Blogs

Tor Messenger 0.1.0b5 is released

We are pleased to announce another public beta release of Tor Messenger. This release features important security updates to libotr, and addresses a number of stability and usability issues. All users are highly encouraged to upgrade.

The initial public release was a success in that it garnered a lot of useful feedback. We tried to respond to all your concerns in the comments of the blog post but also collected and aggregated a FAQ of the most common questions.

OTR over Twitter DMs

Tor Messenger now supports OTR conversations over Twitter DMs (direct messages). Simply configure your Twitter account with Tor Messenger and add the Twitter account you want as a contact. Any (direct) message you send to another Twitter contact will be sent over OTR provided that both contacts are running Tor Messenger (or another client that supports Twitter DMs and OTR).

Facebook support dropped

Facebook has long officially deprecated their XMPP gateway, and it doesn't appear to work anymore. We had multiple reports from users about this issue and decided that it was best to remove support for Facebook from Tor Messenger.

We hear that an implementation of the new mqtt based protocol is in the works, so we hope to restore this functionality in the future.

Before upgrading, back up your OTR keys

Before upgrading to the new release, you will need to back up your OTR keys or simply generate new ones. Please see the following steps to back them up.

In the future, we plan to port Tor Browser's updater patches (#14388) so that keeping Tor Messenger up to date is seamless and automatic. We also plan to add a UI to make importing OTR keys and accounts from Pidgin, and other clients, as easy as possible (#16526).

The secure updater will likely be a part of the next release of Tor Messenger.

Downloads

Please note that Tor Messenger is still in beta. The purpose of this release is to help test the application and provide feedback. At-risk users should not depend on it for their privacy and safety.

Linux (32-bit)

Linux (64-bit)

Windows

OS X (Mac)

sha256sums.txt
sha256sums.txt.asc

The sha256sums.txt file containing hashes of the bundles is signed with the key 0x6887935AB297B391 (fingerprint: 3A0B 3D84 3708 9613 6B84 5E82 6887 935A B297 B391).

Changelog

Here is the complete changelog since v0.1.0b4:

Tor Messenger 0.1.0b5 -- March 09, 2016

  • All Platforms
    • Bug 13795: Remove SPI root certificate because Debian no longer ships it
    • Bug 18094: Remove references to torbutton from start-tor-messenger script
    • Bug 18235: Disable Facebook as they no longer support XMPP
    • Bug 17494: Better error reporting for failed outgoing messages
    • Bug 17749: Show version information in the "About" window
    • Bug 13312: Add support for OTR over Twitter DMs
    • Bump libotr to 4.1.1
  • Mac
    • Bug 17896: Add Edit menu to the conversation window on OS X
  • Windows
    • ctypes-otr
      • GH 65: Support Unicode paths on Windows

Tor Browser 6.0a3-hardened is released

A new hardened Tor Browser release is available. It can be found in the 6.0a3-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox.

This release bumps the versions of several of our components, e.g.: Firefox to 38.7.0esr, Tor to 0.2.8.1-alpha, OpenSSL to 1.0.1s, NoScript to 2.9.0.4 and HTTPS-Everywhere to 5.1.4.

Additionally, we fixed long-standing bugs in our Tor circuit display and window resizing code, and improved the usability of our font fingerprinting defense further.

Note: There is no incremental update from 6.0a2-hardened available due to bug 17858. The internal updater should work, though, doing a complete update.

Here is the complete changelog since 6.0a2-hardened:

Tor Browser 6.0a3-hardened -- March 8

  • All Platforms
    • Update Firefox to 38.7.0esr
    • Update Tor to 0.2.8.1-alpha
    • Update OpenSSL to 1.0.1s
    • Update NoScript to 2.9.0.4
    • Update HTTPS Everywhere to 5.1.4
    • Update Torbutton to 1.9.5.1
      • Bug 16990: Don't mishandle multiline commands
      • Bug 18144: about:tor update arrow position is wrong
      • Bug 16725: Allow resizing with non-default homepage
      • Bug 16917: Allow users to more easily set a non-tor SSH proxy
      • Translation updates
    • Bug 18030: Isolate favicon requests on Page Info dialog
    • Bug 18297: Use separate Noto JP,KR,SC,TC fonts
    • Bug 18170: Make sure the homepage is shown after an update as well
    • Bug 16728: Add test cases for favicon isolation
  • Windows
    • Bug 18292: Disable staged updates on Windows

Tor Browser 6.0a3 is released

A new alpha Tor Browser release is available for download in the 6.0a3 distribution directory and on the alpha download page.

This release features important security updates to Firefox.

This release bumps the versions of several of our components, e.g.: Firefox to 38.7.0esr, Tor to 0.2.8.1-alpha, OpenSSL to 1.0.1s, NoScript to 2.9.0.4 and HTTPS-Everywhere to 5.1.4.

Additionally, we fixed long-standing bugs in our Tor circuit display and window resizing code, and improved the usability of our font fingerprinting defense further.

Here is the full changelog since 6.0a2:

Tor Browser 6.0a3 -- March 8

  • All Platforms
    • Update Firefox to 38.7.0esr
    • Update Tor to 0.2.8.1-alpha
    • Update OpenSSL to 1.0.1s
    • Update NoScript to 2.9.0.4
    • Update HTTPS Everywhere to 5.1.4
    • Update Torbutton to 1.9.5.1
      • Bug 16990: Don't mishandle multiline commands
      • Bug 18144: about:tor update arrow position is wrong
      • Bug 16725: Allow resizing with non-default homepage
      • Bug 16917: Allow users to more easily set a non-tor SSH proxy
      • Translation updates
    • Bug 18030: Isolate favicon requests on Page Info dialog
    • Bug 18297: Use separate Noto JP,KR,SC,TC fonts
    • Bug 18170: Make sure the homepage is shown after an update as well
    • Bug 16728: Add test cases for favicon isolation
  • Windows

    • Bug 18292: Disable staged updates on Windows

Tor Browser 5.5.3 is released

Tor Browser 5.5.3 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release bumps the versions of several of our external components: Firefox to 38.7.0esr, OpenSSL to 1.0.1s, NoScript to 2.9.0.4 and HTTPS-Everywhere to 5.1.4.

Additionally, we fixed long-standing bugs in our Tor circuit display and window resizing code, and improved the usability of our font fingerprinting defense further.

The full changelog since 5.5.2 is:

Tor Browser 5.5.3 -- March 8 2016

  • All Platforms

    • Update Firefox to 38.7.0esr
    • Update OpenSSL to 1.0.1s
    • Update NoScript to 2.9.0.4
    • Update HTTPS Everywhere to 5.1.4
    • Update Torbutton to 1.9.4.4
      • Bug 16990: Don't mishandle multiline commands
      • Bug 18144: about:tor update arrow position is wrong
      • Bug 16725: Allow resizing with non-default homepage
      • Translation updates
    • Bug 18030: Isolate favicon requests on Page Info dialog
    • Bug 18297: Use separate Noto JP,KR,SC,TC fonts
    • Bug 18170: Make sure the homepage is shown after an update as well
  • Windows

    • Bug 18292: Disable staged updates on Windows

Tails 2.2 is out

This release fixes many security issues and users should upgrade as soon as possible.

New features

  • Add support for viewing DVDs with DRM protection. (#7674)

Upgrades and changes

  • Replace Vidalia, which has been unmaintained for years, with:
    • a system status icon indicating whether Tails is connected to Tor or not,
    • Onion Circuits to display a list of the current Tor circuits and connections.
  • Automatically save the database of KeePassX after every change to prevent data loss when shutting down. (#11147)

  • Update Tor Browser to 5.5.3.

    • Improve Japanese-style glyph display.
  • Upgrade I2P to 0.9.24.

  • Disable the Alt + Shift and Left Shift + Right Shift keyboard shortcuts that used to switch to the next keyboard layout. You can still use Meta + Space to change keyboard layout. (#11042)

Fixed problems

  • Fix optional PGP key feature of WhisperBack. (#11033)

  • Fix saving of WhisperBack report to a file when offline. (#11133)

  • Make Git verify the integrity of transferred objects. (#11107)

For more details, see also our changelog.

Known issues

See the current list of known issues.

Install or upgrade

To install, follow our installation instructions.

An automatic upgrade is available from 2.0.1 to 2.2.

If it is impossible to automatically upgrade your Tails, read our upgrade instructions.

If your Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

What's coming up?

The next Tails release is scheduled for April 19.

Have a look at our roadmap to see where we are heading to.

We need your help and there are many ways to contribute to Tails (donating is only one of them). Come talk to us!

Support and feedback

For support and feedback, visit the Support section on the Tails website.

Tor in Google Summer of Code 2016

in

Interested in coding on Tor and getting paid for it by Google? If you are a student, we have good news for you: we have been accepted as a mentoring organization for Google Summer of Code 2016!

Here's the facts: GSoC gives you the opportunity to work on your own Tor-related coding project with one of the Tor developers as your mentor. Your mentor will help you when you're stuck and guide you in becoming part of the Tor community. Google pays you 5,500 USD for the three months of your project, so that you can focus on coding and don't have to worry about how to pay your bills.

Did we catch your attention? These are your next steps: Go look at the Google Summer of Code FAQ to make sure you are eligible to participate. Have a look at our ideas list to see if one of those projects matches your interests. If there is no project on that list that you'd want to work on, read the documentation on our website and make up your own! Come to the tor-dev@ list or #tor-dev on OFTC and let us know about your project idea. Communication is essential to success in the summer of code, and we're unlikely to accept students we haven't heard from before reading their application. So really, come to the list or IRC channel and talk to us!

Finally, write down your project idea using our template and submit your application to Google before March 25th.

We are looking forward to discussing your project idea with you!

Statement from the Tor Project re: the Court's February 23 Order in U.S. v. Farrell

Journalists have been asking us for our thoughts about a recent pdf about a judge deciding that a defendant shouldn't get any more details about how the prosecutors decided to prosecute him. Here is the statement we wrote for them:

"We read with dismay the Western Washington District Court's Order on Defendant's Motion to Compel issued on February 23, 2016, in U.S. v. Farrell. The Court held "Tor users clearly lack a reasonable expectation of privacy in their IP addresses while using the Tor network." It is clear that the court does not understand how the Tor network works. The entire purpose of the network is to enable users to communicate privately and securely. While it is true that users "disclose information, including their IP addresses, to unknown individuals running Tor nodes," that information gets stripped from messages as they pass through Tor's private network pathways.

This separation of identity from routing is key to why the court needs to consider how exactly the attackers got this person's IP address. The problem is not simply that the attackers learned the user's IP address. The problem is that they appear to have also intercepted and tampered with the user's traffic elsewhere in the network, at a point where the traffic does not identify the user. They needed to attack both places in order to link the user to his destination. This separation is how Tor provides anonymity, and it is why the previous cases about IP addresses do not apply here.

The Tor network is secure and has only rarely been compromised. The Software Engineering Institute ("SEI") of Carnegie Mellon University (CMU) compromised the network in early 2014 by operating relays and tampering with user traffic. That vulnerability, like all other vulnerabilities, was patched as soon as we learned about it. The Tor network remains the best way for users to protect their privacy and security when communicating online."

Tor Browser 6.0a2-hardened is released

A new hardened Tor Browser release is available. It can be found in the 6.0a2-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox. Users on the security level "High" or "Medium-High" were not affected by the bugs in the Graphite font rendering library.

Additionally, we fixed a number of issues found with the release of Tor Browser 5.5, which already got addressed in Tor Browser 5.5.1, and we switched to a Debian Wheezy system for building the hardened series as well.

Note: There is no incremental update from 6.0a1-hardened available due to bug 17858. The internal updater should work, though, doing a complete update.

Here is the complete changelog since 6.0a1-hardened:

Tor Browser 6.0a2-hardened -- February 15 2016

  • All Platforms
    • Update Firefox to 38.6.1esr
    • Update NoScript to 2.9.0.3
    • Bug 18168: Don't clear an iframe's window.name (fix of #16620)
    • Bug 18137: Add two new obfs4 default bridges
  • Windows
  • OS X
  • Linux
  • Build System
    • Linux
      • Bug 15578: Switch to Debian Wheezy guest VMs (10.04 LTS is EOL)
      • Bug 18198: Building the hardened Tor Browser in a Debian Wheezy VM is broken
Syndicate content Syndicate content