Tor Browser 6.5 is released

Tor Browser 6.5 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This is a major release and the first one in the 6.5 series. First of all it fixes the usual critical bugs in Firefox by updating to ESR 45.7.0. It contains version updates to other bundle components as well: Tor to 0.2.9.9, OpenSSL to 1.0.2j, HTTPS-Everywhere to 5.2.9, and NoScript to 2.9.5.3.

Besides those updates Tor Browser 6.5 ships with a lot of the improvements we have been working on in the past couple of months.

On the security side we always block remote JAR files now and remove the support for SHA-1 HPKP pins. Additionally we backported from an other firefox branch patches to mark JIT pages as non-writable and other crash fixes that could disrupt a Tor Browser session quite reliably.

With respect to user tracking and fingerprinting we now isolate SharedWorker script requests to the first party domain. We improved our timer resolution spoofing and reduced the timing precision for AudioContext, HTMLMediaElement, and Mediastream elements. We stopped user fingerprinting via internal resource:// URLs, and for Windows users we fixed a regression introduced in Tor Browser 6.0 which could leak the local timezone if JavaScript were enabled.

A great deal of our time was spent on improving the usability of Tor Browser. We redesigned the security slider and improved its labels. We moved a lot of Torbutton's privacy settings directly into the respective Firefox menu making it cleaner and more straightforward to use. Finally, we moved as many Torbutton features as possible into Firefox to make it easier for upstreaming them. This allowed us to resolve a couple of window resizing bugs that piled on over the course of the past years.

The features mentioned above are only some of the highlights in Tor Browser 6.5. The full changelog since 6.0.8 is:

  • All Platforms
  • Update Firefox to 45.7.0esr
  • Tor to 0.2.9.9
  • OpenSSL to 1.0.2j
  • Update Torbutton to 1.9.6.12
    • Bug 16622: Timezone spoofing moved to tor-browser.git
    • Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
    • Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
    • Bug 20701: Allow the directory listing stylesheet in the content policy
    • Bug 19837: Whitelist internal URLs that Firefox requires for media
    • Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
    • Bug 19273: Improve external app launch handling and associated warnings
    • Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
    • Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
    • Bug 17767: Make "JavaScript disabled" more visible in Security Slider
    • Bug 20556: Use pt-BR strings from now on
    • Bug 20614: Add links to Tor Browser User Manual
    • Bug 20414: Fix non-rendering arrow on OS X
    • Bug 20728: Fix bad preferences.xul dimensions
    • Bug 19898: Use DuckDuckGo on about:tor
    • Bug 21091: Hide the update check menu entry when running under the sandbox
    • Bug 19459: Move resizing code to tor-browser.git
    • Bug 20264: Change security slider to 3 options
    • Bug 20347: Enhance security slider's custom mode
    • Bug 20123: Disable remote jar on all security levels
    • Bug 20244: Move privacy checkboxes to about:preferences#privacy
    • Bug 17546: Add tooltips to explain our privacy checkboxes
    • Bug 17904: Allow security settings dialog to resize
    • Bug 18093: Remove 'Restore Defaults' button
    • Bug 20373: Prevent redundant dialogs opening
    • Bug 20318: Remove helpdesk link from about:tor
    • Bug 21243: Add links for pt, es, and fr Tor Browser manuals
    • Bug 20753: Remove obsolete StartPage locale strings
    • Bug 21131: Remove 2016 donation banner
    • Bug 18980: Remove obsolete toolbar button code
    • Bug 18238: Remove unused Torbutton code and strings
    • Bug 20388+20399+20394: Code clean-up
    • Translation updates
  • Update Tor Launcher to 0.2.10.3
    • Bug 19568: Set CurProcD for Thunderbird/Instantbird
    • Bug 19432: Remove special handling for Instantbird/Thunderbird
    • Translation updates
  • Update HTTPS-Everywhere to 5.2.9
  • Update NoScript to 2.9.5.3
  • Bug 16622: Spoof timezone with Firefox patch
  • Bug 17334: Spoof referrer when leaving a .onion domain
  • Bug 19273: Write C++ patch for external app launch handling
  • Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)
  • Bug 12523: Mark JIT pages as non-writable
  • Bug 20123: Always block remote jar files
  • Bug 19193: Reduce timing precision for AudioContext, HTMLMediaElement, and MediaStream
  • Bug 19164: Remove support for SHA-1 HPKP pins
  • Bug 19186: KeyboardEvents are only rounding to 100ms
  • Bug 16998: Isolate preconnect requests to URL bar domain
  • Bug 19478: Prevent millisecond resolution leaks in File API
  • Bug 20471: Allow javascript: links from HTTPS first party pages
  • Bug 20244: Move privacy checkboxes to about:preferences#privacy
  • Bug 20707: Fix broken preferences tab in non-en-US alpha bundles
  • Bug 20709: Fix wrong update URL in alpha bundles
  • Bug 19481: Point the update URL to aus1.torproject.org
  • Bug 20556: Start using pt-BR instead of pt-PT for Portuguese
  • Bug 20442: Backport fix for local path disclosure after drag and drop
  • Bug 20160: Backport fix for broken MP3-playback
  • Bug 20043: Isolate SharedWorker script requests to first party
  • Bug 18923: Add script to run all Tor Browser regression tests
  • Bug 20651: DuckDuckGo does not work with JavaScript disabled
  • Bug 19336+19835: Enhance about:tbupdate page
  • Bug 20399+15852: Code clean-up
  • Windows
    • Bug 20981: On Windows, check TZ for timezone first
    • Bug 18175: Maximizing window and restarting leads to non-rounded window size
    • Bug 13437: Rounded inner window accidentally grows to non-rounded size
  • OS X
    • Bug 20590: Badly resized window due to security slider notification bar on OS X
    • Bug 20439: Make the build PIE on OSX
  • Linux
    • Bug 20691: Updater breaks if unix domain sockets are used
    • Bug 15953: Weird resizing dance on Tor Browser startup
  • Build system
    • All platforms
      • Bug 20927: Upgrade Go to 1.7.4
      • Bug 20583: Make the downloads.json file reproducible
      • Bug 20133: Don't apply OpenSSL patch anymore
      • Bug 19528: Set MOZ_BUILD_DATE based on Firefox version
      • Bug 18291: Remove some uses of libfaketime
      • Bug 18845: Make zip and tar helpers generate reproducible archives
    • OS X
      • Bug 20258: Make OS X Tor archive reproducible again
      • Bug 20184: Make OS X builds reproducible (use clang for compiling tor)
      • Bug 19856: Make OS X builds reproducible (getting libfaketime back)
      • Bug 19410: Fix incremental updates by taking signatures into account
      • Bug 20210: In dmg2mar, extract old mar file to copy permissions to the new one

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

I'm loving it!

YES

thanks !

browserfingerprint result is even in the highest setting not very good

"Are you unique? Almost! (You can most certainly be tracked.)"

[details snipped]

But only 301 browsers out of the 301007 observed browsers (0.09 %) have exactly the same fingerprint as yours.

middle setting
--------------------
"Are you unique?" Almost! (You can most certainly be tracked.)"

[details snipped]

"But only 391 browsers out of the 301001 observed browsers (0.09 %) have exactly the same fingerprint as yours."

source https://amiunique.org/

You're using a browser that's just been released wait a week or so until more people have run fingerprint tests.

Yes indeed. See also
http://tor.stackexchange.com/questions/6548/why-does-panopticlick-tell-me-the-new-tor-browser-is-unique

It's getting better but still too trackable:

"But only 2356 browsers out of the 301620 observed browsers (0.80 %) have exactly the same fingerprint as yours."

Let's wait

Remember that the goal of Tor Browser is to make you blend in with the other Tor Browser users. It's not to make you blend in with "all browser everywhere".

Yes this is clear. Still thought that more Users use Tor.

"But only 2442 browsers out of the 302327 observed browsers (0.81 %) have exactly the same fingerprint as yours."

I guess on websites where I am the only one with TorBrowser it could be even more conspicuous to use TBB.

Wouldn't it be quite ironic if the site "amiunique.org" were run by the FBI or the CIA ?

As a honeypot, I can see little that is more attractive to people worrying about their security....

Some months ago if you visit a webpage and changed the security slider the webpage automatically reload. For some time it doesn't do that. Is this the right way?

Of course, right. If I want to change the security slider level, I definitely don't want to report it (changed fingerprint) to the current opened tab!

We have a ticket for that: https://trac.torproject.org/projects/tor/ticket/21153.

Thanks!

I have three questions/suggestions:


  1. Some time ago I had to edit start-tor-browser script adding option -no-remote for tor-browser, as otherwise I couldn't run 2 different tor-browsers at the same time (with different Tor ports and different security slider settings, all are binded to system Tor). Starting from some moment it became no loner necessary, as second browser starts even if the first browser is already running. Is it safe to no longer indicate this option (-no-remote) in start-tor-browser script? I afraid the risk that the contexts of different browsers can be mixed.

  2. I see this new version comes with many improvements, but there is one issue. In previous versions in order to use TBB with system Tor I had to follow the instruction in start-tor-browser script and change many options (e.g. extensions.torbutton.settings_method) which are no longer needed for this version. However, old instruction with these old options is still in place in this script (see, Sec. "Using a system-installed Tor process with Tor Browser"). Should that be fixed?

  3. Before this release I saw 3 different SOCKS-options in about:config. I had to change all of them to get my TBB reliably working with external (system) Tor with custom port. Now I see only single option, which looks as a nice replacement for all of them. So, could I change SOCKS host/port in conventional place in Edit → Prefernces? That would be more convenient than looking at necessary options in about:config.

Thanks for those questions/suggestions:

Re 1) Hm. I can't remember right now that we changed something in that regard. I guess this got introduce with Tor Browser 6.0 when we switched to ESR45? Could you track the version down where that changed (https://archive.torproject.org/tor-package-archive/torbrowser/ has all the old Tor Browser versions)? Without knowing exactly what causes this "new" behavior it is hard to tell whether you are on the safe side.

Re 2) Do you mind filing a bug on https://trac.torproject.org/projects/tor? Ideally with some explanation about what is not needed anymore/needed now so we can fix it (we even accept patches ;) ).

Re 3): Could you elaborate on which options you saw and which single option you are seeing now? Depending on that, yes, it might be possible to just set the options via the Firefox settings menu.

Thanks!

Re 1) As part of https://trac.torproject.org/projects/tor/ticket/11641, we made --no-remote the default and added support for a new (at the time) --allow-remote flag. But note that remoting is still enabled if the browser is started with the -osint flag. That means that it should be safe to leave --no-remote off unless somehow your Tor Browser is being started with the -osint flag (that probably only happens if you make Tor Browser your default browser and start it by clicking an URL in another application such as Thunderbird).

Thank you! Now I also found your old explanation of the problem: https://github.com/micahflee/torbrowser-launcher/issues/157#issuecomment-70756979

Thanks for reply!

  1. I see that mcs already replied well to both of us: https://blog.torproject.org/comment/reply/1301/232631

  2. I filed it just now: https://trac.torproject.org/projects/tor/ticket/21326

  3. I meant options:

    extensions.torbutton.custom.socks_host
    extensions.torbutton.custom.socks_port
    extensions.torbutton.socks_host
    extensions.torbutton.socks_port
    network.proxy.socks
    network.proxy.socks_port

    Now we have only network.proxy.socks and network.proxy.socks_port in about:config. I described it in the aforementioned ticket 21326 too.

I hate it.
As usual problems with tabgroups after update. Add-on "Tabgruppen" no function. All tabgroups lost!!!

Addons may very well deanonymise you. That is why The Tor Project doesn't develop the TBB for the stability all other addons (except for the ones that comes with it) in mind.

Heads up, I'm seeing an increase in circuit retries of the form "We tried for 15 seconds to connect to '[scrubbed]' using exit... at...".

You can set SafeLogging 0 if you want to see which destinations are causing the problems.

It could be anything really -- maybe you're trying to go to a website that's down.

Ok, so after a few minutes the notices appeared again, the faulty destination is ocsp.comodoca.com. I looked in the browser console, and sure enough, it reports the getFirstPartyURI failure for the ocsp server, and an invalid security certificate for ocsp.digicert.com.

(Roger, could you remove my previous, and as of yet unpublished comment, I wouldn't want to add noise to the blog. Thanks for the prompt reply.)

Right after the update, as no transition scheme was developed, my Medium-High settings landed to Medium with some minor inconsistencies in NoScript:
05:31:12.993 ReferenceError: PolicyState is not defined Main.js:3946:1

The same is with Medium-Low.
But no problem, just change the new security slider settings to be sure.

What do you mean with "minor inconsistencies"? Do they stop NoScript from behaving correctly? Or are "merely" errors showing up in the browser console/terminal?

I didn't test thoroughly, but it looks like NoScript continues to use the settings that were before the update, and it causes "merely" errors showing up in the browser console.

Oh, no, my assumptions were wrong. Errors in the browser console appear at startup of a new clean installation :(

DDG from about:tor instead of search results gave me empty https://duckduckgo.com/ with my request in its search bar and:
06:18:53.521 TypeError: DDG.Pages.SERP is not a constructor
duckduckgo.com:1
duckduckgo.com:1:12
06:18:53.599 ReferenceError: DDH is not defined
nrji() duckduckgo.com:1
d2048.js:61
bL.Callbacks/b6() d2048.js:26
bL.Callbacks/cf.fireWith() d2048.js:26
.ready() d2048.js:15
bZ() d2048.js:15
duckduckgo.com:1:347
06:18:54.782 TypeError: DDG.page is undefined
d.js:1
d.js:1:61
06:18:55.137 TypeError: DDG.duckbar is undefined
t.js:1
t.js:1:1

Is that an ongoing problem? If so, could you tell us more about your setup (operating system, tweaked settings etc.) I can't reproduce your issue currently.

It was right after the update only. Errors seem to be on the DDG side, but there is https://trac.torproject.org/projects/tor/ticket/19910, so I'm not sure. Is there any pref to toggle it for testing?
Reproducible thing is: pasting space from the clipboard and search.

Okay. I think reporting nothing back if you don't input anything (or if you input things like spaces) is quite acceptable for a search result provider.

Strange. Tor Browser didn't auto-update this time. I had to do it manually. Any reason as to why?

Your Tor Browser checks every so often to see if there's an update. My guess is that if you'd left it alone for a few hours, it would have noticed and started you on the update path.

(We actually don't want every Tor Browser to update itself at the very same time. Check out the "thundering herd" problem for more details:
https://en.wikipedia.org/wiki/Thundering_herd_problem )

Tools > HTTPS Everywhere >

This sub-menu doesn't open, doesn't do anything.

Could you give us a bit more information? What operating system are you using? Do you see the HTTPS-Everywhere extension on the about:addons page?

It seems that guy is talking about https://trac.torproject.org/projects/tor/ticket/18937#comment:9
Looks related:
https://trac.torproject.org/projects/tor/ticket/6276

I'm on Windows 7.

The extension is on the far-right menu button okay, and expands. And now is okay from the Tools menu too, so just a glitch when updating I guess.

I take that back, the menu on the Tools menu is not expanding again now, so clearly something is wrong, an intermittent fault. Yes, it appears in about:addons.

Can you bring back the "Custom" warning/field in
Tor Browser Security Settings under the slider ?

Instead of the pane with the Restore Defaults button? Why? It seems to me having just that tiny checkbox makes it easy to overlook that one is in the custom mode (which is a thing we don't want).

"tiny checkbox makes it easy to overlook that one is in the custom mode"
Yes, like in TBB6.0.8. TBB6.5 hasn't.

"Restore Defaults button"
Where? 1 click to set all customs back to default, may conditional on "Security Level" slider.
Has moving "Security Level" slider back,forth the same result?

'"Restore Defaults button"
Where? 1 click to set all customs back to default, may conditional on "Security Level" slider.'

What do you mean?

If you moved the security slider back/forth on 6.0.8 you got our of the custom mode.

Can you make it working to get media links without to heavy javascript?
E.g. custom allow in NoScript, get clickable allow in Noscript for a full media url BUT cannot simple copy this link!

Could you give me an example for what should work but does not work right now? I am not sure I understand your feature request/bug report.

I guess he's saying that there should be an option in NoScript to allow extrapolating a video URL to watch directly.

You like to see a media clip the site don't want you can easy download -ugly javascript&no download button, without good reason.
You can temporary allow all this page and hope clip is playing.
You can allow custom [...] and NoScript presenting you a clickable
'allow' with a full URL, e.g. .mp4. But i can't copy this link and need more doing to get this.

nice and helpful

Thank you! :D

Awesome! I love the privacy improvements and especially fixing resource:// leakage. The security slider change is also great, I never able to figure out what medium-low settings is useful for and now without it, fingerprintability is reduced! Thanks again for all the excellent changes. Can't wait for Tor browser to become multi-process and speed up the browsing experience!

More than wonderful
Allah has made you help us and like us and bless you

What will the browser's "useragent" for this release be reported as, exact string, please ?

well

Comment regarding:
Changelog:
Tor Browser 6.5 -- January 24 2017
* All Platforms
* Update Firefox to 45.7.0esr
* Tor to 0.2.9.9
----------------------------------------------------------
You are good human beings. Stand tall and receive the vibes and warmth from this one little guy out here on the blustery slopes of ignorance.
Your inclusion of the Changelog is a great gift. Browsing it taught me things about the meaning of life,
You think I am kidding. No.
This is how life should be; can be.
Look at one another around the edges of your cubicles and nod. You have made good choices. Thanks.

Thanks Tor people! :) Hopefully we'll see Selfrando integration in Tor Browser 7 :D

My 'fruit OS' Console.app got to enthusiastic generating new mind breaking messages, one of many is this one.
- NaN
['t/i/m/e'] [0x0-0x30030].org.mozilla.tor browser ['number process'] ['t/i/m/e'] ['localhostname/modem name'] firefox ['number process'] : replacing NaN with 0.

More than a hundred times in one minute.
NaN again? Has this anything to do with the SVG security issue?
First it said several times something like , : doClip: empty path.

Another one is about updating addons over an insecure connection?
Does not matter if you disable automatic updates.
- Addons
['t/i/m/e'] [0x0-0x51051].org.mozilla.tor browser['number process'] 1485302776300 addons.productaddons ERROR Request failed certificate checks: [Exception... "SSL is required and URI scheme is not https." nsresult: "0x8000ffff (NS_ERROR_UNEXPECTED)" location: "JS frame :: resource://gre/modules/CertUtils.jsm :: checkCert :: line 145" data: no]

Also this one
['t/i/m/e'] [0x0-0x96096].org.mozilla.tor browser ['number process'] 1484838545725 addons.update-checker WARN HTTP Request failed for an unknown reason

Thanks for looking at it

Not sure what the former is but the latter two are due to TorLauncher and Torbutton not being allowed to ping Mozilla's Add-on server for update checks. Those messages are harmless.

Thanks!

merci pour votre travail

Onion Circuits would be a nice feature for TBB.
ServerNames instead of IPs.

TOR BROWSER 6.5 (updated today).

From Tor toolbar button | Security Settings there are three options High, Medium and Low.

===================
Medium:
JavaScript is disabled by default on all sites non-HTTPS sites.
On sites where JavaScript is enabled, performance optimizations are disabled. Scripts on some sites may run slower.
===================
Above is OK.

===================
High:
JavaScript is disabled by default on all sites.
On sites where JavaScript is enabled, performance optimizations are disabled. Scripts on some sites may run slower.
===================
This is now confusing, isn't it? If JavaScript is disabled (first sentence), how can it be enabled on some sites. Is this copy/paste problem?

In case you need to allow JavaScript on some site but do not want to touch the other settings on level "high" it assures you that other JavaScript features like JIT stay disabled.

awesome work

I'm getting a signing key mismatch that's bugging me. What I should see according to https://www.torproject.org/docs/verifying-signatures.html.en is this:

gpg --fingerprint 0x4E2C6E8793298290
You should see:

pub 4096R/93298290 2014-12-15
Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
uid Tor Browser Developers (signing key)
sub 4096R/F65C2036 2014-12-15
sub 4096R/D40814E0 2014-12-15
sub 4096R/C3C07136 2016-08-24

What I see instead is this:

gpg --fingerprint 0x4E2C6E8793298290
pub 4096R/93298290 2014-12-15 [expires: 2020-08-24]
Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
uid Tor Browser Developers (signing key)
sub 4096R/F65C2036 2014-12-15 [expires: 2017-08-25]
sub 4096R/D40814E0 2014-12-15 [expires: 2017-08-25]
sub 4096R/C3C07136 2016-08-24 [expires: 2018-08-24]

Trying to upgrade the TBB automagically from the Applications > Internet menu (XFCE on Debian) told me that "signature verification failed" and warned me that I might be under attack; so I downloaded & unpacked the tarball from Tor's site and again there's a mismatch but it looks less frightening. So I'm hesitating to use it 6.5 until checking it out with the pros here.

It looks like the signing key was renewed but the website just hasn't been updated to reflect that, which is trivial, but then there's a (probably very small) chance that I could be "under attack" or that this release is somehow compromised.

Please advise.

I guess the first upgrade mechanism fails as you are using torbrowser-launcher which does not have the new subkey baked in. Not sure why the one where you download from our website fails. What commands are you using and what is the output you get? What is the sha256 sum of the .tar.xz and the respective .asc?

I'm just cutting & pasting from the Mac OS X and Linux section of https://www.torproject.org/docs/verifying-signatures.html.en, except changing the filenames to reflect my 64-bit system.

sha256sum gets these:

c4714061748a70d3871dd84ff88d2f317b386d290a5c1fb94a504a1c256f1960 tor-browser-linux64-6.5_en-US.tar.xz

d922daa46e3c8aa2d4056579258a1fa4efe553da797102d0a0a8572851218d94 tor-browser-linux64-6.5_en-US.tar.xz.asc

If that's right then I shouldn't have to worry.

The difference is that, unlike what the web pages tells me to look for, I'm seeing expiration dates in brackets:

pub 4096R/93298290 2014-12-15
Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
uid Tor Browser Developers (signing key)
sub 4096R/F65C2036 2014-12-15
sub 4096R/D40814E0 2014-12-15
sub 4096R/C3C07136 2016-08-24

becomes

pub 4096R/93298290 2014-12-15 [expires: 2020-08-24]
Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
uid Tor Browser Developers (signing key)
sub 4096R/F65C2036 2014-12-15 [expires: 2017-08-25]
sub 4096R/D40814E0 2014-12-15 [expires: 2017-08-25]
sub 4096R/C3C07136 2016-08-24 [expires: 2018-08-24]

Like I said it seems minor but Tor is one thing I feel justified in getting slightly paranoid about. If it's supposed to work this way why not include the expiration dates on what the web page tells us to look for?

What does

gpg --verify tor-browser-linux64-6.5_en-US.tar.xz.asc
tor-browser-linux64-6.5_en-US.tar.xz

say *after* you updated your local key (i.e. fetched the subkey which signed the tar.xz file)?

a [BUG] !?

Thanks,
Both updates of TBB 6.5a2 & 7.0a1 on my 32bit Desktop, and TBB 6.5a2 & 7.0a1 on my 64bit noteBook: Works fine except for the (Torbutton 1.9.6.12)..addon!

When disable the new TorButton then the icon of [Session Manager addon] will appear!

Any idea Why!?

However, Will try to install older TorButton .xpi from previous TBB version, and feedback you results..

NP: another copy of All this comment will paste into:
https://blog.torproject.org/blog/tor-browser-70a1-released

Disabling Torbutton breaks your Tor Browser. This is not going to work. Or do you mean your Torbutton extension did not get updated? If so, did it just vanish? What does about:addons show you?

Disabled Torbutton but luckily the TBB didn't break..
and the icon of Session Manager appeared..
as described above,

Copied Torbutton xpi from previous releases over the new one, pasted into /extensions folder..
Session Manager icon not appearing..

Copied ALSO tor-launcher xpi from previous releases over the new one, pasted into /extensions folder..

Session Manager icon: finally appeared! sort of lite-weight hack ;)

previous xpi's used from: torbrowser-install-6.0.6_en-US..

Firstly thank you very much for this new TBB!
But I have a problem after updating to 6.5. When I start TBB the screensize of TBB is every time changed and not the usually screensize of TBB. I do not mean the fullscreen of TBB, just the normal scrennsize of TBB.

What is the usual screensize for you? Which operating system are you using? And what screen size is your browser changed to?

He might "confusingly" updated it to TBB 7.0a1 rather than the 6.5 !!

Better check menu: Help> About :)

I'm think that I'm also getting this.

Window size is much smaller than normal.

I noticed the changes notes listed some size alterations.
Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)

Perhaps that is related to this?

This size reduction seems a bit much, is it safe to change the window from it's default size?

How large is your window with the old 6.0.8 and how large is it now with 6.5? (6.0.8 can still be found on: https://dist.torproject.org/torbrowser/)

Just eye balling it but it appears that the window has gone from taking up 80% - 90% of the screen to maybe 60% or less.

It's pretty bad.

Thanks, yes, I agree. We put fixing this issue on high priority and hope to have a patch ready for the next release. Sorry for the inconvenience. You can follow our efforts in ticket 20905 (https://trac.torproject.org/projects/tor/ticket/20905).

So thanks, seems like a lot of fixes here.

But still, after automatically and then manually upgrading -since first way didn't change anything- , my privacy preferences bug still persists and I cannot change it to "never remember history" .

Am I really the only one with this? Are the tickets on bug tracker even beeing considered anymore?

Before this, it seems that I could use tor browser and every site that only wanted to work with cookies enabled did so without in this fine peace of engineering. But no more, now I have to allow cookies here too for those pages to function, from online banking to fuckbook. Everywhere.

Is that supposed to be this way?

Tor Browser is set to custom prefs instead of "Clear history when Firefox closes", so you cannot switch it to "never remember history".

The changelog did not contain an entry that fixes your problem. That said, yes, tickets in our bug tracker are considered and we work on them after prioritization. As we have way more tickets than developer capacity and as we encourage help from the community we'd be glad if we would see contributions especially on those tickets that are not our top priority.

That cookie problem seems orthogonal to me as you can easily disable cookies in Firefox' privacy settings.

Nice and helpful

good work but for us linux users who use WM that auto resizes windows , how to prevent Tor browser from being resized ? very problematic for anonymty purpose .

Could you describe your scenario a bit more? How did Tor Browser 6.0.8 work for you and 6.5 does not?

6.0.8 does work, this issue is not specific to 6.5 version

Would it ever be possible to add a single-click "New Tor Circuit for this Site" button to the toolbar? As it is it's 2 clicks or an awkward key combo, but one click would make life so much easier. Thanks.

The default browser window size for 6.5 appears to be much smaller than the size of the window in the previous release.

Painfully so. >_<

My understanding is adjusting the window size can lead to a less secure TOR browser.

Is there a reason the window has had it's size reduced to this extent?

How large is your window with the old 6.0.8 and how large is it now with 6.5? (6.0.8 can still be found on: https://dist.torproject.org/torbrowser/)

The screensize of TBB 6.0.8 is 1000x600 pixels (inner size) and 6.5 800x600 pixels (inner size)

Thanks. We track the problem in https://trac.torproject.org/projects/tor/ticket/20905 and hope to have a fix for it in the next Tor Browser release. Sorry for the inconvenience.

On some sites like en.wikipedia.org or marc.info, the destination of links is not shown at the bottom anymore while hovering over it, but on others like this one it still is. Is this on purpose?

No. Not sure what is going on but we did not implement a feature that stops showing destination sites when they are hovered over. Can you test with a clean 6.0.8 whether that is happening there as well (6.0.8 can still be found on: https://dist.torproject.org/torbrowser/)?

I did some tests with a fresh 6.0.8 and 6.5. Those are fine. So must be a problem with my install. Thanks for your help.

nice so goods

360 total security flags both 6.5 and 7.0 Tor as a trojan!
is this normal? false positive?

Can you give us the SHA256 hash of both of your downloads?

Verify the download and signature with GPG. That's what the signatures are there for.

Bug 20471: Allow javascript: links from HTTPS first party pages
doesn't work
https://addons.mozilla.org/en-US/firefox/addon/no-resource-uri-leak/#developer-comments

Could you be a bit more explicit about how bug 20741 relates to the comments on the no-resource-uri-leak extension page?

Arrow to expand/collapse "developer-comments" doesn't work on Medium settings.

How can I reproduce that? I switched to "Medium" and loaded the link above in a new tab. Expanding/collapsing the comments via the arrow works for me on two different Linux systems both with 6.5 and the alphas.

*^#^&$%^@#!!!!!!!!!!!!!!!!!
Random bugs or recent HTTPSE update!
Now everything works fine.
But before: arrows were not clickable and "the destination of links is not shown at the bottom anymore while hovering over it" as one user mentioned.

Thanks for your work to make Tor Browser better!

Thanks ! :)

thank's tor legend e

Unfortunately, new version has a serious performance regression of ~50-100% from previous stable (and 6.5a3 too) while playing video on YouTube (off-screen, no network activity (cached), no other processing).

How are you measuring this and how can I reproduce your findings?

Add-ons have no effect.
It turns out that Mozilla switched to FFmpeg and made other improvements, so everything will change in ESR52. Let's hope Mozilla will test Firefox with/without your uplifts on Talos.

26-01-2017, 12:28:02.300 [WARN] Proxy Client: unable to connect to 83.212.101.3:443 ("general SOCKS server failure")

The port is down again

There is a margin at the bottom of the page after updating.
I'm using windows 10.

Does that one go away after doing a New Identity or restarting the browser?

No, it still 1000x800.

On Win 10 regression to 800x600 from 1000x600 on 1024x768.

My window size suddenly became 1000x500, even when I close the browser, or when I choose "New Identity"

Is this normal?

Ubuntu 16.10 64bits -- upgraded from Tor Browser 6.0.8

That might be https://trac.torproject.org/projects/tor/ticket/20905. Which window size did you have before? (i.e. with the 6.0.x series)

The normal 1000x600.

thanks !!!

You know this text from a security guy about tor? What you think?

https://medium.com/@thegrugq/tor-and-its-discontents-ef5164845908

"In many ways Tor can be riskier than a VPN"

He's ranting about Mozilla Firefox not being the most secure browser, and about using vanilla Tor being risky for people in repressive regimes. Nothing about Tor itself. If he's a "security guy" then why doesn't he push pull request that ameliorate Firefox' so-called lack of security?

The Grugq is famous for being an expert in OPSEC. One thing he hates is when people use something like Tor but do not understand how to stay safe, and think that Tor alone is all they need to stay safe. If people think that using Tor is a magic bullet, then people will be unpleasantly surprised when a Firefox exploit by an advanced adversary breaks into their computer. You need proper OPSEC, his area of expertise, in combination with an anonymity network in order to be safe.

it is the best N #1 easy to use all restriction sites so i appreciate!!!!! 4 ur creativity

I have the torbrowser for the Mac
sha256 d79e18d691a407c9cc06ec508701bff2283d73b65d4321e254763b17d0a13a09
TorBrowser-6.0.5-osx64_en-US.dmg

When i perform a search through google.com for queen street, strangely it finds the queen street located to my location Canada, Ontario ISP Execulink.ca instead of the location the browser is connected. This appears to be a security issue.

I was connected to TOR circuit
OBFS4(united states)
Germany 5.9.12.29
France 62.210.69.79

27-01-2017, 17:48:34.300 [WARN] Proxy Client: unable to connect to 83.212.101.3:443 ("general SOCKS server failure")

83.212.101.3 is not responding again

v 6.5 comes up as a trojan. is this the right sha?

serial
0c 31 0a 0c 32 ce a7 fe 5d 6e 11 2d 52 e6 b6 ee

30 82 01 0a 02 82 01 01 00 c2 01 af 62 37 03 7a 70 db 5c 06 cb 1f 55 5d 3a e4 7d 17 4a 2e 48 3b 91 ea ae 45 c4 f1 dd 07 3c dc 4d 8c eb bc 34 2e 87 45 8b b3 9d b2 91 c8 cd 13 6d 3d a9 ad 1b 27 7f 61 42 e9 6b b0 2d 87 0f bf 07 9e 22 a6 ef 58 ff 38 44 0f 4a 3b 9c 44 ab eb 74 ea 3b 9b 0c 41 df e2 97 6d 91 82 5e cd 89 5b 6e 11 ea 8e dd b2 51 11 cf 80 c8 b3 db 7c 38 0f 79 c7 da ca 1b 83 1c 7d 96 e7 61 2d 24 c0 29 a6 7e f9 55 04 a3 b8 06 76 61 6b cf 58 19 81 97 d4 6c 97 b5 82 87 c4 59 a9 7e ef 88 ab 27 d1 29 36 d7 06 d0 7e 68 9d fa b9 a4 de 97 73 45 37 43 9c 07 ac 10 ad d1 30 7d 74 83 23 d5 87 2e 75 0f 29 21 17 87 f5 26 b5 0b 4f 1b f3 fd 47 c0 90 f8 01 aa ca e1 67 b4 56 a0 15 05 ac 6a 74 34 00 57 1c 9a 47 6a 99 12 d0 36 e4 53 39 12 17 49 48 66 eb 17 35 c7 55 ec f9 3c b4 20 a1 6e e0 50 56 89 02 03 01 00 01

thumbprint
‎c2 7e ac 1b 26 34 65 cd d7 36 30 d9 4b 0b 92 e6 74 f0 15 01

Those do not look like any kind of SHA hashes. Is that some kind of certificate output?

virustotal.com says tor 7.0 is clean, but 360 total security says its a trojan.

File identification
MD5 9a2d0dac7271f1b53e29a2ecf8ff02db
SHA1 2aee4b0d896698fa0619563f20beaf5a296fbf6e
SHA256 6afb207658fa52eafc1cf76c5f5e68abaca6757d9749c1c8e8ef05efcecb45bd
ssdeep786432:02ui80q4nti2wKRRMAEzps42244dPYlp4TUEK9MEX60vEB2QvqTtjqiJOX:QirqazwK8AlSPWp4TUEdJ0sB2QvMkiJu
authentihash 5d5f2c48133083f1942975127aa07fb0deb16e6ca0a1874a622bce446791cba6
imphash 187b3ae62ff818788b8c779ef7bc3d1c
File size 48.4 MB ( 50765080 bytes )
File type Win32 EXE
Magic literalPE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)

Here is my 360 total securiy log showing it flagged both tor 7.0 and 6.5 as viruses: (during the download)

I ran the files through 360 security individually and they passed today.

2017-01-26 02:22:39 C:\Users\login\Downloads\torbrowser-install-6.5_en-US.exe Virus Mozilla
2017-01-26 02:22:23 C:\Users\login\Downloads\torbrowser-install-7.0a1_en-US.exe Virus Mozilla
2017-01-24 22:34:10 C:\Users\a\Downloads\mb3-setup-consumer-3.0.5.1299.exe:Zone.Identifier Safe Opera
2017-01-24 21:55:16 C:\Users\a\Downloads\OperaNeonSetup.exe:Zone.Identifier Safe Opera
2017-01-24 21:55:15 C:\Users\a\Downloads\CAE5.tmp Safe Opera
2017-01-24 21:53:09 C:\Users\a\Downloads\Opera_Developer_44.0.2475.0_Setup_x64.exe:Zone.Identifier Safe Opera
2017-01-24 21:21:18 C:\Users\a\Downloads\B6A5.tmp Safe Opera
2017-01-24 21:19:56 C:\Users\a\Downloads\6F7C.tmp Virus Opera
2017-01-24 21:19:49 C:\Users\a\Downloads\Opera_Developer_44.0.2475.0_Setup.exe:Zone.Identifier Safe Opera
2017-01-24 21:18:34 C:\Users\a\Downloads\2BAD.tmp Virus Opera
2017-01-24 21:10:46 C:\Users\a\Downloads\SpybotAntiBeacon-1.6-setup.exe Unknown Mozilla
2017-01-12 15:40:34 C:\Users\login\Downloads\AA0C.tmp Safe Opera
2017-01-12 15:40:32 C:\Users\login\Downloads\A3A2.tmp Safe Opera
2017-01-10 19:29:10 C:\Users\login\Downloads\2E01.tmp Safe Opera
2017-01-10 19:28:07 C:\Users\login\Downloads\3751.tmp Safe Opera
2017-01-10 19:27:39 C:\Users\login\Downloads\C083.tmp Safe Opera
2017-01-06 19:52:39 C:\Users\login\Downloads\Jan Hammer - Crockett's Theme (Audio Mill Remix).mp4:Zone.Identifier Safe Opera
2017-01-05 20:19:51 C:\Users\login\Downloads\E153.tmp Safe Opera
2017-01-04 19:32:41 C:\Users\login\Downloads\6085.tmp Safe Opera
2017-01-04 19:32:25 C:\Users\login\Downloads\209C.tmp Safe Opera
2017-01-04 19:32:04 C:\Users\login\Downloads\CEBF.tmp Safe Opera
2017-01-02 14:56:28 C:\Users\login\Downloads\BAA0.tmp Safe Opera
2017-01-02 14:52:03 C:\Users\login\Downloads\ACCE.tmp Safe Opera
2017-01-02 14:48:31 C:\Users\login\Downloads\66D2.tmp Safe Opera
2017-01-02 14:44:39 C:\Users\login\Downloads\E0BF.tmp Safe Opera
2017-01-02 14:44:30 C:\Users\login\Downloads\C324.tmp Safe Opera
2017-01-02 14:43:34 C:\Users\login\Downloads\E3F9.tmp Safe Opera
2016-12-29 20:36:21 C:\Users\login\Downloads\7B8D.tmp Safe Opera
2016-12-29 19:02:05 C:\Users\login\Downloads\2898.tmp Safe Opera
2016-12-20 17:20:39 C:\Users\login\Downloads\24oct16\526816_4209793527940_1453686951_n.jpg:Zone.Identifier Safe Opera
2016-12-20 17:20:32 C:\Users\login\Downloads\9140.tmp Safe Opera
2016-12-20 13:51:09 C:\Users\login\Downloads\File0001.PDF:Zone.Identifier Safe Opera
2016-12-20 11:37:27 C:\Users\login\Downloads\Opera_Developer_43.0.2431.0_Setup(1).exe Safe Mozilla
2016-12-19 21:55:32 C:\Users\login\Downloads\24oct16\Bikini11.jpg:Zone.Identifier Safe Opera
2016-12-19 21:55:31 C:\Users\login\Downloads\F53E.tmp Safe Opera
2016-12-19 21:55:22 C:\Users\login\Downloads\24oct16\Bikini10 (1).jpg:Zone.Identifier Safe Opera
2016-12-19 21:55:17 C:\Users\login\Downloads\C179.tmp Safe Opera
2016-12-19 21:55:13 C:\Users\login\Downloads\24oct16\Bikini9 (1).jpg:Zone.Identifier Safe Opera
2016-12-19 21:55:12 C:\Users\login\Downloads\AB10.tmp Safe Opera
2016-12-19 21:55:02 C:\Users\login\Downloads\24oct16\Bikini7.jpg:Zone.Identifier Safe Opera
2016-12-19 21:55:00 C:\Users\login\Downloads\7E7F.tmp Safe Opera
2016-12-19 21:54:55 C:\Users\login\Downloads\24oct16\Bikini6.jpg:Zone.Identifier Safe Opera
2016-12-19 21:54:54 C:\Users\login\Downloads\6537.tmp Safe Opera
2016-12-19 21:54:44 C:\Users\login\Downloads\24oct16\Biks12.jpg:Zone.Identifier Safe Opera
2016-12-19 21:54:43 C:\Users\login\Downloads\3C21.tmp Safe Opera
2016-12-19 21:54:35 C:\Users\login\Downloads\24oct16\Biks22 (1).jpg:Zone.Identifier Safe Opera
2016-12-19 21:54:34 C:\Users\login\Downloads\17FC.tmp Safe Opera
2016-12-19 21:54:21 C:\Users\login\Downloads\24oct16\Biks22.jpg:Zone.Identifier Safe Opera
2016-12-19 21:54:20 C:\Users\login\Downloads\E08E.tmp Safe Opera
2016-12-19 21:54:15 C:\Users\login\Downloads\24oct16\Biks17.jpg:Zone.Identifier Safe Opera
2016-12-19 21:54:14 C:\Users\login\Downloads\C91C.tmp Safe Opera
2016-12-19 21:54:00 C:\Users\login\Downloads\24oct16\Bikini5.jpg:Zone.Identifier Safe Opera
2016-12-19 21:53:59 C:\Users\login\Downloads\8D57.tmp Safe Opera
2016-12-19 21:53:48 C:\Users\login\Downloads\24oct16\Bikini4.jpg:Zone.Identifier Safe Opera
2016-12-19 21:53:47 C:\Users\login\Downloads\5EF1.tmp Safe Opera
2016-12-19 21:53:41 C:\Users\login\Downloads\24oct16\Bikini3.jpg:Zone.Identifier Safe Opera
2016-12-19 21:53:40 C:\Users\login\Downloads\4695.tmp Safe Opera
2016-12-19 21:53:35 C:\Users\login\Downloads\24oct16\Bikini2.jpeg:Zone.Identifier Safe Opera
2016-12-19 21:53:34 C:\Users\login\Downloads\2DCB.tmp Safe Opera
2016-12-19 21:53:01 C:\Users\login\Downloads\24oct16\Biks7.png:Zone.Identifier Safe Opera
2016-12-19 21:52:59 C:\Users\login\Downloads\A683.tmp Safe Opera
2016-12-19 21:52:43 C:\Users\login\Downloads\24oct16\Biks13.jpg:Zone.Identifier Safe Opera
2016-12-19 21:52:42 C:\Users\login\Downloads\60CC.tmp Safe Opera
2016-12-19 21:52:34 C:\Users\login\Downloads\24oct16\Biks14.jpg:Zone.Identifier Safe Opera
2016-12-19 21:52:32 C:\Users\login\Downloads\3CA7.tmp Safe Opera
2016-12-19 21:52:08 C:\Users\login\Downloads\24oct16\Biks18.jpg:Zone.Identifier Safe Opera
2016-12-19 21:52:07 C:\Users\login\Downloads\D760.tmp Safe Opera
2016-12-19 21:51:55 C:\Users\login\Downloads\24oct16\Biks19.jpg:Zone.Identifier Safe Opera
2016-12-19 21:51:54 C:\Users\login\Downloads\A7B2.tmp Safe Opera
2016-12-19 21:51:40 C:\Users\login\Downloads\24oct16\Biks23.jpg:Zone.Identifier Safe Opera
2016-12-19 21:51:39 C:\Users\login\Downloads\6B62.tmp Safe Opera
2016-12-19 21:51:30 C:\Users\login\Downloads\24oct16\Biks24.jpg:Zone.Identifier Safe Opera
2016-12-19 21:51:28 C:\Users\login\Downloads\425B.tmp Safe Opera
2016-12-19 21:51:22 C:\Users\login\Downloads\24oct16\Bikini26.jpg:Zone.Identifier Safe Opera
2016-12-19 21:51:21 C:\Users\login\Downloads\2598.tmp Safe Opera
2016-12-19 21:51:13 C:\Users\login\Downloads\24oct16\Bikini25.jpg:Zone.Identifier Safe Opera
2016-12-19 21:51:12 C:\Users\login\Downloads\1B3.tmp Safe Opera
2016-12-19 21:48:10 C:\Users\login\Downloads\24oct16\Biks20.jpg:Zone.Identifier Safe Opera
2016-12-19 21:48:09 C:\Users\login\Downloads\371F.tmp Safe Opera
2016-12-19 21:47:53 C:\Users\login\Downloads\24oct16\Biks15.jpg:Zone.Identifier Safe Opera
2016-12-19 21:47:52 C:\Users\login\Downloads\F59D.tmp Safe Opera
2016-12-19 21:46:56 C:\Users\login\Downloads\24oct16\Bikini10.jpg:Zone.Identifier Safe Opera
2016-12-19 21:46:55 C:\Users\login\Downloads\1584.tmp Safe Opera
2016-12-19 21:46:43 C:\Users\login\Downloads\24oct16\Bikini9.jpg:Zone.Identifier Safe Opera
2016-12-19 21:46:35 C:\Users\login\Downloads\C6F2.tmp Safe Opera
2016-12-19 18:08:21 C:\Users\login\Downloads\Opera_Developer_43.0.2431.0_Setup.exe Safe Mozilla
2016-12-11 00:01:04 C:\Users\a\Downloads\Opera_Developer_43.0.2431.0_Setup.exe Safe Mozilla
2016-12-10 22:39:39 C:\Users\login\Downloads\frb_q32005.pdf:Zone.Identifier Safe Opera
2016-12-10 21:32:36 C:\Users\login\Downloads\5864.tmp Safe Opera
2016-12-10 21:01:22 C:\Users\login\Downloads\EAZY-E Real Muthaphuckkin G's - HD DIRECTOR'S CUT - Explicit.mp4:Zone.Identifier Safe Opera
2016-12-02 22:03:53 C:\Users\login\Downloads\Copy of Client List SD 29nov.xlsx:Zone.Identifier Safe Opera
2016-11-26 15:10:32 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY34.jpg:Zone.Identifier Safe Opera
2016-11-26 15:10:30 C:\Users\login\Downloads\AA4F.tmp Safe Opera
2016-11-26 15:10:11 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY33.jpg:Zone.Identifier Safe Opera
2016-11-26 15:10:09 C:\Users\login\Downloads\55F2.tmp Safe Opera
2016-11-26 15:09:52 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY31.jpg:Zone.Identifier Safe Opera
2016-11-26 15:09:51 C:\Users\login\Downloads\F70.tmp Safe Opera
2016-11-26 15:09:33 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY30.jpg:Zone.Identifier Safe Opera
2016-11-26 15:09:31 C:\Users\login\Downloads\C311.tmp Safe Opera
2016-11-26 15:09:15 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY29.jpg:Zone.Identifier Safe Opera
2016-11-26 15:09:14 C:\Users\login\Downloads\7F9A.tmp Safe Opera
2016-11-26 15:09:00 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY28.jpg:Zone.Identifier Safe Opera
2016-11-26 15:08:59 C:\Users\login\Downloads\44A2.tmp Safe Opera
2016-11-26 15:08:37 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY26.jpg:Zone.Identifier Safe Opera
2016-11-26 15:08:35 C:\Users\login\Downloads\E97C.tmp Safe Opera
2016-11-26 15:01:21 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY25.jpg:Zone.Identifier Safe Opera
2016-11-26 15:01:20 C:\Users\login\Downloads\429B.tmp Safe Opera
2016-11-26 14:22:11 C:\Users\login\Downloads\la veta.pdf:Zone.Identifier Safe Opera
2016-11-26 14:19:31 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY21.jpg:Zone.Identifier Safe Opera
2016-11-26 14:19:30 C:\Users\login\Downloads\F685.tmp Safe Opera
2016-11-26 14:19:07 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY19.jpg:Zone.Identifier Safe Opera
2016-11-26 14:19:05 C:\Users\login\Downloads\970B.tmp Safe Opera
2016-11-26 14:18:53 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY18.jpg:Zone.Identifier Safe Opera
2016-11-26 14:18:51 C:\Users\login\Downloads\5E45.tmp Safe Opera
2016-11-26 14:18:13 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY17.jpg:Zone.Identifier Safe Opera
2016-11-26 14:18:11 C:\Users\login\Downloads\C413.tmp Safe Opera
2016-11-26 14:17:45 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY15.jpg:Zone.Identifier Safe Opera
2016-11-26 14:17:44 C:\Users\login\Downloads\58CF.tmp Safe Opera
2016-11-26 14:17:18 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY13.png:Zone.Identifier Safe Opera
2016-11-26 14:17:17 C:\Users\login\Downloads\EDEA.tmp Safe Opera
2016-11-26 14:17:01 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY12.jpg:Zone.Identifier Safe Opera
2016-11-26 14:16:59 C:\Users\login\Downloads\AA35.tmp Safe Opera
2016-11-26 14:16:38 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY11.jpg:Zone.Identifier Safe Opera
2016-11-26 14:16:36 C:\Users\login\Downloads\4FEC.tmp Safe Opera
2016-11-26 14:16:25 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY10.jpg:Zone.Identifier Safe Opera
2016-11-26 14:16:23 C:\Users\login\Downloads\1C07.tmp Safe Opera
2016-11-26 14:15:44 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY9.jpg:Zone.Identifier Safe Opera
2016-11-26 14:15:42 C:\Users\login\Downloads\7B3B.tmp Safe Opera
2016-11-26 14:15:18 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY8.jpg:Zone.Identifier Safe Opera
2016-11-26 14:09:42 C:\Users\login\Downloads\24oct16\042416_1610.jpg:Zone.Identifier Safe Opera
2016-11-26 14:09:28 C:\Users\login\Downloads\C632.tmp Safe Opera
2016-11-24 11:56:52 C:\Users\login\Downloads\128E.tmp Safe Opera
2016-11-24 10:42:41 C:\Users\login\Downloads\23A3.tmp Safe Opera
2016-11-19 19:22:51 C:\Users\login\Downloads\A123.tmp Safe Opera
2016-11-19 12:39:22 C:\Users\login\Downloads\007-12-the-rongorongo-tablets-261073.jpg:Zone.Identifier Safe Opera
2016-11-19 12:39:20 C:\Users\login\Downloads\2C28.tmp Safe Opera
2016-11-19 12:39:03 C:\Users\login\Downloads\006-13-ulfberht-viking-swords-261069.jpg:Zone.Identifier Safe Opera
2016-11-19 12:39:02 C:\Users\login\Downloads\E3A2.tmp Safe Opera
2016-11-19 12:37:50 C:\Users\login\Downloads\004-15-the-quimbaya-airplanes-261063.jpg:Zone.Identifier Safe Opera
2016-11-19 12:37:48 C:\Users\login\Downloads\C5DD.tmp Safe Opera
2016-11-19 12:36:58 C:\Users\login\Downloads\002-17-the-winnipesaukee-mystery-stone-9e2502e5fb555789d7a48abe2736e9e1.jpg:Zone.Identifier Safe Opera
2016-11-19 12:36:54 C:\Users\login\Downloads\F2C4.tmp Safe Opera
2016-11-12 16:40:31 C:\Users\login\Downloads\4500057480.pdf Safe Mozilla
2016-11-12 11:48:46 C:\Users\login\Downloads\Copy of Client List SD 9nov.xlsx Safe Mozilla
2016-10-29 13:57:49 C:\Users\login\Desktop\Opera_Developer_42.0.2392.0_Setup.exe Safe Spartan browser
2016-10-29 13:56:29 C:\Users\login\Desktop\OperaSetupDeveloper.exe Virus Spartan browser
2016-10-26 20:20:52 C:\Users\login\Downloads\24oct16\742 Paradise Road Nat City 91950.pdf Safe Mozilla
2016-10-25 19:56:24 C:\Users\login\Downloads\24oct16\4690 51st st sd 92115.pdf Safe Mozilla
2016-10-25 19:28:42 C:\Users\login\Downloads\24oct16\Copy of Client List SD 23oct.xlsx Safe Mozilla
2016-10-25 00:02:02 C:\Users\login\Downloads\24oct16\1658 sagewood way san marcos ca 92078.pdf Safe Mozilla
2016-10-24 23:58:40 C:\Users\login\Downloads\24oct16\800 n mollison#5 el cajon 92021.pdf Safe Mozilla
2016-10-24 23:48:32 C:\Users\login\Downloads\24oct16\1908 la corta st lemon grove 91945.pdf Safe Mozilla
2016-10-24 23:48:01 C:\Users\login\Downloads\24oct16\3864 shiloh rd sd 92105.pdf Safe Mozilla
2016-10-24 23:39:11 C:\Users\login\Downloads\24oct16\13794 fontanelle pl sd 92128.pdf Safe Mozilla
2016-10-24 23:35:08 C:\Users\login\Downloads\24oct16\1130 hackamore rd vista 92083.pdf Safe Mozilla
2016-10-24 23:31:20 C:\Users\login\Downloads\24oct16\1455 canoe creek way chula vista 91915.pdf Safe Mozilla
2016-10-24 23:27:52 C:\Users\login\Downloads\24oct16\1435 india st#415 san diego 92101.pdf Safe Mozilla
2016-10-24 23:24:41 C:\Users\login\Downloads\24oct16\4970 dalehaven pl san diego 92105.pdf Safe Mozilla
2016-10-24 23:17:57 C:\Users\login\Downloads\24oct16\3233-3235 40th st san diego 92105.pdf Safe Mozilla
2016-10-24 23:13:19 C:\Users\login\Downloads\24oct16\2827weepingwillow chula vista.pdf Safe Mozilla
2016-10-22 15:44:00 C:\Users\login\Downloads\09-O-13575.pdf Safe Mozilla
2016-10-22 15:43:54 C:\Users\login\Downloads\13-O-10125-2.pdf Safe Mozilla

Bugs?
Tor browser on Windows ...
I see a number of problems/bugs with addons here & in browser after update ... while you make it clear that extra addons break privacy and security. That's why you have a security slider & most realize this when using extra addons. Also on lowest security setting supposedly ALL browser features are enabled .. not so! Maybe you should include a 4th setting for those who use extra addons ... with the knowledge that they break further security/privacy. It is the RIGHT of the knowledgeable user to do so.
1 = Session Manager icons & listings in Tools menu disappear after update. BIG PROBLEM as session manager still works in background and leaks info more than ever. Similar/same goes for most tab tools.
PLEASE DO NOT BREAK Session Manager or Tab Mix as many use them to hide their activities by;
a= having many different session profiles with large number of tabs to confuse trackers/spies.
b= this also overloads their metadata and packet sniffing apps.
c= creates massive data to sort through, if possible at all, and fills/overloads their HDs
d= plays hell on tracking/spying Tor nodes & very quickly kicks tracking nodes
FYI , in previous versions of Tor Browser , session manager would generate 100's to 1000's of tabs per actual tab saved on save command or browser close. This helped in preventing spies ... although it almost killed loading of browser and overloaded boxes with less than 8GB of physical memory and quad-core box.
WE NEED TO SEE THESE ICONS & MENUS IN BROWSER AND CUSTOMIZE BROWSER
2 = NoScript ... similar to above. When one chooses to see different menu items/settings in NoScript we want them to be seen when hovered over. This facilitates quick changes in profile .. which plays havoc for spying sites and spies when globally activated/changed, especially google, adobe, akamai, and many others. Having open settings at coffee shops and internet cafe's to login/start and tighten settings thereafter is a necessity, not just a want.
BTW; only way to be half-ass secure these days with a windows box is to use one or more NAT routers, connected to secure login ISP , then VPN [up to 3] , and Tor browser to boot.
OR ... Tor boot/live CD/DVD , through VPN/s , then internet .. your settings saved on disposable mem stick / flash drive, if any.

We did not break anything on purpose and did not run into the issues you describe. The first thing that would help us looking at your problem would be steps to reproduce them. For instance, if you take a clean, new Tor Browser 6.0.8 and install Session Manager and update afterwards to 6.5 do you still get your broken experience. Likewise it is not clear what menu items/settings you are talking about in the NoScript case. Could you give us steps for that problem, too?

@ gk,
You're kidding about, "did not run into the issues you describe" .. right?
Look at "On January 25th, 2017 Anonymous said: a [BUG] !? ..." on this blog page. So, obviously, i'm not the only one.
Then take a look at Firefox previous versions and problems with Session Manager and other plugins. And we have an inferior Tor browser version based on Firefox 45.7 while latest Firefox is ver. 51.
That's a lot of bugs and security updates to catch up on.
Now that we know Torbutton breaks Session Manager and other plugins let's see what 1 week of pissin around gave me & many others:
1. we find Tor breaks / deletes MANY other plugins as well; classic theme restorer, zoom image, remove it permanently, video download helper, gtranslate, among LOADS of others. .. about 1/3 of plugins from Mozilla website.
2. Firefox has fixed these bugs / problems in recent versions .. why hasn't Tor?
3. whatever was done in last Tor update causes browser to remove/disable/break even "customize browser" page so it doesn't function after uninstalling non-functioning plugins.
4. updating Firefox fixes these bugs for Firefox.
5. started with Tor ver 3 to present and in every update of Tor there's something that goes wrong or some part of browser is disabled/broken/deleted.
6. used fully patched boxes with versions of XP, vista, win7, .. to win10.. same probs with Tor for every box upon update of Tor to next ver.
And you can't reproduce these problems? HA
Try it: install early ver of Tor on clean and patched box, install plugins mentioned, add 250+ unique pages and types of pages to create sessions, visit pages, bounce between saved sessions, update Tor to next ver, ... repeat.
7. You expect users to wipe out 3 months to YEARS of settings with every update just because you can't get Tor to stop breaking/deleting plugins and other parts?

What I meant was we did not run into issues while testing the new versions before releasing. And the problem with broken extensions has been in the alpha releases for weeks and months and nobody did run into it either. We have https://trac.torproject.org/projects/tor/ticket/21396 for breaking other extensions.

FWIW: Firefox has not fixed the underlying problem. Not in the current Firefox releases and not in their nightlies. And it does not look like this will going to happen anytime soon either.

@gk
"nobody"? Wrong! Loads of ppl have same probs just that they have very hard time finding place for support or to complain. It's only by chance that i found this blog after yrs of looking.
Reporting bugs fails 90% of the time via bug reports.
1. Thanks for ticket reference :)
2. Testing firefox in same manner as i mentioned above we find Firefox extensions are fixed/repaired after next to second next ver. Usually uninstalling and reinstalling the extension works on new version or update. Unless of coarse plugin/extension has been discontinued/blocked by Firefox in their add-ons pages. Then copying data, settings etc. to new ver. works most of the time.
3. with Tor browser 1 needs to start with fresh copy and hopefully recover data, settings, etc. from previous install/s and/or settings to gain only parts thereof. Most of the time they are lost and never to be found again. This is TOTALLY UNACCEPTABLE. No if's or butt's about it .. this is due to Tor update/install of new version/s of Tor.
4. You can test "new versions before releasing" all you want but unless you have done as i said above, you will not see what i'm talking about.
5. after all this, i'll go as far as ... don't try to defer to users or Firefox as the problem when i clearly proved it's Tor update/s and/or installs, and after extensive testing on numerous boxes and Windows OS's.
6. Furthermore, i'm told this problem breaks security and allows spies to gain access to users boxes and data, as partially mentioned in your ticket reference. This should not happen when user doesn't tell extension/plugin to call home.
7. So, no more excuses! Figure out how to fix this as it's a specific Tor problem. Just to be specific, this means, how does one fix this problem without installing new copy of Tor and loosing all data and settings? Another words ... how does one fix it on existing Tor update?

THANKS for the improvements...btw - where is window size listed?

There is no place where the window size is listed. It gets calculated depending on your screen resolution and should be a multiple of 200px for the width and 100px for the height.

Nice!

Wonderful

The search bar "disconnect" defaults to duckduckgo and should be removed

Disconnect should not be the default anymore with a new 6.5. Are you sure this is happening with a clean, new version? Any why should it be removed?

with the Mac version sha256: 3496a928aba9c0504f7c143a6c4d4fcd859cfbd818d6ce3fbb1538fe8d225bf5

Disconnect is not the default but is still present in the search configuration. If you use disconnect it defaults to duckduckgo making it useless.

Ah, I see. I filed https://trac.torproject.org/projects/tor/ticket/21363 for that, thanks.

can obfs4 bridges bypass china firewall and turkey, iran's block? I know some bridges may not work in those countrys.

Thanks for all the efforts folks!

I really hoped this release was going to add a the ability to password protect the Tor executable (same pw decrypting Tor setup files & bookmark would be a bonus). I recall this possibility being discussed several releases back. Some of the arguments against were 'creates a false sense of security', 'other means to same end' etc, but I thought it was still on the drawing board. Please advise if it is or is not, or shoot, if it's already been implemented and I haven't noticed it.

As it is now, using Windows I can lock a session, but at my work we cannot lock screens b/c it's common to hop on a coworker's system when they aren't around. This means I must either boot into Tails or store my main bookmarks & key files on a USB just in case someone does decide to open Tor. I'm looking for a better more permanent solution for this. Please advise if it's on the drawing board & I'll sit back & keep waiting for it. thanks again

*previous comment should be from 'bs' - thanks

Everytime I go to addons and click "addon search" or "details" in addons then Tor Browser doesn't work and close it with such a error message. Win7, German, 32bit.

What do you mean with "doesn't work and close it with such a error message"?

Thanks for the great release!

I can NOT get any of the new versions to work.
I’ve been using 6.5a5 since it was released and it works fine.

Today I installed 6.5 several times and it just won’t connect.
"Something Went Wrong!
Tor is not working in this browser."

Onion icon shows "Tor disabled" and pages won’t load - "unable to find the proxy server"

I don’t have a proxy server configured right now!

Downloaded and installed several times, sometimes it says "Tor Launcher could not connect to Tor control port."

And v7.0a1 is the same.

Reinstalling 6.5a5 makes it functional again. WTF?!

Wouldn’t you know it - right after posting my comment I deleted and replaced the TorBrowser-Data folder AGAIN.

At first I got a big error window. Then I deleted the Updates folder within, and all the files in the Tor folder.

I had already done that many times, so I don’t know why Tor launched this time but it did (version 7.0a1).

I notice that inside the updates.xml file there’s no mention of version 7.0a1 or Firefox 45.7.0. The last updates listed are Tor 6.5a6 and Firefox 45.6.0.

Just successfully launched it again, so who knows what caused the problem.

- Firefox 24 ESR works on KDE 4
- Firefox 45 ESR (i.e. TBB 6.5) works on KDE 4
- Firefox 51 (no e10s) does not work on KDE 4

Not like I need Firefox 51 for KDE though, but Firefox 52 ESR is creeping up soon, so are there any plans for the next Tor Browser based on that version to work on KDE 4? :nervous:

Not sure. I guess the first task would be to find out why it is not working anymore. Then we could think about ways to fix that. Is KDE4 support deprecated?

The last Plasma 4 LTS release was 4.11.22 (August 19, 2015).

See: https://www.kde.org/announcements/announce-applications-15.08.0.php ("Other Releases")

Session Manager in Tools menu and it's icons in toolbars disappeared after update.
How to make Session Manager fully functional?

360 total security now flags the tor 7.0 and 6.5 as UNKNOWN, yesterday it was saying it was a virus/trojan

2017-01-29 13:47:56 D:\Users\user\Desktop\deskk\Downloads\torbrowser-install-7.0a1_en-US.exe Unknown Mozilla
2017-01-29 13:47:34 D:\Users\user\Desktop\deskk\Downloads\torbrowser-install-6.5_en-US.exe Unknown Mozilla

very use full

Can't download the new version. Everytime I try, I receive this warning: "signature verification failed! You might be under attack, or there might just be a networking problem. Click start try the download again."
Well, I don't have networking problems and I'd already tried several times. Any help?

Simple- Do a fresh install of Tor and remember to redo your security settings.

There is a bug in tor-browser-launcher: https://github.com/micahflee/torbrowser-launcher/issues/260. I'd recommend to download Tor Browser from our website and use its built-in updater. It should be much faster that way as well if you are updating regularly as it only downloads diffs in that case and not a whole new Tor Browser every time.

Something interesting. I think I may have found the FBI's alleged magic bullet. It seems that PHP has a known but not well publicized exploitable bug that allows a PHPscript to both hide other scripts such as javascript from the browser, as well as somehow, at least hypothetically, execute them as well. If this is the case, it would seem that PHP would be able to bypass the browser plugins and run scripts anyways. So a few questions:

1. Has this type of attack been considered and mitigated,

and,

2. How might we mitigate this sort of thing?

PHP is a server-side language. It does not execute on browsers and cannot be used to exploit browsers in any way. A PHP bug, no matter how severe, could only be used to exploit a web server. PHP is simply a method of having a server choose what to send to a client, like any other CGI script like Perl, Ruby, ASP, or whatever. It cannot tell the client how to execute it. To answer your questions:

1. No, because it does not exist.

2. We cannot, because it does not exist.

tor + firefox updated not properly. Tor not run correctly in firefox. Items in "Add-ons" is absent. I do not know what kinds configuration methods to use for to repare. When I Install old version over not properly updated version then links what I added to "Bookmarls" is erased. These situation is appear often.

Did you get error messages during the update? What extensions were there before and are missing now? Which operating system are you using?

nice

agree

in saudi arabia your brawser has dead now im outside of my home

in this new 6.5 version some web-site not opens. but in 6.0.8 all good. for example: https://999.md

Works with neither of them for me.

Try with Low security settings

I did.

I think problem in NoScript

04-02-2017, 11:57:27.500 [WARN] Proxy Client: unable to connect to 83.212.101.3:443 ("general SOCKS server failure")

This is down again. This is used with the scramblesuite transport

I talked to the maintainer of that bridge and he told me that this bridge gets hammered with requests and the server can't handle that. We'll take that one out of the Tor Browser default bridges next time, alas.

That means that scramblesuit will be removed?

Yes, if we don't find a replacement bridge before the next release is getting out.

The TOR metrics doesn't seem to support the excessive usage as it peaks at 300 averaging 120. See

https://metrics.torproject.org/userstats-bridge-transport.html?start=2016-11-11&end=2017-02-09&transport=scramblesuit

Doesn't every TOR site support every bridge?

I don't know what "Doesn't every TOR site support every bridge" means, but if it means "Doesn't every Tor relay support every pluggable transport", the answer is no.

Pluggable transports, such as scramblesuit, are separate programs that transform Tor traffic in a way that makes it harder to detect and/or censor.

The scramblesuit protocol doesn't get that much use in practice, and there aren't that many bridges that support it, and apparently the ones that do are having trouble with stability. Sounds to me like a reasonable time to remove it from the Tor Browser.

Thanks! Your services are invaluable!!

super

I am using a Mac OSX, and I see 2 "Tor browser" processes running simultaneously. Is this normal ?

No big deal but it seems the "wrap long lines" option doesn't work when I open "view page source".

When I install To browser 6.5 onto my Ubuntu 16.05 with the latest Firefox version already installed the Tor browser doesn't show being open from the App menu selection even though it is open. Firefox shows 2 applications open. It is if the Tor browser and Firefox are linked.

Post new comment

  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <em> <strong> <cite> <code> <ul> <ol> <li> <b> <i> <strike> <p> <br>

More information about formatting options

Syndicate content Syndicate content