous 7.x TBB releases. It's quite simple solution, AFAIR. Namely, you need to recompile TBB enabling ALSA again. Mozilla didn't remove ALSA code, they just disabled ALSA flag. Why don't you recompile it with ALSA support? Instructions were posted in long discussion in Mozilla bugreport list.
Because that code is…
Because that code is unmaintained and nobody is tracking security issues and providing bugfixes once they show up.
Thanks for that hint. As a…
Thanks for that hint. As a last resort I'll try that way.
A minute ago I wrote, that pulseaudio is installed and running.
ALSA is installed too but not running
(forgive: I'm an average 70% knowledge user and not so much into the details)
a.t.m. my quick n dirty solution would be to use tor browser 6.5.2 in case I 'have to' see a video
.. normally I do not see any videos at all :)
greetings
a.t.m. my quick n dirty…
a.t.m. my quick n dirty solution would be to use tor browser 6.5.2 in case I 'have to' see a video
Well, this is my case too. I spent about 1 hour trying to get PA running on my customized Debian, but failed. Mozilla forces us to use vulnerable and outdated version of the browser. Since it runs in VM, it is relatively safe. However, it is still not good solution, at least, from the point of anonymity. Anybody using special version of outdated TBB is well seen among TBB users.
(I came up with this topic)…
(I came up with this topic)
Yes, I've been reading a lot today about that topic.
BUT:
in my standaard debian 7 system (nothing tuned or experimented with)
pulseaudio is installed (have never cared about it) and has probably been installed since a year
pulseaudio is running (can see it in ps)
standard firefox esr (non-tor) which is 52.2.0 delivers video _with_sound
btw. my old torbrowser 6.5.2 (don't kill me, it's just my in_case backup) delivers video with sound
What I've read in various mozilla discussions people made it a hot topic alsa vs. pulseaudio
and the general hint was 'install pulseaudio and problems will be gone'
But I do have it installed and it's running...
Any ideas or help?
thanks and greetings
Are you getting the Firefox…
Are you getting the Firefox directly from Debian or have you been testing the one from Mozilla? I am asking because Debian compiles it with
--enable-alsa
. (You can check the build flags by openingabout:buildflags
in your browser)So, Debian people don't…
So, Debian people don't afraid your argument:
Because that code is unmaintained and nobody is tracking security issues and providing bugfixes once they show up.
and recompiled it. I think user database behind Debian fork of Mozilla is much higher than amount of TBB users.
Well, I understand that it is simpler to take upstream version and do not care about sound issues, but the far perspectives of this approach are bad. What will be the next? Will I have to install systemd to get TBB working? Will I have to migrate to Ubuntu spyware to use tor browser? Tor Project has already forked firefox to apply special patches, so supporting of that ALSA code (it wasn't disabled because of bugs, but because of "make life easier for devs"!) would not be so exceptional thing in general.
The non tor firefox is…
The non tor firefox is directly from debian (deb 7 stable)
about:buildflags results in an error. have found elsewhere about:buildconfig which I think is what you meant.
FF ESR 52.2.0 32bit has the compile flag --enable-alsa
Tor Browser 7.0.4 (based on FF 52.3.0) (32-bit) does not
So probably the debian people had mercy/were friendly or how ever to name it.
The different behaviour of two 52.x firefoxes can be seen as solved.
Though strange that while FF playing sounds I do not see ALSA in processlist.
Still not clear, why no sound in tb 7.04 though pulseaudio installed and running.
For the secondbest solution, I have downloaded tb 7.03 (which played sounds) and will use that - forbidding it to update - til I find a way to make tb 7.04 produce sounds.
thanks and greetings
Wait are you saying that…
Wait are you saying that only 7.0.4 is affected but earlier 7.x versions are working? Looking at our changelog nothing comes to mind that could have caused this. Could you try whether the problems exists with Firefox versions provided from Mozilla as well?
https://ftp.mozilla.org/pub/firefox/releases/52.3.0esr/ has the one 7.0.4 is based on and
https://ftp.mozilla.org/pub/firefox/releases/52.2.0esr/ has the one 7.0.3 is based on.
>Wait are you saying that…
>Wait are you saying that only 7.0.4 is affected but earlier 7.x versions are working?
Yes, exactly so - though it may not sound logical.
I had wathed a video clip with 7.03 the evening before without problems. Next day the update to 7.04 came up (I had used tb for just some minutes looking for a topic in the news, ending tb then.) So the update to 7.04 rushed in and since then no sound in videos.
Maybe an incomplete/faulty update? I'll try to download a virgin 7.04 installer and see. Will report back.
greetings
Problem is gone, don't know…
Problem is gone, don't know why ...
In tb 7.04 in about:config
search for 'media.decoder' (without quotes)
brought up 4 lines some days ago when I had no sound in videos.
Now the same procedure comes up with only 3 lines, which are identical in both cases.
media.decoder-doctor.notifications-allowed
media.decoder-doctor.verbose
media.decoder-doctor.wmf-disabled-is-failure
! The one line that doesn't exist anymore NOW was:
media.decoder-doctor.MediaCannotInitializePulseAudio.formats / user set / string / *
#-#-#-#
Now the big surprise: I do have sound now with tb 7.04 !
I have not knowingly changed anything.
I have not reinstalled a fresh tb 7.03 or tb 7.04 as I intended to before
#-#-#-#-#
A strange miracle
But I'm really happy because tb does behave now as it should.
Maybe deleting that variable can help others who have the same problem.
User is experiencing this…
User is experiencing this https://bugzilla.mozilla.org/show_bug.cgi?id=1341442#c3
How will this affect users…
How will this affect users of Qubes/Whonix? From what I've been told, Qubes uses an ad-hoc vchan protocol to send audio to dom0. I assume it uses ALSA, so does this mean it will have to be updated to support PulseAudio? Or is it possible to make PA output to ALSA like a shim?
Good question. I think you…
Good question. I think you should write it to Qubes mailing list.
The Tor projects guys are…
The Tor projects guys are the best in the world! Thank God they exist!
What the world would be without the effort of these lovely people?
Rising AV reports : Malware…
Rising AV reports : Malware.Heuristic!ET#100% (rdm+)
https://virustotal.com/en/file/b1f1ead0d77381180e1fb5519a9cf67f0337956e…
Version 7.0.2 is fine:
https://virustotal.com/en/file/48aa8f59a197c1bc5bc12b42840cae9872f741b3…
Please check.
What do you mean with …
What do you mean with "Please check."? Who should do what?
This is either a security…
This is either a security issue or a false alert by Rising AV. Give it to your IT security staff or to your developers, so they can do some evaluation and introduce changes accordingly (if needed).
I don't think there is…
I don't think there is something need to be done by the Tor team. Tor is open-source, so it would be impossible that such malware could be placed inside the code. This should be dealt by Rising AV.
Being open-source does not…
Being open-source does not guarantee anything: check the history of OpenSSL...
Allow Bookmarklets? …
Allow Bookmarklets?
For more than one version back from today's, possibly beginning with first 7.x release, bookmarklets do not respond.
I set the Tor Button Security Level to High, and leave Noscript extension to allow bookmarklets. I assume that by a change in TBB7, the High security level overrides Noscript extension option/setting that allows bookmarklets.
So I wonder how to initially set TBB at highest Security Level, then allow bookmarklets to run from Bookmarks Toolbar?
Thanks in advance...
I don't suppose it matters…
I don't suppose it matters much but...
It says in the changelog that "Bug 18193: Don't let about:tor have chrome privileges" has been fixed in 7.0.4.
Bug 18193 wasn't fixed in this release; bug 18913 was. The numbers got switched.
Thanks, fixed.
Thanks, fixed.
we include a new Tor stable…
we include a new Tor stable release (0.3.0.10)
As always, tor repo debian package is not yet ready...
They should make the icon…
They should make the icon and name of the Tor Browser more discrete and/or customizable, in case there may be more than one person using the computer it is installed on. It would be nice to be able to change the Icon to something else, and change the name associated with it to something else. Or maybe offer an alternative install option, just for "same computer privacy" issues. In which the installation of the Tor Browser is given a different name, install path, etc. Other local users may not be as responsible with its use if they found out about it.
What system are you on…
What system are you on asking for this so someone can tell you how to do it? An onion on the desktop is an attention seeking conversation starter. I replaced mine with a great big A in a circle and labeled it FU! ;)
When Tor browser bundle is…
When Tor browser bundle is closed no browser history is retained. If any expert is able to view all the files on your device it would be trivial to determine that you have Tor browser bundle installed, even if the name and icon is changed. Using bridges with pluggible transports can make it very difficult for local users to determine that your using tor. You can get bridges with pluggable transports at bridges.torproject.org
thanks ,i love it
thanks ,i love it
Merci
Merci
DownThemAll AddOn is…
DownThemAll AddOn is installed but will not show in Tools or context menu, why?
In 7.0.2 it was working perfectly.
Hm. Does this happen with a…
Hm. Does this happen with a clean new Tor Browser 7.0.4? I just tested on a Windows 7 system and the icons showed up after installing the extension.
After a clean install on…
After a clean install on macOS the DownThemAll AddOn runs fine again.
It seems something gets broken on automatic upgrade of the TorBrowser bundle. I reinstalled a fesh 7.0.2, added the DTA, check it was working. Then waited for the automatic upgrade, restarted the Browser, checked again and DTA was not showing up in the menu anymore.
I deleted the TorBrowser-Data folder and restarted again, but nothing changed. Removed the AddOn, restarted, reinstalled DTA, checked: nothing, restarted, checked again: nothing.
Strange, but as long as the AddOn runs fine again after a clean install I am fine with it.
Hm. I tried to reproduce…
Hm. I tried to reproduce that on my Linux box but I can't. Could you set
extensions.logging.enabled
on yourabout:config
page and check your browser console (with Ctrl+Shift+J) after this happens again and report back if there are any related error messages visible?Thank you so much!
Thank you so much!
icon appears now immediately…
icon appears now immediately );
but puny_code is still set to false ;(
Torsandbox ? not found !
When will the sandbox with…
When will the sandbox with bubblewrap be available on macOS?
Never.
Never.
Something comparable could be built but is not something I have any plans of working on. If you wish to see it happen and have $250k US or so to fund such a project, e-mail me.
Will macOS get any type of…
Will macOS get any type of sandbox for Tor Browser bundle.
int he past you said that a…
int he past you said that a sandbox would be available on macOS.
Which operating system will the sandbox support?
We need a sandbox for Linux, OSX, and Windows. I’m working on the Linux one. The Tor browser team is looking at OSX. In the future we’d like to do Windows.
https://ocewjwkdco.tudasnich.de/blog/q-and-yawning-angel
"looking at"…
"looking at".
IIRC they made seatbelt profiles, I'm not sure if they're any good though.
Anyway, the original question is totally nonsensical because bubblewrap is a tool that relies entirely on Linux namespaces and seccomp-bpf, neither which are available on OSX.
Right, the plan was to test…
Right, the plan was to test and use seatbelt profiles. We need to revisit that and think about future plans given breakages like #22000 (see in particular https://trac.torproject.org/projects/tor/ticket/22000#comment:7 for the problem at hand).
Keep up the awesome work,…
Keep up the awesome work, guys. I (and probably thousands of people) use Tor Browser daily.
Many more than thousands…
Many more than thousands. look here https://metrics.torproject.org/userstats-relay-country.html
I'd like a PARANOID Security…
I'd like a PARANOID Security Level option added to the slider, right above the High setting.
Enabling this option would enable the most.. paranoid of configurations, blocking as much as possible and really locking things down. Because even at the High setting, there are too many things NOT locked down.
Which are missing in your…
Which are missing in your opinion?
You probably lack the time,…
You probably lack the time, but I wish at least one Tor dev was regularly skimming the Wikileaks Vault 7 documents, Citizen Lab tech reports on reverse engineered state-sponsored malware, etc., trying to make sure that you are not missing any technical clues which could assist you in improving Tor Browser's resistance to state-sponsored malware. I suspect that you could skim several dozen such documents and find nothing relevant to Tor, but then the very next one would tell you something you really need to know. To find the interesting one you might have to read dozens of boring ones, that's the catch.
Many thanks to you and all the other devs for your hard work! I often feel that our very lives depend upon it.
I don't see that option on…
I don't see that option on the Mac OS x? sha256: 0a227d179cdd1096c877f9836097eb38ed554fbae6657753a72690a183e2766d
Have you looked at the file…
Have you looked at the file containing the signed bundes? https://oiyfgiixvl.tudasnich.de/torbrowser/7.0.4/sha256sums-signed-build.txt. It's shown there.
7.0.4 - set the security…
7.0.4 - set the security settings to high, notice globalscript icon isn't crossed out, check manually - allow scripts globally (dangerous) is still checked as enabled. wtf.
Does this happen with a…
Does this happen with a clean Tor Browser 7.0.4? On which platform?
Edit: More importantly: on which page is this happening. Note that we exempted the Tor Browser startpage, about:tor, from those restrictions as it is a trusted page and it would be broken otherwise.
What is the latest update
What is the latest update
Question: Is server-versions…
Question: Is server-versions in cached-microdesc-consensus only a suggestion, 0.2.4.24&0.2.4.23 are routable too, or only torversions in server-versions are
routable?
I cant open https websites…
I cant open https websites in this version.
Returns:
Secure Connection Failed
An error occurred during a connection to www.google.com. SSL received an unexpected extension. Error code: SSL_ERROR_RX_UNEXPECTED_EXTENSION
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Is that only happen with…
Does that only happen with google.com? Even after a restart of Tor Browser?
All https connections in all…
All https connections in all websites.
Same issue here. Both in 7.0…
Same issue here. Both in 7.0.4 and alpha version.
Firewall off no antivirus.
I have noticed some versions…
I have noticed some versions below, that updating over the TorBrowser itself caused my antivirus Avast to report an infection. In that case i've deleted my old version and installed the new archive from the website - without any problems. The last version without any founds was 7.0.1.
The newest update will acted the same but this time in the new version 7.0.4 and the fresh Alphaversion 7.5a4 will reported as virusses - not only from Avast - many other tools will do it too (Malwarebytes Antimalware, EEK). I think this is a false positive but what if it is not? TorBrowser Win7 32bit
This was found:
Avast: firefox.exe - IDP.ALEXA.51
torbrowser-install-7.0.4_en-US.exe - IDP.GENERIC
Malwarebytes-Free: firefox.exe - Trojan.Agent.E
Other Tools will found similar infections...
Using Linux now until this case is closed as save...
Is that the official Tor…
Is that the official Tor Browser binary, downloaded from our website? It should be signed with a digital signature from us. And verifying the GPG signature should show that it is signed by our signing key
Well, if it would not be a false positive then all our Linux build machines would need to be infected with the same viruses/trojans or better: would need to have tools installed that implant those trojans/viruses into the executables during build or after it. We use several different build machines to verify that we get bit-for-bit matching binaries before we release a new version which is a defense against compromising one build machine and infecting the resulting binaries with malware.
So given that, I still believe those reports are false positives.
I can't tell if your…
I can't tell if your complaining avast is right or not. But I have even seen my avast stop the download of the avast antivirus update file some time ago. The file to be downloaded 100% sure came from the avast site. I was stunned :) The solution was to use the avast live updater on several machines in our classroom one after the other.
But in your case: asking is ok. Better safe than sorry
Thanks! OK!
Thanks! OK!
Just wanted to suggest a …
Just wanted to suggest a "New Tor Circuit for this site" button be added to the toolbar since it would make things much easier than having to always press Ctrl+Shift+L
We are currently thinking…
We are currently thinking about redesigning the toolbar in Tor Browser, feel free to chime in in https://trac.torproject.org/projects/tor/ticket/23151.
Hi my friends…
Hi my friends.
thanks this program. this program is very excelent...
thank you.....thank you
Sehr geehrte Damen und…
Sehr geehrte Damen und Herren
Ich bin begeistert von Ihrer Alternative.
Mit freundlichen Grüssen
Siegmar Koehler
Tor Browser 7.0.2 and 7.0.4 …
Tor Browser 7.0.2 and 7.0.4 (OS X 10.9.5) cause 85-95% CPU usage when scrolling through Facebook (https://www.facebookcorewwwi.onion/) news feed. This issue probably has been existed since 7.0.0. Does anyone notice this? Now I have to switch back to 6.0.8.
Which security slider level…
Which security slider level are you on? If not "low" does this happen with "low" as well?
It is always at default (low…
It is always at default (low).
By the way, the high CPU…
By the way, the high CPU usage doesn't all happen at once but will increase more and more as I scroll down the news feed.
I deliberately selected …
I deliberately selected "never check for updates (not recommended: security risk)". But it still updates to 7.0.4 on its own.
UPDATER and FIREFOX - in Tor…
UPDATER and FIREFOX - in Tor Browser\Browser both in capitals - were quarantined.
After the "update", all browser extensions were gone and the startpage was an ordinary Mozilla Firefox one, leaving me with a stripped Tor Browser.
What the hell happened?
It seems your antivirus…
It seems your antivirus/firewall tool thought the update is some malware and decided unilaterally to break Tor Browser. I guess one way you could try to work around that is installing Tor Browser new again. Or better: you could think about removing/replacing your antivirus/firewall tool.
An error occurred when…
An error occurred when shutting down browser.
APPCRASH
firefox.exe
52.3.0.6242
00000000
nssckbi.dll_unloaded
0.0.0.0
00000000
c0000005
71b7da4c
6.1.7601.2.1.0.320.65
1042
0a9e
0a9e372d3b4ad19135b953a78882e789
0a9e
0a9e372d3b4ad19135b953a78882e789
That's https://trac…
That's https://trac.torproject.org/projects/tor/ticket/22581. We are working on it and hope to have it fixed soon.
On a Mac should I not see…
On a Mac should I not see the obfs4 bridge? On My Mac I still see the bridge but it looks like it should of been removed according to the update "Bug 22829: Remove default obfs4 bridge riemann."
Please fix:…
Please fix:
- start standalone tor;
- start torbrowser;
- all ok;
- close standalone tor;
- start standalone tor;
- all ok, but tor circuit become hidden in torbutton
and add onion version of ocewjwkdco.tudasnich.de (missing in https://onion.torproject.org)
may be I excludenodes in my…
may be I excludenodes in my torrc. so tor always stops at retrive relys. how to solve the problem.
Hi, is it normal that the…
Hi, is it normal that the tor circuit network to be so slow ? Can't even watch a video on youtube correctly since some days :/
Takes me up to 30 mn to find a circuit able to load the videos :/
Do I have to check something in the settings ? Any suggestion ?
How can I enable the…
How can I enable the function which re-establishes tabs of last session? I see it is grayed out. TY.
When turn on Tor Browser 7.0…
When turn on Tor Browser 7.0.4 and previous versions, in Noscript recently blocked sites it says "aliexpress.com". Only Tor Browser does this not Firefox.
In Tor We Trust :D…
In Tor We Trust :D
Thanks guys !
about:config -> browser…
about:config -> browser.chrome:
favicons and site icons should be disabled (toggled FALSE) for various reasons.
The function for…
The function for reestablishing tabs from a previous session is disabled (grayed). How can I enable it? TY
Is the AdBlock Plus bug…
Is the AdBlock Plus bug being looked into at all?.. (My filter subscriptions disappear after a Tor Browser restart.)
I posted about it here ( https://ocewjwkdco.tudasnich.de/blog/tor-browser-701-released?page=2 ), a fresh install of Tor Browser 7.0.2 did NOT help ( https://ocewjwkdco.tudasnich.de/comment/269931#comment-269931 ).
AdBlock Plus doesn't come…
AdBlock Plus doesn't come with Tor Browser. You probably shouldn't expect it to work or be supported.
Well, we talked about this…
Well, we talked about this in the original thread.
https://ocewjwkdco.tudasnich.de/users/gk had requested further data, I provided it, then he/she stopped responding...
I'd suggest making sure…
I'd suggest making sure there's a trac.torproject.org ticket about the topic, else it's likely to get lost. Keeping track of blog threads is not easy, and definitely not the right place for keeping track of potential bugs. :)
Ok, but then why did you…
Ok, but then why did you guys ask me substantive questions in the original thread instead of directing me to create a ticket straight away?.. This gave the impression that this (the blog) was also a valid avenue to discuss bugs.
Often things can get solved…
Often things can get solved without creating tickets in our bug tracker which is why I tried to get information that would help me reproducing your bug. But so far I don't see this behavior on any of my machines and you are the only one reporting it. I've opened https://trac.torproject.org/projects/tor/ticket/23342 for this issue with another question for you.
Well, that's what I thought!…
Well, that's what I thought! And that's why I kept commenting (and was surprised when my last comment had been left unanswered). And here I am being told that comments are not a proper venue for bug reporting... "Sad!" :)
(1) I tried re-installing…
(1) I tried re-installing Tor Browser 7.0.4 on my system again (as I had done here https://ocewjwkdco.tudasnich.de/comment/269931#comment-269931 with version 7.0.2), same result, AdBlock loses its settings.
BTW, how do I get rid of the annoying warning not to maximize my window?.. I tried pressing the "Ok" button, I tried pressing the cross next to the "Ok" button, same result - warning reappears. I know with previous reinstalls the warning would disappear after a while. But how do I get the browser to understand I am serious about keeping my window maximized? :) I mean, how many presses on those buttons does it take?
(2) I see the ticket, thank you. So you want me to install Firefox ESR, right? I already have regular Firefox (with uBlock Origin, not AdBlock Plus) and Tor Browser. How do I proceed to ensure installing Firefox ESR does not mess up my main Firefox profile, settings, etc?
Re (1) It takes 3. You can…
Re (1) It takes 3. You can disable this early if you want by flipping the
extensions.torbutton.resize_new_windows
preference. (Thanks for testing again)Re (2) if you run the installer you choose the custom installation where you can specify a path for the ESR to be installed. If you are starting with your old profile (not sure if you have more than one) then you can create a new one on
about:profiles
. After a restart you should get the option to choose between your main profile and the newly created testing one.Yay!!! The last update (7.0…
Yay!!! The last update (7.0.5) has fixed things! The filter lists no longer disappear after a restart!
Aha, interesting! Thanks for…
Aha, interesting! Thanks for reporting back. I'll close #23342 as a duplicate of #21270 because that one describes the most likely underlying issue.
Hm, interesting!…
Hm, interesting!
I do have the Security slider on Medium.
Also, surely, I CANNOT be…
Also, surely, I CANNOT be the only one relying on a combination of Tor Browser + AdBlock Plus to protect my privacy and security!.. One simply HAS to use an adblocker (if not to block ads, then to block trackers) if one were to attempt to browse safely and privately. So this issue HAS to affect a lot of other people. Or am I the only one??? I don't think I have some unique configuration, pretty run-of-the-mill stuff...
Tor Browser standalone…
Tor Browser standalone without any adblocker is designed to give you privacy by design. There is no need for adding some filterlist-based extension. You might enjoy reading section 5. No filters of https://sedvblmbog.tudasnich.de/projects/torbrowser/design/#philosophy.
Ok, then why does the Tor…
Ok, then why does the Tor Browser in Tails come with a pre-installed uBlock Origin? :)
And even if you think adblockers and their ilk don't enhance one's privacy, how about security? Using adblockers is almost universally recommended by computer / IT security experts. Bruce Schneier, to name just one.
https://mailman.boum.org…
https://mailman.boum.org/pipermail/tails-dev/2014-November/007299.html ff. and the discussion on tails-dev in October 2014 has some more information about their stance. IIRC it was seen as a political statement.
Regarding security: I guess those blockers are recommended to "normal" browser users not having a specially crafted browser available. For the security part we have the security slider included into Tor Browser.
Ok, I guess you are mostly :…
Ok, I guess you are mostly :) right on privacy and security. (However, suppose someone keeps the security slider on Low, for more convenient browsing. Wouldn't an adblocker still offer protection against, I don't know, stuff like malware being served in 1x1 transparent pixel ads?)
But, I mean, come on, I think you gotta concede on the sheer horrendousness of adblock-free browsing!.. I don't think I can add much to this:
>> Why give shitty ads to our users when it's easy to avoid them? I
>> think a good number of them are going to manually install and
>> persist adblock, which will be worse than having it by default
>> for everybody (I assure you, nobody ever complained that ads
>> are blocked).
Another thought, which hadn…
Another thought, which hadn't occured to me earlier for some reason. :)
Browsing with adblockers is known to be significantly FASTER. I think it's a pretty important consideration for Tor Browser, which is, after all, known for being slow! (Not the browser itself, obviously, but the Tor network itself.)
Also, as you perfectly well…
Also, as you perfectly well know, browsing without adblockers is simply a horrible experience! :) I mean, from the visual point of view, from the point of view of usability, etc.
thanks very much
thanks very much
https://trac.torproject.org…
https://trac.torproject.org/projects/tor/ticket/22981
JS in Medium over https: trusted key not key holder, minimize surface.
https://trac.torproject.org/projects/tor/ticket/23151
https://trac.torproject.org/projects/tor/ticket/22985
https://trac.torproject.org/projects/tor/ticket/22982
https://trac.torproject.org/projects/tor/ticket/22980
+others
Maintain largest user pool, diverge from default High only per component per tab.
Current High/Medium/Low option ensures each user signals a divide between themselves, splitting the largest pool based on subjective "feels" creating three separate identifiable pools. Implement as default "Your Tor Browser is at highest.." with option to "reduce security level for minimal *"
Per basic component: *Video, Audio, in browser Email Encryption etc per tab via click to play menu?
On Ubuntu LTS 16.04 Tor…
On Ubuntu LTS 16.04 Tor browser is tied to Firefox 54. Is anyone else experiencing this issue?
https-everywhere 2017.08.15…
https-everywhere 2017.08.15 stable release doesn't work properly.
the small option window in toolbar is blank and there is no option menu in about:addons.
What's with all of the…
What's with all of the France and Germany nodes? Often I'll see:
France
France
France
Germany
Germany
France
Germany
France
Germany
Germany
Germany
Germany
and so on.
There are a lot of relays at…
There are a lot of relays at a couple of VPS hosting companies. That's somewhat unfortunate.
If you don't like it, help Tor by running a relay at an underrepresented provider :)
New HTTPS Everywhere add-on …
New HTTPS Everywhere add-on (v.2017.8.15) is broken in current Linux, 64-bit, TBB version.
Manually/auto update(s) install the add-on, but when you click on the blue box it opens up a white box with no text and one check mark for some invisible option. Removed and reinstalled previous version (v.5.2.21).
I have the same problem. Did…
I have the same problem. Did anyone even bother to test the updated addon before releasing it?
See, this is what concerns me. They say to update the included addons which ship with TBB but when something like this happens, couldn't it have other ripple effects including but not limited to potential security/privacy issues?
> See, this is what concerns…
> See, this is what concerns me. They say to update the included addons which ship with TBB but when something like this happens, couldn't it have other ripple effects including but not limited to potential security/privacy issues?
Yes. The plan moving forward is to disable auto-updates for all built in addons.
See:
https://trac.torproject.org/projects/tor/ticket/22974
https://trac.torproject.org/projects/tor/ticket/10394
Thanks for the details,…
Thanks for the details, links, and for bumping one of the tickets with recent info.
I seem to not be able to run…
I seem to not be able to run Tor v7 on my windows 7 enterprise laptop. Has anyone else had this problem? I have had to reload earlier versions of Tor (V6) in place of the upgraded Tor version.
You're going to have to be…
You're going to have to be way more specific about the problem.
7.0.4 : bug /attack…
7.0.4 : bug /attack
noscript : removed 5 lines set on https tab vs https forced of course (cookies checked !)
noscript : permissions = no set vs proxy/tor
https everywhere : set unblocked vs https block all unencrypted requests of course (red)
x3 install until a clean install
sandbox not affected
interference of the user behavior using terminal or usual task ? i do not think so.
suspicion of a sophisticated attack/a very bad relay/a big bug lol
Much appreciation for your…
Much appreciation for your continued work and commitment.
'HTTPS EVERYWHERE" sort of…
'HTTPS EVERYWHERE" sort of corrupts itself after every few days of using "TB 7.0.4". All items/options from the drop down menu which appears after pressing the 'https everywhere' icon disappear. Only two checkboxes & the word "version" remain. Anyone with similar experience or info about the cause and its solution ? OS:- WIN 7
https://trac.torproject.org…
https://trac.torproject.org/projects/tor/ticket/23258
Thanks for the quick…
Thanks for the quick response. Question:- Can't we just remove 'https everywhere' from addons and then reinstall it from mozilla's addons in tor browser itself only ? FYI:- I did this once it seemed to work well enough as far as all the items/options, etc got back into there former (active & being there) state.Is doing this allright ? Although one thing seems obvious, that this will be a shortlasting solution.Untill there is a sure fix. (Wanted to keep 'noscript' enabled globally) If i am making a mistake by acting on the procedure mentioned above, please 'warn' me ! Please reply !
This may break incremental…
This may break incremental updating. Since this issue is a browser bug at the core, I don't expect fetching the addon from a different source to give different results, assuming the versions are the same.
As an alternative, you can selectively disable automatic updates for addons under `about:addons`, which should prevent
Got auto-updated to a new…
Got auto-updated to a new release (of 'https everywhere') of 17.08.2017 .
Is the maximize-window…
Is the maximize-window-warning handling a bad joke??
Site is loading, WRONG click, browserwindow pops maximizing, site seeing
monitor size, THEN maximize-warning pops up.
What? Are you kidding me?
Warning must popup/asking before browser maximize.
This is how a Chrome 57…
This is how a Chrome 57 displays https://www.xn--80ak6aa92e.com/. Note the https://www.apple.com in the address bar.
https://arstechnica.com/information-technology/2017/04/chrome-firefox-a…
tem versão em Português
tem versão em Português?
Yes. You can select it by…
Yes. You can select it by clicking on the "English" field below the big purple download button on https://sedvblmbog.tudasnich.de/download/download-easy.html.en.
dear tor, i found this…
dear tor, i found this surfing the deepweb and wanted you to know. don't know if its fake or real but you might know...
http://yjrb5bvdgbrs2rhi.onion
Experiments on realistic conditions
This contains the code we used for our paper, "On Realistically Attacking Tor with Website Fingerprinting."
We wrote "notes" for each of the following, which describes how to run and use the files:
Training update. For testing a training set updating scheme.
Splitting. For split finding, split decision, and pre-splitting. About 100 MB.
Classifier. Takes packet sequences collected in the wild as input, and performs time-based splitting, classification-based splitting, and kNN classification on them. About 700 MB.
Tor Logging. Implementation of Tor logging for the above. This is necessary for the file format required by the classifier. Note that the classifier is only allowed to look at time and direction; other information is not available to the website fingerprinting attacker.
Just to mirror what everyone…
Just to mirror what everyone else has said about this fantastic Tor browser and the work done keeping it going...thank you very much
Hi. Can't browse instagram…
Hi. Can't browse instagram through tor now. It shows:
Error
Please wait a few minutes before you try again.
do you recomend useing…
do you recomend useing ublockO in Tor? and second i had it installed now it is no longer working
We do not recommend it. See…
We do not recommend it. See for a broader discussion about the filtering topic https://sedvblmbog.tudasnich.de/projects/torbrowser/design/#philosophy section 5: No filters.
That said it should work if you really want that. What security slider level are you on (did you change it from the default) and on what operating system does this happen? Do you get an error or how else do you know it is not working?
its ok
its ok
I appreciate the Tor Browser…
I appreciate the Tor Browser very much. Thanks.
Thank you! Very good browser!
Thank you! Very good browser!
I'm still new to this and…
I'm still new to this and truly trying to understand the benefits and how it works. I saw something regarding Tor on Viceland and that is what led me here in the first place. I have downloaded the browser and am ready to use but am hoping someone in this thread will help me understand a little further.
Welcome! There is a "What…
Welcome! There is a "What Next?" item on the Tor Browser start page with links that might help your further. E.g. the Tor Browser manual (https://tb-manual.torproject.org/en-US/) could be a good starting point for you.
Can you tell me if its…
Can you tell me if its normal for the tor circuit to show "bridge OBFS4 (United States)" and other times it just shows "bridge OBFS4"
You mean you are using the…
You mean you are using the same obfs4 bridge? That would be strange but I can imagine that the IP address of a different bridge can't properly be mapped to a country by the ip-country-database used for that and then nothing is added in parentheses.
Are you saying that all…
Are you saying that all obfs4 should have a country identifier?
Well, there is nothing in…
Well, there is nothing in the code that says this bridge should be shown with and that without country identifier when we are talking about obfs4 bridges.
how hide ip address
how hide ip address
no way to get tor7 to work…
no way to get tor7 to work on debian wheezy. Not the downloadable packaged stand alone torbrowser, nor the installed tor and torbrowser launcher. The packaged just does not connect and does not give any errors, v6.5 works fine. The installed tor after updating and installing cannot connect with error: cannot reach host ipnumber:port. Disbaling the firewall makes no difference.
I forgot to add that using…
I forgot to add that using obfs and bridges also made no difference, v7.04 cannot connect. v6.5 no problems whatsoever connects immediately and directly.
You downloaded Tor Browser…
You downloaded Tor Browser from our website, right? Did you start it on the command line (in your tor-browser_en-US directory, assuming you have the en-US version) with something like
./start-tor-browser.desktop --debug --log
? What output do you get?Just want to say thanks for…
Just want to say thanks for all the hard work, however after the new version i can not long run tor on a windows 10 PC tyr to reinstall and disable the FW/AV but now luck appears task manager then disappears, any one elase had this issue? (note: older versions work)
Which FW/AV software are you…
Which FW/AV software are you using?
7.0.4 crashed with…
7.0.4 crashed with
Do you have non-default…
Do you have non-default extension installed in your Tor Browser? Is the crash reproducible?
there are still some…
there are still some problems with loading, idk if it's with my internet or international servers, but i'm just letting you know that it's abnormal compared to other ways of browsing. this usually occurs when entering links presented on search engines. thank you
Yeah ! very very good…
Yeah ! very very good product ..
A monitoring software on my…
A monitoring software on my computer block the use of Tor. Is there any way to bypass this
To all involved and the free…
To all involved and the free software community.
i get the same error…
i get the same error
in the mac disk image mounter
for tor dmgs since half a year:
image could no be mounted
no mountable file system
all other dmgs work fine
osx 10.9
i have completly unistalled tor and wanted to reinstall it.
i downloaded and unzipped wit various browsers languages programs
Hm. I opened https://trac…
Hm. I opened https://trac.torproject.org/projects/tor/ticket/23452 for your issue. I am not sure yet what is going wrong given that this error report is quite rare and most users won't be affected (I guess).
I have downloaded Tor…
I have downloaded Tor-Browser 7.0.4 and discovered right after installing this browser
in Resource Monitor - a tool in map system 32 of Windows - that more then 30 ip-addresses
were connected with Tor.exe.
These ip-addresses don't appear after installing Tor-Browser and I wonder if this is a security shortcoming .
These ip-addresses can connect to Tor.exe any time and overlook coonection tot he internet.
I just wanted to say Thank…
I just wanted to say Thank You So Much. I wish I had money to help out, but the best I can do is offer my computer as a guinea pig and try out the beta version.
Thanks again, and so far everything is working great!
Thanks! And, yes, testing…
Thanks! And, yes, testing the alpha bundles is pretty valuable to us. Please keep doing that if you can and report bugs at https://trac.torproject.org/projects/tor if you find any.