tbb

A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.

Note: The individual bundles of the stable series are signed by one of the subkeys of the Tor Browser Developers signing key from now on, too. You can find its fingerprint on the Signing Keys page. It is:

pub   4096R/0x4E2C6E8793298290 2014-12-15
      Key fingerprint = EF6E 286D DA85 EA2A 4BA7
                        DE68 4E2C 6E87 9329 8290

Tor Browser 4.0.4 is based on Firefox ESR 31.5.0, which features important security updates to Firefox. Additionally, it contains updates to NoScript, HTTPS-Everywhere, and OpenSSL (none of the OpenSSL advisories since OpenSSL 1.0.1i have affected Tor, but we decided to update to the latest 1.0.1 release anyway).

Here is the changelog since 4.0.3:

• All Platforms
  • Update Firefox to 31.5.0esr
  • Update OpenSSL to 1.0.1l
  • Update NoScript to 2.6.9.15
  • Update HTTPS-Everywhere to 4.0.3
  • Bug 14203: Prevent meek from displaying an extra update notification
  • Bug 14849: Remove new NoScript menu option to make permissions permanent
  • Bug 14851: Set NoScript pref to disable permanent permissions

The Tor Browser team is proud to announce the release of the fourth alpha of the 4.5 series of Tor Browser. The release is available from the extended downloads page and also from our distribution directory.

Tor Browser 4.5a4 is based on Firefox ESR 31.5.0, which features important security updates to Firefox. Moreover, this release includes an updated Tor, 0.2.6.3-alpha, and switches Scramblesuit and obfs3 bridge support to a new golang-based implementation. We are especially interested in hearing any issues with using obfs3, obfs4, and Scramblesuit in this release.

The release also features several improvements to usability, following the results of the usability sprint at the end of last month. In particular, the Torbutton onion menu and related preference windows have been overhauled to provide more simplicity and more focus. The onion menu now features a much requested "New Circuit for this site" option, and the security and privacy settings window have been simplified. For censored users, the first run configuration wizard was also improved to present the choice of Pluggable Transport before the local proxy information, in an effort to avoid confusion between Pluggable Transports and local proxies. As can be seen from the changelog below, the release contains several other usability tweaks and enhancements as well.

Here is the full changelog for changes since 4.5-alpha-3:

• All Platforms
  • Update Firefox to 31.5.0esr
  • Update Tor to 0.2.6.3-alpha
  • Update OpenSSL to 1.0.1l
  • Update NoScript to 2.6.9.15
  • Update obfs4proxy to 0.0.4
    • Use obfs4proxy for ScrambleSuit bridges
  • Update Torbutton to 1.9.0.0
    • Bug 13882: Fix display of bridges after bridge settings have been changed
    • Bug 5698: Use "Tor Browser" branding in "About Tor Browser" dialog
    • Bug 10280: Strings and pref for preventing plugin initialization.
    • Bug 14866: Show correct circuit when more than one exists for a given domain
    • Bug 9442: Add New Circuit button to Torbutton menu
    • Bug 9906: Warn users before closing all windows and performing new identity.
    • Bug 8400: Prompt for restart if disk records are enabled/disabled.
    • Bug 14630: Hide Torbutton's proxy settings tab.
    • Bug 14632: Disable Cookie Manager until we get it working.
    • Bug 11175: Remove "About Torbutton" from onion menu.
    • Bug 13900: Remove remaining SafeCache code in favor of C++ patch
    • Bug 14490: Use Disconnect search in about:tor search box
    • Bug 14392: Don't steal input focus in about:tor search box
    • Bug 11236: Don't set omnibox order in Torbutton (to prevent translation)
    • Bug 13406: Stop directing users to download-easy.html.en on update
    • Bug 9387: Handle "custom" mode better in Security Slider
    • Bug 12430: Bind jar: pref to Security Slider
    • Bug 14448: Restore Torbutton menu operation on non-English localizations
    • Translation updates
  • Update Tor Launcher to 0.2.7.2
    • Bug 13271: Display Bridge Configuration wizard pane before Proxy pane
    • Bug 14336: Fix navigation button display issues on some wizard panes
    • Translation updates
  • Bug 14203: Prevent meek from displaying an extra update notification
  • Bug 14849: Remove new NoScript menu option to make permissions permanent
  • Bug 14851: Set NoScript pref to disable permanent permissions
  • Bug 14490: Make Disconnect the default omnibox search engine
  • Bug 11236: Fix omnibox order for non-English builds
    • Also remove Amazon, eBay and bing; add Youtube and Twitter
  • Bug 10280: Don't load any plugins into the address space.
  • Bug 14392: Make about:tor hide itself from the URL bar
  • Bug 12430: Provide a preference to disable remote jar: urls
  • Bug 13900: Remove 3rd party HTTP auth tokens via Firefox patch
  • Bug 5698: Fix branding in "About Torbrowser" window
• Windows:
  • Bug 13169: Don't use /dev/random on Windows for SSP
• Linux:
  • Bug 13717: Make sure we use the bash shell on Linux

Note: Once again, the individual bundles of both Tor Browser series are signed by one of the subkeys of the Tor Browser Developers signing key from now on. You can find its fingerprint on the Signing Keys page. It is:

pub   4096R/0x4E2C6E8793298290 2014-12-15
      Key fingerprint = EF6E 286D DA85 EA2A 4BA7
                        DE68 4E2C 6E87 9329 8290

The third alpha release of the 4.5 series is available from the extended downloads page and also from our distribution directory.

Note: The individual bundles of the alpha series are signed by one of the subkeys of the Tor Browser Developers signing key from now on. You can find its fingerprint on the Signing Keys page. It is:

pub   4096R/0x4E2C6E8793298290 2014-12-15
      Key fingerprint = EF6E 286D DA85 EA2A 4BA7
                        DE68 4E2C 6E87 9329 8290

Tor Browser 4.5a3 is based on Firefox ESR 31.4.0, which features important security updates to Firefox. Its updater now contains the code for verifying signed update files and does not accept unsigned ones anymore. Moreover, this release includes an updated Tor, 0.2.6.2-alpha, an updated meek, 0.15, which is now working again, and a bunch of additional improvements and bugfixes.

Here is the changelog since 4.5-alpha-2:

• All Platforms
  • Update Firefox to 31.4.0esr
  • Update Tor to 0.2.6.2-alpha
  • Update NoScript to 2.6.9.10
  • Update HTTPS Everywhere to 5.0developement.2
  • Update meek to 0.15
  • Update Torbutton to 1.8.1.3
    • Bug 13998: Handle changes in NoScript 2.6.9.8+
    • Bug 14100: Option to hide NetworkSettings menuitem
    • Bug 13079: Option to skip control port verification
    • Bug 13835: Option to change default Tor Browser homepage
    • Bug 11449: Fix new identity error if NoScript is not enabled
    • Bug 13881: Localize strings for tor circuit display
    • Bug 9387: Incorporate user feedback
    • Bug 13671: Fixup for circuit display if bridges are used
    • Translation updates
  • Update Tor Launcher 0.2.7.1
    • Bug 14122: Hide logo if TOR_HIDE_BROWSER_LOGO set
    • Translation updates
  • Bug 13379: Sign our MAR files
  • Bug 13788: Fix broken meek in 4.5-alpha series
  • Bug 13439: No canvas prompt for content callers

A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.

Tor Browser 4.0.3 is based on Firefox ESR 31.4.0, which features important security updates to Firefox. Additionally, it contains updates to meek, NoScript and Tor Launcher.

Here is the changelog since 4.0.2:

• All Platforms
  • Update Firefox to 31.4.0esr
  • Update NoScript to 2.6.9.10
  • Update meek to 0.15
  • Update Tor Launcher to 0.2.7.0.2
    • Translation updates only

The second alpha release of the 4.5 series is available from the extended downloads page and also from our distribution directory.

Tor Browser 4.5-alpha-2 is based on Firefox ESR 31.3.0, which features important security updates to Firefox. Additionally, it fixes a regression which caused third party authentication credentials to remain undeleted and contains smaller improvements to the circuit UI and the security slider.

Here is the changelog since 4.5-alpha-1:

• All Platforms
  • Update Firefox to 31.3.0esr
  • Update NoScript to 2.6.9.5
  • Update HTTPS Everywhere to 5.0developement.1
  • Update Torbutton to 1.8.1.2
    • Bug 13672: Make circuit display optional
    • Bug 13671: Make bridges visible on circuit display
    • Bug 9387: Incorporate user feedback
    • Bug 13784: Remove third party authentication tokens
  • Bug 13435: Remove our custom POODLE fix (fixed by Mozilla in 31.3.0esr)

A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.

Tor Browser 4.0.2 is based on Firefox ESR 31.3.0, which features important security updates to Firefox. Additionally, it fixes a regression in third party cache isolation (tracking protection) that appeared in 4.0, and prevents JavaScript engine locale leaks. Moreover, we believe we have fixed all of the Windows crashes that were due to mingw-w64 compiler bugs. DirectShow is still disabled by default, though, to give the respective mingw-w64 patch another round of testing.

Here is the changelog since 4.0.1:

• All Platforms
  • Update Firefox to 31.3.0esr
  • Update NoScript to 2.6.9.5
  • Update HTTPS Everywhere to 4.0.2
  • Update Torbutton to 1.7.0.2
    • Bug 13019: Synchronize locale spoofing pref with our Firefox patch
    • Bug 13746: Properly link Torbutton UI to thirdparty pref.
  • Bug 13742: Fix domain isolation for content cache and disk-enabled
    browsing mode

  • Bug 5926: Prevent JS engine locale leaks (by setting the C library
    locale)

  • Bug 13504: Remove unreliable/unreachable non-public bridges
  • Bug 13435: Remove our custom POODLE fix (fixed by Mozilla in 31.3.0esr)
• Windows
  • Bug 13443: Fix DirectShow-related crash with mingw patch.
  • Bug 13558: Fix crash on Windows XP during download folder changing
  • Bug 13594: Fix update failure for Windows XP users

The first alpha release of the 4.5 series is available from the extended downloads page and also from our distribution directory.

This release features a circuit status reporting UI (visible on the green Tor onion button menu), as well as isolation for circuit use. All content elements for a website will use a single circuit, and different websites should use different circuits, even when viewed at the same time. The Security Slider is also present in this release, and can be configured from the green Tor onion's Preferences menu, under the Privacy and Security settings tab. It also features HTTPS certificate pinning for selected sites (including our updater), which was backported from Firefox 32.

This release also features a rewrite of the obfs3 pluggable transport, and the introduction of the new obfs4 transport. Please test these transports and report any issues!

Note to Mac users: As part of our planned end-of-life for supporting 32 bit Macs, the Mac edition of this release is 64 bit only, which also means that the updater will not work for Mac users on the alpha series release channel for this release. Once you transition to this 64 bit release, the updater should function correctly after that.

Here is the complete changelog since 4.0.1:

• All Platforms
  • Bug 3455: Patch Firefox SOCKS and proxy filters to allow user+pass isolation
  • Bug 11955: Backport HTTPS Certificate Pinning patches from Firefox 32
  • Bug 13684: Backport Mozilla bug #1066190 (pinning issue fixed in Firefox 33)
  • Bug 13019: Make JS engine use English locale if a pref is set by Torbutton
  • Bug 13301: Prevent extensions incompatibility error after upgrades
  • Bug 13460: Fix MSVC compilation issue
  • Bug 13504: Remove stale bridges from default bridge set
  • Bug 13742: Fix domain isolation for content cache and disk-enabled browsing mode
  • Update Tor to 0.2.6.1-alpha
  • Update NoScript to 2.6.9.3
  • Bug 13586: Make meek use TLS session tickets (to look like stock Firefox).
  • Bug 12903: Include obfs4proxy pluggable transport
  • Update Torbutton to 1.8.1.1
    • Bug 9387: Provide a "Security Slider" for vulnerability surface reduction
    • Bug 13019: Synchronize locale spoofing pref with our Firefox patch
    • Bug 3455: Use SOCKS user+pass to isolate all requests from the same url domain
    • Bug 8641: Create browser UI to indicate current tab's Tor circuit IPs
    • Bug 13651: Prevent circuit-status related UI hang.
    • Bug 13666: Various circuit status UI fixes
    • Bug 13742+13751: Remove cache isolation code in favor of direct C++ patch
    • Bug 13746: Properly update third party isolation pref if disabled from UI
• Windows
  • Bug 13443: Re-enable DirectShow; fix crash with mingw patch.
  • Bug 13558: Fix crash on Windows XP during download folder changing
  • Bug 13091: Make app name "Tor Browser" instead of "Tor"
  • Bug 13594: Fix update failure for Windows XP users
• Mac
  • Bug 10138: Switch to 64bit builds for MacOS

A bugfix release for the latest stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.

Most notably, Tor Browser 4.0.1 fixes a crash bug affecting many users on Windows (see: bug 13443 for the details). Furthermore, the latest stable version of Tor (0.2.5.10) is included and a bug in our updater code got fixed.

This is not a security update, and we will not be deploying update notification or automatic upgrades for all platforms for this release. We may provide automatic updates just for Windows users later in the week, but we are hesitant to do this immediately due to Bug 13594.

Here is the changelog since 4.0:

• All Platforms
  • Update Tor to 0.2.5.10
  • Update NoScript to 2.6.9.3
    • Bug 13301: Prevent extensions incompatibility error after upgrades
    • Bug 13460: Fix MSVC compilation issue
• Windows
  • Bug 13443: Disable DirectShow to prevent crashes on many sites
  • Bug 13091: Make app name "Tor Browser" instead of "Tor"

Update (Oct 22 13:15 UTC): Windows users that are affected by Tor Browser crashes might try to avoid this problem by opening "about:config" and setting the preference "media.directshow.enabled" to "false". This is a workaround reported to help while the investigation is still on-going.

Update (Oct 25 02:32 UTC): If you are unhappy with the new Firefox 31 UI, please check out Classic Theme Restorer.

Update (Oct 16 20:35 UTC): The meek transport still needs performance tuning before it matches other more conventional transports. Ticket numbers are now listed in the post.

The first release of the 4.0 series is available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox. Additionally, due to the POODLE attack, we have also disabled SSLv3 in this release.

The primary user-facing change since the 3.6 series is the transition to Firefox 31-ESR.

More importantly for censored users who were using 3.6, the 4.0 series also features the addition of three versions of the meek pluggable transport. In fact, we believe that both meek-amazon and meek-azure will work in China today, without the need to obtain bridge addresses. Note though that we still need to improve meek's performance to match other transports, though. so adjust your expectations accordingly. See tickets #12428, #12778, and #12857 for details.

This release also features an in-browser updater, and a completely reorganized bundle directory structure to make this updater possible. This means that simply extracting a 4.0 Tor Browser over a 3.6.6 Tor Browser will not work. Please also be aware that the security of the updater depends on the specific CA that issued the www.torproject.org HTTPS certificate (Digicert), and so it still must be activated manually through the Help ("?") "about browser" menu option. Very soon, we will support both strong HTTPS site-specific certificate pinning (ticket #11955) and update package signatures (ticket #13379). Until then, we do not recommend using this updater if you need stronger security and normally verify GPG signatures.

There are also a couple behavioral changes relating to NoScript since 3.6. In particular, by default it now enforces script enable/disable for all sub-elements of a page, so you only need to enable scripts once for a page to work, rather than enabling many sub-scripts. This will hopefully make it possible for more people to use the "High Security" setting in our upcoming Security Slider, which will have Javascript disabled globally via NoScript by default. While we do not recommend per-element whitelisting due to fingerprinting, users who insist on keeping this functionality may wish to check out RequestPolicy.

Note to MacOS users: We intend to deprecate 32bit OSX bundles very soon. If you are still using 32bit OSX 10.6, you soon will need to either update your OS to a later version, or begin using the Tails live operating system.

Here is the changelog since 4.0-alpha-3:

• All Platforms
  • Update Firefox to 31.2.0esr
  • Update Torbutton to 1.7.0.1
    • Bug 13378: Prevent addon reordering in toolbars on first-run.
    • Bug 10751: Adapt Torbutton to ESR31's Australis UI.
    • Bug 13138: ESR31-about:tor shows "Tor is not working"
    • Bug 12947: Adapt session storage blocker to ESR 31.
    • Bug 10716: Take care of drag/drop events in ESR 31.
    • Bug 13366: Fix cert exemption dialog when disk storage is enabled.
  • Update Tor Launcher to 0.2.7.0.1
    • Translation updates only
  • Udate fteproxy to 0.2.19
  • Update NoScript to 2.6.9.1
  • Bug 13027: Spoof window.navigator useragent values in JS WebWorker threads
  • Bug 13016: Hide CSS -moz-osx-font-smoothing values.
  • Bug 13356: Meek and other symlinks missing after complete update.
  • Bug 13025: Spoof screen orientation to landscape-primary.
  • Bug 13346: Disable Firefox "slow to start" warnings and recordkeeping.
  • Bug 13318: Minimize number of buttons on the browser toolbar.
  • Bug 10715: Enable WebGL on Windows (still click-to-play via NoScript)
  • Bug 13023: Disable the gamepad API.
  • Bug 13021: Prompt before allowing Canvas isPointIn*() calls.
  • Bug 12460: Several cross-compilation and gitian fixes (see child tickets)
  • Bug 13186: Disable DOM Performance timers
  • Bug 13028: Defense-in-depth checks for OCSP/Cert validation proxy usage
  • Bug 13416: Defend against new SSLv3 attack (poodle).

Here is the list of all changes in the 4.0 series since 3.6.6:

• All Platforms
  • Update Firefox to 31.2.0esr
  • Udate fteproxy to 0.2.19
  • Update Tor to 0.2.5.8-rc (from 0.2.4.24)
  • Update NoScript to 2.6.9.1
  • Update Torbutton to 1.7.0.1 (from 1.6.12.3)
    • Bug 13378: Prevent addon reordering in toolbars on first-run.
    • Bug 10751: Adapt Torbutton to ESR31's Australis UI.
    • Bug 13138: ESR31-about:tor shows "Tor is not working"
    • Bug 12947: Adapt session storage blocker to ESR 31.
    • Bug 10716: Take care of drag/drop events in ESR 31.
    • Bug 13366: Fix cert exemption dialog when disk storage is enabled.
  • Update Tor Launcher to 0.2.7.0.1 (from 0.2.5.6)
    • Bug 11405: Remove firewall prompt from wizard.
    • Bug 12895: Mention @riseup.net as a valid bridge request email address
    • Bug 12444: Provide feedback when “Copy Tor Log” is clicked.
    • Bug 11199: Improve error messages if Tor exits unexpectedly
    • Bug 12451: Add option to hide TBB's logo
    • Bug 11193: Change "Tor Browser Bundle" to "Tor Browser"
    • Bug 11471: Ensure text fits the initial configuration dialog
    • Bug 9516: Send Tor Launcher log messages to Browser Console
  • Bug 13027: Spoof window.navigator useragent values in JS WebWorker threads
  • Bug 13016: Hide CSS -moz-osx-font-smoothing values.
  • Bug 13356: Meek and other symlinks missing after complete update.
  • Bug 13025: Spoof screen orientation to landscape-primary.
  • Bug 13346: Disable Firefox "slow to start" warnings and recordkeeping.
  • Bug 13318: Minimize number of buttons on the browser toolbar.
  • Bug 10715: Enable WebGL on Windows (still click-to-play via NoScript)
  • Bug 13023: Disable the gamepad API.
  • Bug 13021: Prompt before allowing Canvas isPointIn*() calls.
  • Bug 12460: Several cross-compilation and gitian fixes (see child tickets)
  • Bug 13186: Disable DOM Performance timers
  • Bug 13028: Defense-in-depth checks for OCSP/Cert validation proxy usage
  • Bug 4234: Automatic Update support (off by default)
  • Bug 11641: Reorganize bundle directory structure to mimic Firefox
  • Bug 10819: Create a preference to enable/disable third party isolation
  • Bug 13416: Defend against new SSLv3 attack (poodle).
• Windows:
  • Bug 10065: Enable DEP, ASLR, and SSP hardening options
• Linux:
  • Bug 13031: Add full RELRO hardening protection.
  • Bug 10178: Make it easier to set an alternate Tor control port and password
  • Bug 11102: Set Window Class to "Tor Browser" to aid in Desktop navigation
  • Bug 12249: Don't create PT debug files anymore

The list of frequently encountered known issues is also available in our bug tracker.

The third alpha release of the 4.0 series is available from the extended downloads page and also from our distribution directory.

The individual bundles of this release are signed by Georg Koppen. You can find his key fingerprint on the Signing Keys page. It is:

 pub   4096R/4B7C3223 2013-07-30
 Fingerprint = 35CD74C24A9B15A19E1A81A194373AA94B7C3223

IMPORTANT UPDATER ISSUES:

• We discovered Bug 13245 will cause non-English Tor Browsers to update to the English version. This bug has been fixed in this release, but 4.0a2 users will still be updated to the English version if they use the in-browser updater.
• Meek Transport users will need to restart their browser a second time after upgrade if they use the in-browser updater. We are still trying to get to the bottom of this issue.

This release also features important security updates to Firefox.

Here is the complete changelog:

• All Platforms
  • Update Tor to 0.2.5.8-rc
  • Update Firefox to 24.8.1esr
  • Update meek to 0.11
  • Update NoScript to 2.6.8.42
  • Update Torbutton to 1.6.12.3
    • Bug 13091: Use "Tor Browser" everywhere
    • Bug 10804: Workaround fix for some cases of startup hang
  • Bug 13091: Use "Tor Browser" everywhere
  • Bug 13049: Browser update failure (self.update is undefined)
  • Bug 13047: Updater should not send Kernel and GTK version
  • Bug 12998: Prevent intermediate certs from being written to disk
  • Bug 13245: Prevent non-english TBBs from upgrading to english version.
• Linux:
  • Bug 9150: Make RPATH unavailable on Tor binary.
  • Bug 13031: Add full RELRO protection.

The list of frequently encountered known issues is also available in our bug tracker.