Tor Browser 5.0a2 is released
The second alpha release in the 5.0 series of the Tor Browser is now available from our extended downloads page as well as the distribution directory.
This release provides a fix for the Logjam attack (https://weakdh.org/) and updates a number of Tor Browser components: Tor to version 0.2.7.1-alpha, Torbutton to version 1.9.2.7, NoScript to version 2.6.9.26, meek to version 0.19 and HTTPS-Everywhere to version 5.0.5. Moreover, it fixes a possible crash on Linux and avoids breaking the Add-ons page if Torbutton is disabled, and it also fixes an update issue when using meek on Windows systems.
Here is the complete changelog
- All Platforms
- Update Tor to 0.2.7.1-alpha
- Update OpenSSL to 1.0.1n
- Update HTTPS-Everywhere to 5.0.5
- Update NoScript to 2.6.9.26
- Update meek to 0.19
- Update Torbutton to 1.9.2.7
- Bug 15984: Disabling Torbutton breaks the Add-ons Manager
- Bug 14429: Make sure the automatic resizing is enabled
- Translation updates
- Bug 16130: Defend against logjam attack
- Bug 15984: Disabling Torbutton breaks the Add-ons Manager
- Windows
- Bug 16014: Staged update fails if meek is enabled
- Bug 16269: repeated add-on compatibility check after update (meek enabled)
- Linux
- Bug 16026: Fix crash in GStreamer
- Bug 16083: Update comment in start-tor-browser
Comments
Please note that the comment area below has been archived.
The captcha issue is not yet
The captcha issue is not yet solved on some websites. The pictures do not load when asked to select a few pictures of something. This has been broken for some releases now and it has had no attention. Can you please investigate this.
I can confirm this. It seems
I can confirm this.
It seems that the Google reCAPTCHA service making the most problems.
Anyways thank you TOR Guys/girls for the update!
Which websites have broken
Which websites have broken captchas? I've never had a problem with CloudFlare (even if the ReCaptcha method they use is hard to solve).
Now, the recent obsession of sites straight-up banning Tor IPs...
See www.openmailbox.org for
See www.openmailbox.org for example.
Use the register site.
Got the same problem as
Got the same problem as mentioned by the 2ppl above. And as many before me I've tried switching off NoScript etc..
One example: https://www.openmailbox.org/#register
Interestingly enough it displays the image of what has to be identified but not the 9 pictures you get to choose from. This is a very frustrating issue and I really hope someone finds a solution soon.. :)
This isn't a problem with
This isn't a problem with Tor Browser; it's a problem with the captcha provider (Google, I think.) You may have some luck by lowering your security settings if you're willing to take the risk but in the end you need to complain to the captcha provider or the website using the captcha provider.
This is:
This is: https://bugs.torproject.org/16267 and we are currently thinking about good ways to solve this problem.
I see NoScript's ClearClick
I see NoScript's ClearClick feature for trusted and untrusted sites is disabled by default. Are we looking for a fix from Tor Browser or NoScript or both?
I am not sure yet but I
I am not sure yet but I think the fix should be in our patch set.
I enabled ClearClick on
I enabled ClearClick on NoScript. I would rather deal with false positives than have no protection against clickjacking.
I think there is a bug ,
I think there is a bug , PleaseCheckOut
Why aren't more Noscript
Why aren't more Noscript features as TBB is shipped enabled? Like ABE?
Because we think the
Because we think the currently enabled features are sufficient for our purposes.
Endpoints are so easy:) lol
Endpoints are so easy:) lol
While ABE has it's uses I
While ABE has it's uses I think that individual users making their own customized rules would make fingerprinting them exceptionally easy. It would be similar to NoScript's normal per-domain/site/etc whitelisting but worse.
Apologies ahead of time, as
Apologies ahead of time, as I'm much less tech-literate than most that post here.
Every time I try to update to this latest version of the Tor Browser Bundle, AVG anti-virus program detects a potential threat.
This must be the 4th or 5th version of Tor I've downloaded, and never before have I had this prob.
Again, apologies if this is old-hat, previously covered ad nauseam.
canvas fingerprinting
canvas fingerprinting ?
browserleaks.com/canvas
AVG 2015 doesn't let the
AVG 2015 doesn't let the program install, in the middle it detects tor.exe as a threat and delete it.
Yup, that's exactly what I
Yup, that's exactly what I ran into. Solution?
can i manage to get a
can i manage to get a permanet IP on this version
No, and it isn't a feature
No, and it isn't a feature likely to ever be implemented.
The Meek servers are
The Meek servers are comming from Google/Amazon/Microsoft, all had worked with NSA in the past, so supposing they record my IP address which is comming from Iran, NSA will try to crack my Tor becaus I come from Iran?
The US government loves it
The US government loves it when Iranians use Tor. Not so much for US citizens.
Since update now no longer
Since update now no longer get map of connections on Tor button.
Windows XP pro 3
Please work on the tor
Please work on the tor CAPTCHAS problem:
"There was an issue with the captcha provider. More information may be available below."
If it works in other browsers then it should also work in tor.
when i try to update tor
when i try to update tor browser . after the update if i restart the browser it shows update is available . its seems some bug . may be i need to download a fresh copy of the browser .
Astoria client is coming up
Astoria client is coming up soon...better or worse than Tor?
PLEASE, FIX THIS BUG: In the
PLEASE, FIX THIS BUG:
In the TBB for linux bridges do not work anymore. You are not allowed to connect if using bridges (obfs3, obfs4, ...), not the default ones, not whatever working bridge you enter into the box. Why hasn't this been fixed yet?
The problem I encounter is
The problem I encounter is if TBB fails to connect to Tor network (I'm using meek and obfs3 bridge) and you wish to try again, you have to close and run TBB again, it wastes time especially for Tails you have to reboot.
Hi, A short while ago I
Hi,
A short while ago I found a site which offered Tor users a test to see if they were being compromised (their real IP was discernable) while watching an HTML 5 video. I took the test and failed- my real IP was indeed being shown to me despite being on TOR and despite having NO scripting enabled - javascript et. al. -or any other such plugin enabled. It was done purely through HTML 5 on an as-downloaded version of Tor, the lastest version at that time. This was perhaps a month or two ago.
My questions are- are you aware of this? If so, have you notified your users of this? Have you addressed the issue? If you are aware of this and you know the URL of the site I was describing, can you post that URL since I cannot find it any longer.
Thank you
1. Captchas error all the
1. Captchas error all the time
2. This error message appears more and more often:
The server rejected the handshake because the client downgraded to a lower TLS version than the server supports. (Error code: ssl_error_inappropriate_fallback_alert)
Not working on cloudflare
Not working on cloudflare protected websites!
Captchas broken! Firefox works, tor has problems.
Why use Tor and not
Why use Tor and not encryption without Tor?
With mozilla adding more and
With mozilla adding more and more controversial features like 3rd party closedsource services, please consider migrating to palemoon! Both Palemoon and Tor communities will only win from this and I'm sure Palemoon developers will cooperate.