Tor Browser 5.5 is released

Tor Browser 5.5, the first stable release in the 5.5 series, is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

On the privacy front we finally provide a defense against font enumeration attacks which we developed over the last weeks and months. While there is still room for improvement, it closes an important gap in our fingerprinting defenses. Additionally, we isolate Shared Workers to the first-party domain now and further improved our keyboard fingerprinting defense.

We made also progress on the usability side. First, by providing Tor Browser in another locale, Japanese. Additionally, by showing the changes in the new Tor Browser version immediately after an update and polishing our about:tor appearance. Last but not least we changed the search bar URL for the DuckDuckGo search engine to its onion URL.

Here is the full changelog since 5.0.7:

Tor Browser 5.5 -- January 27 2016

  • All Platforms
    • Update Firefox to 38.6.0esr
    • Update libevent to 2.0.22-stable
    • Update NoScript to 2.9.0.2
    • Update Torbutton to 1.9.4.3
      • Bug 16990: Show circuit display for connections using multi-party channels
      • Bug 18019: Avoid empty prompt shown after non-en-US update
      • Bug 18004: Remove Tor fundraising donation banner
      • Bug 16940: After update, load local change notes
      • Bug 17108: Polish about:tor appearance
      • Bug 17568: Clean up tor-control-port.js
      • Bug 16620: Move window.name handling into a Firefox patch
      • Bug 17351: Code cleanup
      • Translation updates
    • Update Tor Launcher to 0.2.7.8
      • Bug 18113: Randomly permutate available default bridges of chosen type
    • Bug 13313: Bundle a fixed set of fonts to defend against fingerprinting
    • Bug 10140: Add new Tor Browser locale (Japanese)
    • Bug 17428: Remove Flashproxy
    • Bug 13512: Load a static tab with change notes after an update
    • Bug 9659: Avoid loop due to optimistic data SOCKS code (fix of #3875)
    • Bug 15564: Isolate SharedWorkers by first-party domain
    • Bug 16940: After update, load local change notes
    • Bug 17759: Apply whitelist to local fonts in @font-face (fix of #13313)
    • Bug 17009: Shift and Alt keys leak physical keyboard layout (fix of #15646)
    • Bug 17790: Map the proper SHIFT characters to the digit keys (fix of #15646)
    • Bug 17369: Disable RC4 fallback
    • Bug 17442: Remove custom updater certificate pinning
    • Bug 16620: Move window.name handling into a Firefox patch
    • Bug 17220: Support math symbols in font whitelist
    • Bug 10599+17305: Include updater and build patches needed for hardened builds
    • Bug 18115+18104+18071+18091: Update/add new obfs4 bridge
    • Bug 18072: Change recommended pluggable transport type to obfs4
    • Bug 18008: Create a new MAR Signing key and bake it into Tor Browser
    • Bug 16322: Use onion address for DuckDuckGo search engine
    • Bug 17917: Changelog after update is empty if JS is disabled
  • Windows
    • Bug 17250: Add localized font names to font whitelist
    • Bug 16707: Allow more system fonts to get used on Windows
    • Bug 13819: Ship expert bundles with console enabled
    • Bug 17250: Fix broken Japanese fonts
    • Bug 17870: Add intermediate certificate for authenticode signing
  • OS X
    • Bug 17122: Rename Japanese OS X bundle
    • Bug 16707: Allow more system fonts to get used on OS X
    • Bug 17661: Whitelist font .Helvetica Neue DeskInterface
  • Linux
    • Bug 16672: Don't use font whitelisting for Linux users

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

OpenSSL 1.0.1r security release 28th Jan 2016

OpenSSL 1.0.1r security release 28th Jan 2016

Thanks for the info.

TBB users such as us would appreciate it very much if gk and his team could rush out a new release incorporating the two security fixes mentioned in https://mta.openssl.org/pipermail/openssl-announce/2016-January/000058.html

It seems Tor is not affected by this: https://lists.torproject.org/pipermail/tor-dev/2016-January/010333.html .

I know this isn't the place to ask this, but are there any plans to create a very simple UI for cryptsetup in TAILS? Currently, it is very tedious to open up an encrypted volume in TAILS. The amnesic quality of TAILS makes that much more frustrating after every reboot.

I'm not a proficient coder but I've seen how quickly a crude UI can be produced in python using the twisted library. If I knew how to tie the UI to cryptsetup I'd do it myself. Although what would take me days if not weeks would take a TAILS dev an hour or so.

The reason I have placed this here is that I hope to generate interest from the rest of the community. If enough people speak up, devs are sure to respond positively.

Sure, devs always respond positively when you say it only take an hour.

I know this isn't the place to ask this,

The reason I have placed this here is that I hope to generate interest from the rest of the community.

Exactly. This isn't the right place for feature requests of a different product.

Please surf to https://tails.boum.org/contribute/talk/ and mail your request to the appropriate mailing list.

but are there any plans to create a very simple UI for cryptsetup in TAILS?

The feature has been requested many times in the past, on Tails' mailing list. From what I heard, the feature you requested, when implemented, can lead to hackers and the NSA attacking Tails' users. That was sometime ago but with improvements in software, security vulnerabilities may be reduced.

Did this. If it were easy to make such request anonymously I would have opted for the tails mailing list. I tried pigeon with Tor proxy but it seems the exits that I tried using had been abused prior to my attempt.

I wasn't aware that this had been requested before. Glad I'm not the only one.

I don't understand how a GUI would significantly increase the attack surface from a remote location? Please enlighten me.

If it were easy to make such request anonymously I would have opted for the tails mailing list.

Besides using Pidgin with Tor proxy, have you tried other ways of seeking Tails' technical support? See https://tails.boum.org/support/index.en.html

I don't understand how a GUI would significantly increase the attack surface from a remote location? Please enlighten me.

Unlike our regular NSA troll here, I don't wish to spam this blog with Tails-related issues.

Please ask your above question using the appropriate Tails' support channels.

Hello everyone is anybody can help me buy Tor tell me how do I do happens if someone can help me please Bonjour à tous est-ce que quelqu'un peut m'aider à acheter sur Tor m'expliquer comment faut faire je n'arrive si quelqu'un peut m'aider s'il vous plaît

Спасибо вам от всех россиян, казахстанцев и белорусов, да и от всех людей со всего мира, кто пользуется вашим замечательным браузером Тор, всех благ и удач вашей команде, по возможности буду производить пожертвования на улучшения вашего продукта, с уважением из города Астана, Казахстан, ваш пользователь.

Thanks! It's always great to hear feedback like this.

I would like to join the thanks from Astana, Kazakhstan! This is a very important tool for countries like ours where free speech and access to information are so severely limited. Will certainly donate whenever I am able to.

Присоединяюсь, Москва.

Oh, my!
A measure against browser fingerprinting.
Thanks for the great work!

i wonder is tor really safe on http websites?

Depends. The connection between exit node and http site is not encrypted, you could be a victim of a man-in-the-middle attack. The content could be replaced, or the man-in-the-middle could insert javascript which will threaten your browser and could install malware or deanonymise you. If you enter personal information, the exit node can see it. If you have javascript disabled, you are safe from attacks, but the exit node can still see the page and anything you enter.

The content could be replaced, or the man-in-the-middle could insert javascript which will threaten your browser and could install malware or deanonymise you.

Very true.

But I was told that if you use Tails and with Javascript enabled, your identify and geolocation are less likely to be unmasked. How true is it? Can someone confirm it?

You should use https websites to minimize the amount of snooping an exit node could possibly do, even though an exit node won't know who generated the traffic in the first place in theory. You also should be very wary to run Javascript from non-https sites, as it could've been tampered with by an exit node. Normally this doesn't happen, at least it did never for me, but depending on your circumstances/needs you maybe want to be more cautious than I am.

Normally this doesn't happen, at least it did never for me,

What proofs have you to state categorically that you've never had to deal with Javascript malware?

he believe...

i'm not able to get bridges ,when i send email this message apeares"

This is the mail system at host polyanthum.torproject.org.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

(expanded from
): temporary failure

what should i do ?

First, what email address you send your letters to?
Second, *from* what email address you send them? BridgeDB servers only respond to emails from @gmail, @yahoo and @riseup accounts.
Also, if you think you're doing it right on every step, consult with person who is responsible for your network' work.

Is there an update from 5.5a6 to this via Software Update in Tor Browser?

Not really. 5.5a6 is getting (auto)-updated to 6.0a1, the new alpha.

nice

good! but slooow

https://trac.torproject.org/projects/tor/ticket/8725
What is about that information leakage? Should any web site be able to distinguish Windows and Linux TBB users?

Ideally not (which is why there is this bug) but we currently don't aim at concealing the platform used (although long-term we want to do that). See: https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability 3. Operating System Vendor and Version Differences in the section Sources of Fingerprinting Issues.

https://mta.openssl.org/pipermail/openssl-announce/2016-January/000058.html

Awesome

我是Tor的忠实用户,非常遗憾的是:Win8 微软雅黑6.10 (UI)的字体在这个版本下失效,确切地说,它根本就不认这个字体,决定放弃升级;另外,所有的5.0以后的版本,Foirefox的侧边栏扩展一直无法安装,亦请你们予以修正,谢谢,拜托了!

字体的问题应该类似 17250。这个字体名称没有在whitelist里:https://trac.torproject.org/projects/tor/ticket/17250#comment:6

侧边栏扩展具体指什么?测试安装add-on没有问题。你可以具体说明吗?或者提交bug?

Hi, I had to machine-translate your comments. This is what I got:

I am a loyal user of Tor, very unfortunately: Win8 Microsoft elegant black 6.10 (UI) of the font in this release fail, rather, it simply does not recognize the font, decided to abandon the upgrade; In addition, all of the 5.0 version, Foirefox sidebar extension has been unable to install, will you also be amended, thank you, please!

17250 fonts should be similar problems. The font name is not in the whitelist in: https: //trac.torproject.org/projects/tor/ticket/17250#comment: 6

What Sidebar extension specifically referring to? Test install add-on is no problem. You can specify it? Or submit bug?

The 微软雅黑 font (Microsoft YaHei) should be present in the whitelist. See here:
https://gitweb.torproject.org/tor-browser.git/tree/browser/app/profile/0...

pref("font.system.whitelist", "..., Microsoft YaHei, 微软雅黑, MingLiU, 細明體, ...");

Maybe "微软雅黑(UI)" is considered a different font than "微软雅黑"? Do web pages render text in 微软雅黑 correctly?

The UI fonts are separate since the white listing is done by matching in full. The entire browser UI gets really broken if the "system default UI font" isn't present on the whitelist, and if the ja_JP locale is anything to go by, MS has/will change it between major Windows releases.

See:

* https://trac.torproject.org/projects/tor/ticket/17550 (Similar issue with ja_JP)
* https://trac.torproject.org/projects/tor/ticket/17999 (OS version fingerprinting risks associated with whitelisting all the UI fonts ever used)

Thank you for reporting this problem. Please can you try adding "Microsoft YaHei UI" to the pref "font.system.whitelist" (under about:config), restart Tor Browser, and tell us if this fixes the problem?

Hey guy,
What is the intention you are using TorBrowser for?
You wanna circumvent the surveillance from an evil regime, right?
Anything else more important than safety?
You need browsing the Internet anonymously rather than fonts research, right?
Please try not to focus on the issue of fonts. Just update, what else?

不要猶疑那麼多了, 程序更新比任何都重要.
我都很久没有使用中文了, 又如何?

不要犹豫那么多了, 程序更新比任何都重要.
我都很久没有使用中文了, 又如何?

sync is not working anymore :( are you going to fix it or did you disable it on purpose?

Hi. Not a dev.
But do you REALLY want your tor browser bundle connecting to moz sync servers over the tor network every 10 minutes? (Or worse, a custom sync server that only YOU use?)

If a global passive observer can watch you connecting to the tor network, and somehow see "someone" authenticating to a moz sync server, wouldn't they be able to correlate both events given enough samples?

Play it safe. Keep your tor browser bundle in a password protected zip file on a usb key. (Preferably named something like milfporn.zip or something)

Avoid sync.

I understand your point but consider that not every tor user has the same level of security concerns. Tor is used by different ppl for different purposes. I need sync and if they are not reintroducing it I will have to downgrade to 507.

I understand your point but consider that not every tor user has the same level of security concerns.

If that's the case, why don't you build your own TBB with your own specifications? With limited resources, Tor's development team has to focus on the needs of the majority and not cater to the specific requests of a few.

Tor is used by different ppl for different purposes. I need sync and if they are not reintroducing it I will have to downgrade to 507.

Please feel free to downgrade to 301 or even TBB version 101.

Not sure what you mean but we did not change anything with respect to sync. What did work before and does not work now anymore?

Update: On getting a new identity after upgrade, full screen bug now goes away, but no warning about full screen as an identifier as before.

Interesting. Which operating system are you on? I can't neither reproduce it on Ubuntu nor Windows be it with or without update.

Oh, and please post a new comment in this regard in the thread below which (probably) you opened.

bugzilla confirms that (6.0a1 on Win7)

I could use Sync in previous version - which allowed many conveniences like bookmarks and passwords. I understand the the issue with anonymity with those features, but like the fact that I can use the same browser for everything.

Could you give us steps to reproduce your problem showing what worked in 5.0.7 but not in 5.5 anymore?

I have similar issue: from tor503 to 507 (both win7ent and osx 10.8) I could log to sync with user&pass and sync was performed (between two tor507 in the two OSs). Now when I go to sync (in both OSs as above) and try to login (or to use another sync account) I get a "500 Error Oh dear, something went wrong there. We've been notified and will get working on a fix." (URL is "about:accounts?entrypoint=menubar" ). Note that sync didn't work from tor500 to 503 while it was working in all versions 4. Thanks in advance!!!

sorry didn't work in tor 500 501 502, in 503 was ok again.

window.name bug might be the reason for Sync problem.

Thank you for keeping up the good work!

Why is YouTube not working?

It seems to be working for me. What operating system are you using, and do you have JavaScript enabled?

More importantly than simply having javascript enabled I think you need to have the security slider set to low. At least you did when I last tried it because HTML5 video click-to-play gave Youtube indigestion.

Why is YouTube not working?

Tor users should ignore the above post.

It is most likely the work of our regular NSA troll.

His real question is: why is Adobe Flash not working on YouTube?

YouTube usually uses HTML5 video these days as opposed to Flash.

It's a valid question; last time I checked YouTube only worked with security set to low. For the uneducated user might not think to check those settings. Of course, whether or not you want to set security to low is another question.

make account for BTC donate

To get bitcoin to us, the best plan right now is via Bitpay:
https://www.torproject.org/donate/donate-options#bitcoin

For some complexities in that process, see also
https://blog.torproject.org/blog/tors-first-crowdfunding-campaign#comment-153183

Also lastly, I think some of these non-profits who run exit relays are also pleased to receive bitcoins:
https://www.torproject.org/docs/faq#RelayDonations

Thanks!

Attention

Within the next few hours at the earliest or the next few days at the latest, our regular troll from the NSA will be posting his regular litany of complaints, viz. he is unable to watch Flash video clips using this latest version, or to watch Youtube clips and hence is compelled to using a very old version of TBB.

The NSA troll will further attempt to make similar posts using different identities, changing his writing style and deliberately making grammatical errors so as to avoid fingerprinting.

His ulterior motive? To entrap naive TBB users to use Adobe Flash, the latter being notorious for its ability to unmask true geo-locations.

P.S.: It appears that our NSA troll is not highly paid. The really talented NSA staff are each paid at least a million US dollars in annual compensation and do not have the time to post laughable comments on this blog.

Treat this as a challenge: can you make so fine sandbox that even such crap as abobe flash be safe to use?

Don't ever use "adobe flash" and "safe to use" together in one sentence again. ;)
Also I don't think you should be running any proprietary software if you want to have basic safety, even if it is sandboxed.

Treat this as a challenge: can you make so fine sandbox that even such crap as abobe flash be safe to use?

First of all, I wish to inform you that most of Tor developers are not paid at all for their work, unlike NSA which has unlimited budget in the billions of US dollars. What this means is that Tor developers are unlikely to take up your challenge.

Secondly Adobe Flash has been known to be very buggy and the target of choice of hackers. The Hacking Team, whose tens of hundreds of documents and emails had been leaked on the internet, makes millions of dollars by selling Adobe Flash's exploits to authoritarian regimes.

Thirdly, you might wish to contact Whonix developers at www.whonix.org to let them know of your suggestion.

try downloading websites. there are still negatives
they may all be http, not https
they may all need javascript enabled for their domain
they may not download videos from sites that aren't popular video sites

I am a regular reader of this blog, but didn't recognize your description of that particular regular poster. However, I agree that

o flash + Tor is generally a bad combination (if you absolutely must use flash, at the very least use Tails), and in particular, scare stories in the "establishment" media from last two years with titles like "FBI/SCO/NFI has broken Tor" seem to be talking about state-sponsored malware which exploits flash bugs

o the Tor community can expect to be targeted here and elsewhere by a half dozen or more intelligence agencies (not all FVEY), including "suasion" operations which involve disinformation, scare rumors, and trolling.

LOL. I know who you are talking about but what makes you think he is from the NSA, as opposed to someone who wants to access a service that is geographically restricted. Hulu, CBS, if I live in some parts of Europe, or all of it, I can't access them. But with a USA exit node in TB plus flash player I can, it's safer than HOLA: http://www.pcworld.com/article/2928340/ultra-popular-hola-vpn-extension-sold-your-bandwidth-for-use-in-a-botnet-attack.html. It also diversifies the TB user profile. People who use flash player in TB are not interested in privacy but functionality and TB+flash player > HOLA, they are not naive, not the majority of them anyway.

as opposed to someone who wants to access a service that is geographically restricted....

People who use flash player in TB are not interested in privacy but functionality and TB+flash player...

Look here, you've missed the point of why Tor was developed in the first place. One of its first principles is to help people living in authoritarian and oppressive regimes to communicate.

How does watching videos on Netflix, Hulu, CBS help to achieve that goal? As an example, I live in Iran and use TBB to watch "Breaking Bad", "Game of Thrones", "House of Cards", "Mad Men" on US-based Netflix. How does my action help to advance Tor's first principles?

People who wish to watch videos on Netflix or Hulu should just subscribe to a commercial VPN service provider.

You've missed the point of why some people use tor. It's irrelevant why tor was made. People use tor for different purposes.
"How does watching videos on Netflix, Hulu, CBS help to achieve that goal?"
Simple:"It also diversifies the TB user profile". It makes tor more mainstream, thus you won't have a target on your back by simply using tor.
Vpn cost more money than their worth, tor is free and those people can donate to tor because it's cheaper, some do others don't, stop telling people what to use tor for.
Plus unless you live in an "authoritarian and oppressive" country you are using tor for other reasons than the intended purpose. You hypocrite.
In the end you are wrong because it doesn't matter how much you talk about why tor was made or how can doing mediocre tasks on tor promote freedom from oppression, people will use tor for different purposes.So stop complaining.
Plus, about the youtube thing: "They circumvent censorship. If you live in a country that has ever blocked Facebook or Youtube, you might need to use Tor to get basic internet functionality. "
And you didn't prove yet that the guy works for NSA.

Simple:"It also diversifies the TB user profile". It makes tor more mainstream, thus you won't have a target on your back by simply using tor.

Flawed logic.

Vpn cost more money than their worth, tor is free

Cheapskate

Plus unless you live in an "authoritarian and oppressive" country you are using tor for other reasons than the intended purpose. You hypocrite.

Don't be too quick to judge. As my organization is affiliated with a UN body, I travel quite frequently to authoritarian and oppressive regimes for extended periods of time. Currently I'm traveling in an authoritarian regime where freedom of expression is severely curtailed and I'm using Tor as at the time of writing this reply.

In the end you are wrong because it doesn't matter how much you talk about why tor was made or how can doing mediocre tasks on tor promote freedom from oppression, people will use tor for different purposes.

That's why there's a need to educate people here on the proper uses of Tor.

It's still irrelevant. You are the one with the flawed logic. "Each new user and relay provides additional diversity, enhancing Tor's ability to put control over your security and privacy back into your hands". That's from here:"https://www.torproject.org/about/overview.html.en#thefutureoftor". "They circumvent censorship. If you live in a country that has ever blocked Facebook or Youtube, you might need to use Tor to get basic internet functionality." It's from here:'https://www.torproject.org/about/torusers.html.en#normalusers".
Cheapskate, that's all you can say, LOL, go cry me a river.
Stop telling people how to use tor. Educate yourself on that.
And I'm still waiting on you to prove how that person works with the NSA, until now you only showed flawed logic in trying to prove it.
Hopefully you will have a better answer next time, but I doubt it.
Don't be too quick to judge. As my organization is affiliated with a UN body, I travel quite frequently to authoritarian and oppressive regimes for extended periods of time. Currently I'm traveling in an authoritarian regime where freedom of expression is severely curtailed and I'm using Tor as at the time of writing this reply.
Wait, wait, wait, you are using tor in "an authoritarian regime" right now, your words, and you are posting a reply to me from "an authoritarian regime", again, a reply to me, and you have the audacity to say I need to be educated on the proper uses of tor (I didn't know I was so important that someone affiliated with the UN must reply to me from "an authoritarian regime") no wonder the UN is useless. And, again, YOU HYPOCRITE.

Ok you two, it sounds like you should each take some time away from this thread. :)

If I press fullscreen the program just bugs and no fullscreen :(

Works for me with a fresh install on different Linux systems. How can we reproduce that?

Different anonymous, and the commenter is right. On windows, full screen now crippled, screen flashes and it won't do it. I'd say it is inherent in the new release, as opposed to an anomaly, but we'll see as others report it. I don't use full screen very often, just tested to see.

Works fine for me on a Windows 7 machine both with a fresh 5.5 bundle and and upgrade from 5.0.7. So, hrm...

Alright, this is a Windows-only bug which is tracked at https://bugs.torproject.org/18174.

There are fullscreen (video), maximize and fullscreen-mode (F11). Clarification is needed. But try F11 - there is something strange on Windows.

good

In Tails 1.8.2 and prior versions I connected to the internet by adding a username and password to a dsl connection in the network connections. In Tails 2.0 I can't find a dsl or equivalent where I can introduce a username and password to connect to the internet. I know this is not the right place to ask this but I don't know where else to go for help. So please, can anyone help me?

Read the tails Help & Support page: https://tails.boum.org/support/index.en.html

Read what? There's nothing relating to my problem there. If you found something please provide the complete link, no "google it" or equivalent, which is what you did.

This blog post is about Tor Browser. If you need help with Tails read that page and you'll know where to find it.

Read the previous two posts, because they answer both of your claims.And stop sending people to a page that does not have the answer they are looking for, also stop with basically "google it" type answers.If you can't help stop posting.

> This blog post is about Tor Browser. If you need help with Tails read that page and you'll know where to find it.

I just read the new Tails 2,0 documentation at tails.boum.org and I agree with the OP: the information or suggestion (don't know it myself) which he/she needs to solve the reported problem isn't there yet.

Agree this is the TB 5.5 thread, but unfortunately the Tails devs have chosen not to allow comments in the Tails 2.0 thread, so I think TP should give the OP some room to seek a solution to the issue here.

at tails.boum.org and I agree with the OP: the information or suggestion (don't know it myself) which he/she needs to solve the reported problem isn't there yet.

Surf to https://tails.boum.org/support/index.en.html and look closely at ALL the sections on that page.

but unfortunately the Tails devs have chosen not to allow comments in the Tails 2.0 thread,

Why should Tails devs post their replies here on this Tor's blog? Tails has its own support channels and we should respect their decision to be only contact via them.

Moreover no one can guarantee that on this blog, the solutions to Tails'-related issues are official. If you want official replies from Tails, then use Tails' official support channels, as advised by Tails' devs themselves How difficult is it for you guys to understand this simple truth?

This dude is probably talking about the last part of that page where they talk about talking to them by email etc otherwise the answer is stupid because the problem the op has is not there and this dude didn't even check that and the op did say he used whisperback.
But he should complain about every single comment that has nothing do to with tor on this entire blog otherwise he himself is a trol because he only goes after some people and not all.

I too am still getting used to Tails 2.0, which incorporates many changes under the hood and also a somewhat different desktop experience. One of the issues which has been reported as a bug is that the old style gnome "Network manager" applet doesn't seem to appear in the menu bar at top. I think. I am not quite sure if that is intentional or not, but I guess that the way you used to get online used "Network manager".

Can you report your issue using Whisperback? Yes, it moved, its now in Applications -> System Tools.

I can get to network manager, it's there, what's not there is a tab for dsl which is what I used in tails 1.8.2 and prior and ubuntu 14.04.3 LTS & 15.10 and linux mint 17.3. I connect to the internet with a password and username that's the only way I can, which was in the dsl tab. In debian 8.3 the dsl tab is there but it doesn't connect unlike the ubuntu and linux mint os. And I did send a report using Whisperback.

Just to be sure (and just in case), you mean username and password for an internal DSL modem, not 802.1x security over ethernet?

I'm supposing by "Network Manager" you mean Applications > System Tools > Settings, followed by double clicking the "Network" block (second row down, far right). (For the 802.1x security dialogue, one'd choose "Wired", below "Wi-Fi", then click the button at bottom-centre "Add Profile...". In the 'Security' tab, 802.1x security asks for username and password there, but I see nothing about DSL though.)

I have to say that personally I'm finding the conversion to systemd and Gnome shell in Tails 2.0 completely disorientating. So many tweaks that used to be in context menus have been shuffled off into obscure places or removed completely. I'm guessing your problem is another example of that.

On every tails version since 1 up to and including tails 1.8.2 i would simply go to network manager applet at the top right corner (if no windows camouflage) choose vpn connections - configure vpn and then the network connections window would appear, click on the dsl tab - add - and introduce the username and password and then connect to the internet. Like I said no problem doing that since tails 1 up to and including tails 1.8.2, and I used tails daily. And I can't find a way to do that in tails 2.

And for a complete answer, yes to your first question, as for the network manager, yes but that is not the only way to get there. But I think they simply removed the dsl connection from tails 2.0 as it does not work in debian cinnamon (it's there but it doesn't work) and it's not present in debian gnome, unlike linux mint and ubuntu 14 lts and 15 where it's present and working fine.

The tab I see for the new "Wired" menu doesn't look like the example in the documentation. I guess that may be because Tails 2.0 does not include some driver(s) my machine needs to do WiFi and or Bluetooth. I always worry about some bug or mistake making an unintentional WiFi connection to a hostile "Open" AP, but have no idea if this is good or bad. Under Tails 1.8.2 I could at least see the option to connect to WiFi APs, which gave me some reassurance this isn't happening against my wishes.

I also use Debian Jessie when not using Tails. By "Network Manager" I mean a standard component of Debian Jessie (and older) which can be used by clicking on its icon in upper right of task bar. Tails 1.8.2 and earlier worked the same way. When I changed to Debian Jessie I recall experimenting with Gnome Classic and don't remember it looking much like Tails 2.0, so I am a bit confused. I believe NM is part of the Gnome desktop suite in Debian, so since I use another desktop in Debian, I suppose I must be confused.

I guess I can't help with your problem since under Tails 1.8.2/earlier or Tails 2.0 I never connected via wired connection the way you describe.

> I have to say that personally I'm finding the conversion to systemd and Gnome shell in Tails 2.0 completely disorientating.

I have the same reaction, but experience has taught me not to worry too much about such initial reactions, that over time one may figure out how to use a new desktop environment efficiently to perform the customary tasks you used to perform another way using an older desktop.

As long as we are carping, I notice that various tasks seem to all be slightly slower in Tails 2.0 than Tails 1.8.2 and earlier. No idea whether that has something to do with systemd. I worry that switching back and forth between two desktops, various simple tasks in gedit such as spellchecking, and various other simple common tasks all seem to now take two clicks rather than one, which is annoying and will wear out my keyboard twice as fast. Saving text files created with gedit might be hard for newbies because they need not only to realize they need to save them in Tor Browser (the folder i.e the subdirectory in amnesia home directory), but that to they need to scroll in the gedit menu to find Tor Browser at the very bottom of the menu. Similarly mounting a USB stick got less intuitive, but once you figure it out it's not really much slower. But those are all convenience issues with Gnome classic, I think.

However, balancing all these against the sandboxing, and basing Tails on the current stable (Jessie) version of Debian, I think the better security makes Tails 2.0 a huge improvement.

exalent

AntiVirus detected Trojan

HEUR/QVM20.1.Malware.Gen

Yes, crappy antivirus products marking legitimate software as malicious are a real headache.

See also
https://www.torproject.org/docs/faq#VirusFalsePositives

That's from Qihoo, a Chinese antivirus. They were caught cheating on independent tests by enabling Bitdefender algorithms for the test while using their inferior QVM engine in China.

https://www.grahamcluley.com/2015/05/revealed-anti-virus-product-cheat/

Of course a Chinese antivirus company will say that Tor is malware.

Whilst the "defence against font enumeration attacks" is welcomed for use by the super paranoid,,, for mr, miss and mrs bloggs just using Tor for anonymous blogs, tumblr. etc it seems overkill and we lose our - all important, lol - emoji support. If we had a switch to turn this feature off and on then this would be cool...

How can I test whether this is really caused by our font fingerprinting defense?

Where is the face in https://trac.torproject.org/projects/tor/ticket/17270#comment:10?

I see, thanks. This is https://bugs.torproject.org/18172 now.

What OS did you use here? Thanks.

Who me, the original complainant? Windows 10. The previous Tor version is fine, this one 5.5 displays a lot of missing character placeholders,, sorry I didn't want to cause a fuss about it, but keep up the good work ;)

Hello, the original commenter here,, I fixed the problem by adding Segoe UI Emoji to the font whitelist and now the emoji are even better than before..! :D

Be aware, though, that you are probably the only one doing this and are thus sticking out of the crowd. We plan a 5.5.1 bugfix release addressing this issue. It should come out the next days.

Why was flashproxy removed?

Above it points to
https://trac.torproject.org/17428
which points to
https://trac.torproject.org/16756

The short answer is that because it required users to set up their own port forwarding, it basically got no users.

The plan is to dump it for now, to simplify the interface and reduce confusion for Tor Browser users.

In the mean time check out Snowflake:
https://lists.torproject.org/pipermail/tor-dev/2016-January/010310.html
which is not ready yet but I'm very excited about.

I thought WebRTC was disabled for security in the Tor Browser. Does this mean if it ever gets deployed it will not make into it?

Not necessarily. What we don't want is that basically any website can use WebRTC to find things out about you and your computer. Having WebRTC available in the trusted part of the browser (be it in an extension or be it in an communication with an external part of the browser bundle or...) is a different thing (see: e.g. https://trac.torproject.org/projects/tor/ticket/14836) provided it adheres to fundamental things like proxy obedience (https://trac.torproject.org/projects/tor/ticket/16221).

I don't know enough about Snowflake to make suggestions on what we need to change on the Tor Browser side, though. Thus, we'll see how it goes.

Love TOR! - LOVE IT!! ...and I thank you for it... =]
... though I've naughtily installed Firefox plugins: Privacy Settings, Ublock Origin and Random Agent Spoofer ..... bad idea? ... or Ok?

Depends on your threat model. It will definitely make you stand out amongst Tor users, but if that is of no concern to you, then that's alright.

Bad idea.

Edit: Ok.. cheers for the replies... =] ... [removed them] ... will keep Tor unmodified.

Couldn't Load XPCOM . Fix?

https://www.torproject.org/docs/faq#XPCOMError

[Edit: looks like this one is because of a bug in the Windows 10 alpha, and not related to the old issue that showed up because of Webroot. See more of the thread below.]

This is usually because of Webroot® SecureAnywhere™. Try disable it or wait for them to upgrade their signatures.

I don't have Webroot installed or any other antivirus with the exception of Windows Defender. Still get the same "Couldn't load XPCom" error...

I suddenly have the problem too after windows 10 updated to build14251 i don't use Webroot at all.

Looks like it's because of Windows 10 Build 14251

+1
Windows 10 Build 14251 installed on the fast ring, and now TOR Browser will not start, with msg "Couldn't load XPCOM".
Windows event log shows failing program as nspr4.dl, version 4.10.10.0, Exception code: 0xc0000005, Fault offset: 0x00020db2

We're tracking the issue here:
https://trac.torproject.org/projects/tor/ticket/18171
Please help if you can. Thanks!

Installed Windows Fast Ring Build 14257. Tor Browser 5.5 now works.

Awesoooooooooooooooooomeeeeeeeeeee

how can i see if i am (only me) under survey, 'targeted', in danger in real time ?

i mean , how can i know that that the contact or connection is compromised ?

i mean that the users have not something like a progression bar surveying the censor or a bip saying "cut the connection immediately".

this version 5.5 looks fine and sounds perfect.

Ricochet seems not to be updated (1.0) and the 1.1 does not work.

cheers.

You mean like in the movie 'Sneakers', where there's a global map and you can see the progress that the bad guys make at tracing the hero, and you make sure to hang up the phone right before the trace finishes? I want one of those too. Nobody knows what it should measure or how it should work in reality though.

For issues in Ricochet, I suggest contacting the Ricochet person. (This is a blog post about Tor Browser.)

tor would need anonymous hop-by-hop metrics forwarded to clients, measurements including latency and bgp analysis for starters, not to mention real time analysis of this data. None of which exists as tor only has padding support, which isn't used because it primarily targets malicious nodes and network-internal adversaries, and this is neither a well defined problem nor are the solution shown to be provable mitigations.

First and foremost then, tor needs useful padding to simulate uniformly diverse network use, while simultaneously considering both network-internal, and passive, possibly global adversaries.

Story I've heard: general visited a Pentagon cyberwar room, wandered around peering over shoulders, seemed very interested in one screen featuring a particularly vivid display showing warring packets bouncing back and forth over a world map, between USA and North Korea. Somehow his embarrassed escorts managed to avoid confessing that the display which so fascinated him was a *screensaver*. No cyberwar was actually in progress.

Tor is the shitttt

But we need this at middle east

If you are having trouble using Tor Browser or Tails in the ME, please explain, since others might be having the same problem, and someone here might be able to tell you how to fix it.

What more do you know about onion routing?

yas! love the updates. Screw you, lightspeed! Take that!!!

Can't load xpcom comes up now and I can not connect to browser on either version update today...... Help!!!!!

See above lunar's comment.

mucha gracias por darno esta oportunidad de ser libre a los que no podemos tener esta libertad y tener internet estable mucha gracias mucha gracias espero hacer mi donacion en su momento por a hora estoy en banca rota de verdad se los digo

Thank you to all the cool people who make Tor possible! I will donate as soon as I have bitcoin set up. Keep up the good work.

Спасибо за Ваш труд

BUG: Cannot maximize the browser window if extensions.torbutton.maximize_warnings_remaining is zero.
If I set it to any positive integer greater than zero, I get the warning when I maximize and the window stays maximized, and the value of extensions.torbutton.maximize_warnings_remaining decrements by one.
Once it hits zero, the browser resets to default size whenever I try to maximize.

Works fine for me on a Ubuntu testing machine after an upgrade from a fresh 5.0.7. How can I reproduce your problem? Which operating system are you using? Is this a new bug in 5.5?

bugzilla confirms that (6.0a1 on Win7). Nice way to remove ugly rectangle on bottom without breaking resolution ;)

It actually leads to a non-rounded window on start-up: https://bugs.torproject.org/18175

This is: https://bugs.torproject.org/18174 now.

After upgrading to 5.5, when visiting https://check.torproject.org/?lang=en_US I get error (Error code: ssl_error_no_cypher_overlap).

I had manually disabled some ciphersuites so I'm not reporting a bug, but upon further investigation, it appears that check.torproject.org doesn't support TLS 1.2. See https://www.ssllabs.com/ssltest/analyze.html?d=check.torproject.org

Validating TLS 1.2 support seems like a potentially useful byproduct of clicking over to check.torproject.org. I realize that's not its primary purpose, but just a thought..

Thanks for a great release and for doing such a great job of keeping pace with Mozilla on Firefox's release schedule!

This *is* a bug. And has been known for more than a year: https://trac.torproject.org/projects/tor/ticket/13972

Not sure why is taking so long to update that server.

yes i agree, can tor developers comment on this?

Geog Koppen thanks for new Tor Browser update.

Since the upgrade there are problems with sites using frames. All anchors targeting specific frames are in fact opening in new windows instead of specified tabs.

I'm hoping for a fast fix since many web apps are now very difficult to use.

On lighter note, I like the new About:Tor look. Kudos to the Artist. In Wiccan colors doctrine green indicates and attracts money (though it sounds too much like a United States centric view, money not being green everywhere) But green or no green, I just hope Tor gets a lion's share of funding this year. All the best, Happy New Year.

Es!!!

good work

An exciting release! Many thanks to TBB team for the new protections.

Also, the Tails 2.0 announce is closed, but many thanks to the Tails team for all their work in porting to Jessie/systemd, especially for new protections. Just transferred a stack of DVDs to a spindle, and noticed this included a collection going back to Tails 0.12. And I was a Tails user long before that edition. Good times, good times!

its a very good product

Me gusta utilizar el 5.5 para navegar en sitios web bloqueados en mi pais, Guinea Ecuatorial

I love you Tor Browser.

Hi,
I'm not familiar with the nuts & bolts of updates or browsers in general, but is the visual change in the font used due to "a defense against font enumeration attacks?"

Yes.

In an older version, signing into my yahoo.com email would frequently trigger a yahoo security block, saying I was logging in from a foreign country, and would have to change my password before I could log in.
Am I reading that this was fixed, so I can start using TOR more regularly?

Where are you reading this?

It won't have been 'fixed', because it's not Tor's fault.

From experience with Hotmail (Microsoft owns both Hotmail and Yahoo), you have to keep logging in from the same country as last time in order not to trip their two factor authentication security. To do this, choose one country you always want to appear to log in from: either of Germany or USA is best as they have the most exit nodes. Speaking unixish, edit /etc/tor/torrc to add a new line thus:

ExitNodes {us}

or

ExitNodes {de}

Restart Tor to enforce this.

If you are using Tails, Vidalia may show paths that don't conform (at first). Don't worry about this, as non-compliant paths won't get used, but if you choose any low exit node count country, it may take time for Tor to make the right paths (I think Tor doesn't aim for the country you specify, just still selects nodes randomly).

You'll still have to satisfy the two-factor authentication first time round, probably.

Microsoft doesnt own Yahoo.

Здравствуйте! После обновления у меня в игре исчез чат, помогите востановить. В остальном проблем нет. Спасибо ))

Просто БОЛЬШОЕ ВАМ ЧЕЛОВЕЧЕСКОЕ СПАСИБО ! Туркменистан - Ашхабад

Thank you from the sunny Uzbekistan. I wish you all the best on your projets!!!! Tor is cool !!!!

Many thanx from Russia and good luck!

but... italian linguage???

Tor Browser in italian is available on our download page for a while now. Just go to https://www.torproject.org/download/download-easy.html.en and click on the drop down box below the purple download button and choose "Italiano". Then click on the download button and you get the italian version.

hi. nice update.
sadly the squirrel mail web interface is now unusable, every single click opens in a new tab.

This might be https://bugs.torproject.org/18168. We are currently investigating it.

i am using squirrel mail with security settings set to high (javascript disabled) and having the same issue. clicking any link in the left frame (folders list, the check mail or folder sizes link) opens a new tab instead of loading the page in the right frame.

in tor browser 5.0.7 all worked well.

check this live-demo to reproduce the issue:
http://www.tagindex.net/html/frame/example_t04.html

There are no new tabs opening for me in your demo. If I click on the links just the frames get actualized.

change

network.http.sendRefererHeader;1
network.http.sendSecureXSiteReferrer;false

and it starts opening in new tabs instead of frames

worked in 5.0.7

I like the intention behind these changes, but you should know this is fingerprintable.

СПАСИБО ЗА ВАШ ТРУД!!!

Hi my dear friends
Thank you of this program...
At Iran isnot freedom internet.
thanks.....thanks

don't coming up for me

excelente

I just applied this update and now some fonts and font sizes are not rendering. I tested this on a local website.

Fonts not rendering:

Candara (default bootstrap.css font), Calibri, "Franklin Gothic",

Arial font declaration:

font-family: arial; font-size:11px; text-transform: uppercase;
(renders as lower case and ignores 11px)

We are shipping a font whitelist now to avoid font enumeration by tracking websites. You can see the whitelist on about:config. The preference `font.system.whitelist` as all the items.

Спасибо огромное !!!

Я счастлив, что имею возможность выходить в интернет через браузер TOR оставаясь под чужим ip !!!! Свобода действий. Класс. Пишите русско-говорящие, найдем общую тему, прокачаемся по полной.

От души Вам братья и сестры! Всем Мира и Баланса во всем))

So I've been using custom obfs3 bridges before and they work fine but now I tried custom obfs4 and I can't connect to any sites. Already tried 6 different bridges. If I use the provided obfs4 bridges everything works fine. What can I do to solve this?

From log,

[WARN] Proxy Client: unable to connect to ............. ("general SOCKS server failure")

[NOTICE] Delaying directory fetches: No running bridges

[WARN] Proxy Client: unable to connect to ............. ("general SOCKS server failure")

[NOTICE] Tried for 120 seconds to get a connection to [scrubbed]:80. Giving up. (waiting for circuit)

Super

Thx

http://r3yuljaqrzc7nurq.onion/index.php

http://news.gmane.org/gmane.linux.kernel is not working anymore with this release. Clocking in individual messages doesn't update lower window.

Thanks for this report. This seems to be https://bugs.torproject.org/18168 which we are currently working on.

Thanks for all your hard work.

That's great to have another new release. I'm just wondering that, when will there be a new Tor Brower release of zh_TW version ? Since I have finished that part of translation on Transifex last week.

Adding new locales is currently tricky as it is quite resource intensive for us to ship additional ones for all platforms we support + alpha and stable series at least. Per locale this would add ca 1GB disk space we'd need. We are therefore working on a generic bundle which would contain at least some locales (e.g. zh_TW). You can follow (and, of course, participate in) the discussion in https://bugs.torproject.org/17400.

the old browser is right the new browser is not undastrend

Speaking of progress on the usability side... It would be nice if all those fixed bugs listed in the changelog were clickable links!

Yeah, we are trying this first with the bugs in the alpha changelog on our blog and were just waiting for feedback, thanks! Or do you mean the changelog shown after update within Tor Browser itself (as well)?

At first I meant the blog post, but then I realized that the only reason I clicked to the blog post in the first place was in hopes of finding links to details on specific bugs. So if the release notes in the browser were clicky it would be even handier!

This is https://bugs.torproject.org/18227 now, thanks.

Is Tor Browser 5.5 supposed to replace 5.0.7 or will there be a 5.0.8?

Yes, it is supposed to replace 5.0.7. There won't be a 5.0.8.

thanks TOR
From IRAN

french language?

j'apprecie beaucoup

good

thanks tor

Can't play mp4 more

mwen pa konn koman yo itilizel chak tan mwen chache itilizel li paka mache.....c´est pour cette raison j´aimerais avoir um pouco de ajuda but i don´t how i can do for the help..

Preferivo restare alla versione precedente.
Questa nuova mi crea parecchi problemi e mi blocca alcune funzioni di alcuni siti.

Why is "www.vk.com (Log in)" not working? (linux .. 5.5 and 6.a01)

On Windows the same problem

some characters & font are broken

I Use Tor Browse For Facebook And I Can't See My Emojis. Is There A Way I Can Uninstall Update ?

Not really, but a better option would be to wait for 5.5.1 which is planned to come out within the next days where this should be fixed.

hi. nice update.

There are loads of XPCom errors with the new windows 10 build

What does it mean if the "signature made date" is different from what appears on the Tor Project web page about verifying signatures (https://www.torproject.org/docs/verifying-signatures.html.en)?

According to the Tor Project, the result should be:

gpg: Signature made Tue 24 Jan 2015 09:29:09 AM CET using RSA key ID D40814E0
gpg: Good signature from "Tor Browser Developers (signing key) "
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290

Everything matches except for the bold parts, which presents a different date and time. Does that mean no one has updated the verifying signatures page since it was written and it is safe to consider the package verified?

Yes, correct. The instructions page gives you example output. Since we have to sign each new package, the timestamp on each new signature will be different.

Thanks for the update, but seems there is a big f*ckup in Firefox. Frames don't work anymore as expected and always open a new tab instead opening in the intended frame. Also automatic refreshing is broken and stops working erratically. I tried TBB on Windows and Tails, same behavior. Any other browser works fine!

Any way to mitigate? Keeping the old version is not an option! Otherwise I hope for a quick update. Thanks for all the hard work.

If you want to reproduce what I describe, check out this chat or install the script somewhere yourself: http://tt3j2x4k5ycaa5zt.onion/chat.php

درود بینهایت به فعالان در پروژه بی همتای تور

با تشکر فراوان از تمام دوستان متعهد و معتقد به آزادی بیان و حقوق بشر که با راه اندازی این پروژه بزرگترین کمک را به من و دیگر شهروندان کشورم ایران کرده اید ، تا در هر زمان و مکان ، بدون نگرانی از ردیابی شدن توسط سازمانهای قوی جاسوسی و امنیتی اینترنتی رژیم ایران. زیرا این سازمان ها و افراد متخصص فراوانی که در آنها کار میکنند ، به غیر از فیلتر کردن گسترده اینترنت برای مردم ایران ، کار مهم تر آنها ردیابی اینترنتی کل مردم میباشد و اگر فردی بوسیله ضد فیلتر به سایت های فیلتر شده وارد شود یا نظرات شخصی خودش را در اینترنت منتشر کند ، خیلی راحت توسط حکومت دزدیده یا دستگیر میشود ، بدون هیچ اعلام قبلی و یا حکم دادگاه. افراد زیادی بدون تفهیم اتهام و برگزاری دادگاه ، در مکانهایی که حتی خانواده آنها خبر ندارند توسط بازجو ها زیر شکنجه می میرند. از اینگونه افراد بسیار هستند در ایران ، ولی تنها خواندن جریان یکی از این افراد کافی است تا درک شود : تنها عقیده شخصی را بیان کردن تاوان مرگ دارد. نام یکی از این عزیزان هموطن من "ستار بهشتی " می باشد ، فقط نام او را جستجو کنید. به این دلیل ممنون از شما عزیزان در پروژه تور هستم. که راه حضور و فعالیت امن را در اینترنت به من و جمع خیلی زیادی از هم وطنان من در ایران فراهم کردید. من از ابتدای شروع به کار تور از مشترکین شما بودم و خواهم بود ، تبریک می گویم که روز به روز کیفیت و قدرت کار شما افزایش داشته است.
در آرزوی دنیای آزاد و صلح فراگیر
یک ایرانی

دوست عزیز من هم ایرانیم و از تور استفاده میکنم ولی با نظر شما مخالفم. درسته که در بعضی موارد اتفاقات ناخوشایندی افتاده، مثل مرحوم ستار بهشتی. ولی رژیم همیشه اینطوری برخورد نکرده. اساساً در توانش نیست که چنین کنترلی بر این همه کاربر اینترنت داخلی داشته باشه. شما رو ارجاع میدم به سایتهای مختلف خبری داخلی و فیسبوک و امثالهم که اشخاص فراوانی با پروفایل واقعی و با استفاده از ایمیل شخصی نظرات خودشون رو هر چند مخالف رژیم بیان میکنن. این حجم از ابراز نظر اساساً قابل پیگیری نیست. بنابراین اگر با نظام جمهوری اسلامی مشکل داریم، که به حق است، از دایره انصاف خارج نشیم و تخیلات خودمون رو به عنوان واقعیت به جهان معرفی نکنیم.
ممنونم

ok

very good in performance but a bit slow in loading.

puzzling proxy URL.

I have been using 5.5 for a few days and it has been swaping proxies fine when I select 'new tor circuit for this site', Today no matter how many times I do that or even reboot TOR completely the top site is still showing as 176.126.242.49 (UK) yet a who is search draws a blank. Any ideas? If this is a gaurd proxy why has it only appeared today?

John

https://atlas.torproject.org/#search/176.126.242.49

Looks fine and normal to me.

Thanks for your work.
I would like to help translate the Tor into Ukrainian.

so its not working better opning some sites but not playing

Спасибо!

Dear Team,

Using this version, I cannot see Bangla Font nor can't write in Bangla. Can you please look this issues?

Regards,

Joy

Hello, can you tell us what your operating system is (Windows/Mac/Linux)? What is one of the web sites that don't work?

https://bn.wikipedia.org/ is working for me on GNU/Linux with Tor Browser 5.5, using the font "Noto Sans Bengali":

You can find out what font the browser is trying to use by right-clicking on some text, selecting "Inspect Element", and then clicking on "Fonts".

i'm using windows. here i'd tried different font but none of them worked. the problem is, i've installed these fonts and moved them to "font" folder but couldn't find any of them on browser font selecting option :/

tor>options>content>default font- none of them found.

-borsian_sisu

Do you mean the default font worked but not the custom one you used? For what it is worth there is the preference font.system.whitelist which is accessible vai about:config that is governing which fonts are available. You could test whether adding your font(s) to this preference is working for you although having them there is not recommended. You are probably the only one doing that and are therefore sticking out of the crowd.

It is rendering fine for me on Windows 7, using the system font "Vrinda":

You won't be able to configure alternate fonts unless you change the font whitelist, as gk suggests. But you should think before changing the whitelist, as it is a safety feature.

comment please ?

http://miupix.cc/pm-LSXABV

using Windows 7, privacy setting High and js manually disabled.

you're amazing, thanks

بسیار سپاس گ.زارم از همت بلند انسان دوستانه شما

Блин, классный браузер! Я в восторге! А наш Роскомнадзор пусть застрелится! :-)

I have been using TOR for a long time in WINDOWS 10 till this last build of WINDOWS broke TOR WINDOWS 10 version (OS BUILD 14251.1000) .I get XPCOM can't load .
I have tried reinstalling TOR and does not help .

I have been using TOR for a long time in WINDOWS 10 till...

Stop using Microsoft Windows OS, especially Windows 10. The latter sends everything you do online to its servers in the US where all data is being collected for and by the NSA.

Start your switch of OS to a Unix-like operating system and use TBB with it.

سلام گرم من را از ایران بپذیرید تور سنبل آزادی بیان در کشورهای دیکتاتوری می باشد و من آرزو دارم روزی امکان کمک به این پروژه برایم فراهم شود . موفق و پیروز باشید و همیشه پیشرو چون زندگی و آزادی افراد زیادی به شما وابسته است.

I resent the fleers of those who supported the removal of 'comic sans' from the font menus. LOL

Ok, so y'all probably did so to eliminate a perceived security issue and, yes, I can live with that... I must!

I certainly wasn't aware that sites must interact with the browser in this regard and can thus detect which fonts are requested. I simply accepted that my font selection was purely a local system matter

But all those other sans-serif fonts appear, to me, as overly angular, ugly and harsh. Comic sans is fat and comfortable. We'll truly miss it.

When will torproject.org upgrade from TLS 1.0 to 1.2? This is a security concern that has been known for a long time.

I am using Tor and some Times another ,like Ultra Surf and Free Gate, but the Tor is most better ,than others.

It does not work the entrance to the vk.com. By clicking "Sign in" open a new tab , but there is no authorization .

This might be a problem caused by https://bugs.torproject.org/18168. We are currently testing a fix.

I have the same issue as the person above with the latest Win10 preview build (14251). Tried both 5.5 stable and 6.0 Alpha releases of Tor browser, both are a no-go.

Are we ever going to get any replies about this xpcom error that the new build of windows has broken?

Other than people not actually reading the comments and just pointing to Webroot...

https://bugs.torproject.org/18171 is the one where we track and investigate this. Please follow this one and help with testing patches/tracking the root cause down if you can, thanks!

I have the same issue as the person above with the latest Win10 preview build (14251).

Why are you still using the preview build of Microsoft Windows 10? The retail version of it has been released for a few months now and Microsoft is offering FREE upgrades to users of legitimate copies of Windows 7, 8 and 8.1.

I'm using the technical preview builds because I'm enrolled in the Windows Insider program. It's not an old build - it's the latest build published to the Fast ring. If I was using an old build, Tor would still be working fine!

ughhh...after this update, none of the sites i go to work anymore...

How can I reproduce your problem?

I have tried on two computers to access tor today, and only one site that i tried actually displays. What do I need to do? I just updated the browser today also.

I cannot see most of my bookmarked pages. They are just blank. I got the update today, what do i do?

Hello and good morning everyone

I don't know why but it seems like a lot of obfs4 providers and bridges are just evaporating. here is the case:

I go to https://bridges.torproject.org/bridges?transport=obfs4 and I get new bridges, but the problem is that after a few hours I get a lot of messages like this in my my tor log:

2/2/2016 1:18:22 AM.200 [WARN] Proxy Client: unable to connect to 198.23.141.168:44323 ("general SOCKS server failure")

meaning that for one reason or another my tor client is not able to communicate with this IP. Now here is my question:

Is the local gov guessing or somehow getting the bridges and their respective ip and port number and just blocking them, by simply having a lot of guys doing the job of simply surfing to https://bridges.torproject.org/bridges?transport=obfs4 and black listing the ip and port addresses??

or are the bridges really unstable at the moment?? why am I getting a lot of

2/2/2016 1:18:02 AM.500 [WARN] Proxy Client: unable to connect to 194.132.209.183:41172 ("general SOCKS server failure")
2/2/2016 1:18:02 AM.500 [WARN] Proxy Client: unable to connect to 194.132.208.206:36491 ("general SOCKS server failure")
2/2/2016 1:18:02 AM.600 [WARN] Proxy Client: unable to connect to 194.132.209.153:54104 ("general SOCKS server failure")
2/2/2016 1:18:02 AM.600 [WARN] Proxy Client: unable to connect to 37.218.246.199:41909 ("general SOCKS server failure")
2/2/2016 1:18:02 AM.700 [WARN] Proxy Client: unable to connect to 194.132.209.177:35909 ("general SOCKS server failure")
2/2/2016 1:18:22 AM.200 [WARN] Proxy Client: unable to connect to 172.245.230.92:42061 ("general SOCKS server failure")
2/2/2016 1:18:22 AM.200 [WARN] Proxy Client: unable to connect to 198.23.141.168:44323 ("general SOCKS server failure")
...
...
...
..
???

thank you TOR. We all <3 you

The other day the "Tor circuit for this site" disappeared.
"New Identity" and "New Tor Circuit for this Site" would not bring this information back.

I've read similar issues from others suggesting prolonged use of the browser caused the same issue - this could have been the case here as the browser may have been open after a period of sleep of the computer.

The connection is: 127.0.0.1 Port: 9150 SOCKS v5 and Remote DNS is checked.

Tor worked normally and the check.torproject.org would display various IP addresses. Just the info tab was missing completely.

Could a MITM attack sit between my computer and the entry or directory node and remove this information to keep himself hidden? Any other ways this information could be removed but Tor still work normally?

Or is this just a bug that has not been worked around yet?

Also, how do I check my current Tor version? I'm quite sure it is 5.5 as I remember the update being only a few days ago and noted the new Japanese language update.

Thank You.

You can check your version by opening about:tor in a new tab and on the upper right corner you should see the Tor Browser version.

Yes, this bug is still open as it seems hard to track down: https://bugs.torproject.org/16990.

Could a MITM attack sit between my computer and the entry or directory node and remove this information to keep himself hidden? Any other ways this information could be removed but Tor still work normally?

Yes, it's possible and doable. In fact the staff at TAO, Tailor Access Operations, discovered and use this exploit to their full advantage.

I'm sorry, but I think this comment is wrong. Or at least, it comes with no supporting details. The fact that Tor Browser's circuit list went away is the bug that gk pointed to. It's not an indication of an attack on your connection to your guard. And no, it's a client-side bug, so a mitm influencing it makes no sense.

EXCELLENT!! A stable base to browse 'OFF THE GRID' ,if you like!! *****

Nice

Спасибо огромное !!!

There is a popular website used to download youtube videos: http://savefrom.net It works with previous stable version of TBB, but doesn't work with this 5.5 release. Could you fix it?

This seems to be https://bugs.torproject.org/18168 which will be fixed in 5.5.1 coming out soon. Testing bundles can be found on https://people.torproject.org/~gk/builds/5.5.1-build1

Thanks a lot for this fix! Indeed, now in 5.5.1 it works again.

Run a relay ; ???

could you add something like a gui for creating/making config a relay ?

Running a relay sounds very difficult _ your language is not one of my native, sorry !

i could help but too many things are to do, to verify, to check : a gui and an automatic install could be helpful.

5.5 works fine ; thx.

سلام اگر ورژنش سرعیتر بشه برای اینترنت ایران اخرشه یعنی اینکه برای سرعت کم اینترنت ایران هم بهتر بشه

On MacOS 10.7 it stalls with 2 tabs open. I close the tabs, then try to quit, it won't quit and the menu still works. All bookmarks randomly appear and disappear.

Activity monitor shows 37(!) threads, 226 MB + 194 virtual mem. That's with no tabs open.

I call that broken. Why not simply release the standard Tor CLI ported to MacOS instead of wasting time on FireFix bloatware?

How can I reproduce that? And, no, providing Tor alone does not help against the application level linkability and fingerprintability.

"The results suggest that the most common uses for websites on Tor hidden services are criminal, including drugs, illicit finance and pornography involving violence, children and animals."

https://nakedsecurity.sophos.com/2016/02/03/dark-web-is-mostly-illegal-say-researchers/

Thats why I don't donate to Tor. I have a problem to help criminals indirectly.

oh dear my dear ... are you implying tor project is an criminal organization ? if so why the hell you here probably using tor browser ? will you please just do one you will not be missed, by me at least ... i am personally willing to die for others freedom regardless if i agree or disagree with them.

"one person terrorist is another person freedom fighter"

It's like: I don't pay for the Internet, because there are some bad sites.

but you pay your taxes ... funny.

pfff they want the market so they say that it is illegal.

come on who even read this kind of sh*t comment ... let me make it clear most anti-virus companies sell their products mostly based on fear or ignorance.. more than likely the later or both ... so if these hero fear-mongers so factual and trustworthy then why are they looking at the above mentioned sins and so called evils ? my 2 cents they are the evils themselves and fiddlers and pushers ..

my doctor gives me drugs... i give monies to the less fortune than myself ... masturbation of porn prevents diseases or physical contacts...

all of the so called potential criminal actions you mentioned can be achieved on the clear-net and off the dark-net e.g. in someone home or even ignored by the people who should be protecting us e.g. the law enforcement or makers.

It seems you forgot to point to the flip side of the coin, quoting Kate's reply:

"The researchers seem to make conclusory statements about the value of onion services that lie outside the scope of their research results. Onion services are a tool with unique security properties used for a wide range of purposes: They are self authenticated, end-to-end encrypted, and offer NAT punching and the advantage of a limited surface area."

https://nakedsecurity.sophos.com/2016/02/03/dark-web-is-mostly-illegal-say-researchers/

Выражаю слова огромной благодарности тем людям,которые предоставляю мне возможность выходить в интернет через Tor Browser ! Здоровья Вам,творческих успехов и удачи во всех ваших делах

Thank you so much for a real, professional and very good browser!

Thanks! It's always great to hear feedback like this.

Dear Team! Everithing worked for me just fine, but with update 5.5 there has been a problem with vk.com authorization. Anything I tried not working (message "unable to complete authorization... wrong system time(or smth like that) continuously pops up. Thanks in advance.

5.5.1 update : feedback

ok : done
browsing : frozen screen , all my apps are no-responsive , something is wrong.

ok : shut down
ok : restart
ok : erasing tor folder
ok : download && install torbundle 5.5.1 / good signature && settings && surf

ok : perfect !

:) thx.

Спасибо !!! Роскомнадзору, привет...

Starting with this version I cannot run Tor with setgid anymore. I used to do that because I allow outbound access in iptables only for a specific group. Should I file a bug report?

Sounds like a good idea. Make sure you put it into the "Tor" component.

This information was helpful, thanks for these updates!

Syndicate content Syndicate content