tbb

Tor Browser 5.5.5 is released

Tor Browser 5.5.5 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release updates Firefox to 38.8.0esr. Additionally, we bump NoScript to version 2.9.0.11 and HTTPS-Everywhere to 5.1.6.

Moreover, we don't advertise our help desk anymore as we are currently restructuring our user support.

Here is the full changelog since 5.5.4:

Tor Browser 5.5.5 -- April 26 2016

  • All Platforms

    • Update Firefox to 38.8.0esr
    • Update Tor Launcher to 0.2.7.9

      • Bug 10534: Don't advertise the help desk directly anymore
      • Translation updates
    • Update HTTPS-Everywhere to 5.1.6
    • Update NoScript to 2.9.0.11
    • Bug 18726: Add new default obfs4 bridge (GreenBelt)

GetTor: New Ways to Download Tor Browser

We are pleased to announce the new features available in the GetTor, a service that provides alternative ways to download Tor Browser, aimed for people who live in places with high levels of censorship (e.g. when www.torproject.org is blocked) or people who just don't want to expose the fact that they are downloading Tor Browser. This work adds important new download options and capabilities and includes improvements to the current code, deployment of new channels and providers, and some brand new features such as the GetTor API. We would also like to give special thanks to Nima Fatemi, who was in charge of the non-coding parts of this project (from funding to technical management).


Update note: we now have the gettor@torproject.org account for the XMPP channel. However, we will have the get_tor@riseup.net account enabled for a couple of more weeks just in case you are still using it.


Landing page

A GetTor landing page has been created to offer information in one place (statistics, guides, etc.). If you are interested in what is going on with GetTor, following the landing page is highly recommended.


New Distribution Channels

In the past, GetTor has distributed packages by sending the bundles -- and then, later, just links -- via email. Now there are two more ways to interact with GetTor:


  1. Using Twitter: You can send a direct message to @get_tor account (you don't need to follow the @get_tor acount). Send the word help in a direct message to receive information on how to download the Tor Browser.

  2. Using XMPP: You can send a message to gettor@torproject.org using your favorite XMPP client. Simply enter help in an XMPP message to receive information on how to download the Tor Browser.


GitHub

GitHub is now a provider of Tor Browser (in addition to Dropbox and Google Drive), and the latest version of Tor Browser may be downloaded from our Github page and our Github repository.


Support for Android

Orbot is a free proxy (i.e. an intermediary) app that empowers other apps to use the Internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by sending it through a series of computers around the world. In addition to the download options provided by Guardian Project (Google Play, F-Droid, Direct download), GetTor provides yet another way to download Orbot to your mobile device. To do this, you have to reach one of our distribution channels and specify the android command (See Examples, at the bottom of this blog post). You will then receive instructions to download Orbot's Android Application Package (APK) file from Github, Google Drive or Dropbox. Once you have downloaded the APK file you can use it to install Orbot (similar to .exe files in Windows) and start using it.


Translated Versions of Tor Browser

GetTor provides a small set of translated packages focused on its end users. The available languages are Farsi, Chinese, Turkish, and English (which is the default). If you want to use this feature in the email autoresponder, for example, you send your request to:


    Farsi: gettor+fa@torproject.org
    Chinese: gettor+zh@torproject.org
    Turkish: gettor+tr@torproject.org
    English: gettor@torproject.org


For the Twitter and XMPP channels, you just need to add the language word to the
message (e.g. linux fa will get you links for Tor Browser in Farsi).


Mirrors

There are many volunteers who use their own servers to provide mirrors of Tor Project's website. One or more of these mirrors may be not blocked in places where torproject.org is censored and could help in downloading Tor Browser. With this new release, you can request a list of these mirrors from GetTor by sending an email (or message, in case of Twitter and XMPP) with the word mirrors in the body of the text.


Statistics

Some basic but effective improvements have been made to collect anonymous data and compile meaningful statistics about GetTor usage, including requests per channel, operating system, and language. Safeguards have been implemented so that all information collected is anonymous, and it is erased on a daily basis -- we just keep the number and types of requests. Reports about this data will soon be available on GetTor's website.


RESTful API

One of GetTor's major new features is its API. In simple terms, an API is a set of rules and specifications that allow applications to communicate with each other (following these rules). This is helpful to developers who want to create new services or applications based on the information provided by the API. In this case, the GetTor API provides the following information:

  1. Links to download Tor Browser by provider, with filters for operating system and language.

  2. Links to download Tor Browser from Tor Project's website, with filters for choosing the release (latest version , etc.), operating system, and language.

  3. List of mirrors of Tor Project's website.



You can find more information on the API documentation.


Invitation to Collaborate

If you are a Tor user, a developer, good at writing content for non-technical users or anything else, we are happy to hear from you! You can use the comments section below, the tor-talk and tor-dev mailing lists, or come talk to us on IRC (#tor-dev on OFTC; our nicknames are ilv, sukhe and mrphs).


How to Ask for Tor Browser--Some Examples

To help you get started, here are a few examples of GetTor requests with different locales (languages) and operating systems:


Example 1 (Email): To get links for downloading Tor Browser in Farsi for Windows, send an email to gettor+fa@torproject.org with the word windows in the body of the message.


Example 2 (Twitter): To get links for downloading Tor Browser in English for OS X, send a Direct Message to @get_tor with the words osx on it (you don't need to follow the account).


Example 3 (XMPP): To get links for downloading Tor Browser in Chinese for Linux, send a message to gettor@torproject.org account with the words linux zh on it.


Example 4 (Email): To get links for downloading Orbot for Android, send an email to gettor@torproject.org with the word android in the body of the message.

Tor Browser 6.0a4-hardened is released

A new hardened Tor Browser release is available. It can be found in the 6.0a4-hardened distribution directory and on the download page for hardened builds.

This release updates firefox to 38.7.1. Mozilla decided to disable the Graphite library in this release and we are taking the same action: irrespective of the security slider settings the Graphite library won't be used for rendering fonts in Tor Browser 6.0a4-hardened. The Graphite font rendering library was already disabled for users on the security level "High" or "Medium-High".

Note: There is no incremental update from 6.0a3-hardened available due to bug 17858. The internal updater should work, though, doing a complete update.

Here is the complete changelog since 6.0a3-hardened:

Tor Browser 6.0a4-hardened -- March 18 2016

  • All Platforms

    • Update Firefox to 38.7.1esr
    • Update Torbutton to 1.9.5.2

      • Bug 18557: Exempt Graphite from the Security Slider
    • Bug 18536: Make Mosaddegh and MaBishomarim available on port 80 and 443

Tor Browser 6.0a4 is released

A new alpha Tor Browser release is available for download in the 6.0a4 distribution directory and on the alpha download page.

This release updates firefox to 38.7.1. Mozilla decided to disable the Graphite library in this release and we are taking the same action: irrespective of the security slider settings the Graphite library won't be used for rendering fonts in Tor Browser 6.0a4. The Graphite font rendering library was already disabled for users on the security level "High" or "Medium-High".

The full changelog since 6.0a3 is:

Tor Browser 6.0a4 -- March 18 2016

  • All Platforms

    • Update Firefox to 38.7.1esr
    • Update Torbutton to 1.9.5.2

      • Bug 18557: Exempt Graphite from the Security Slider
    • Bug 18536: Make Mosaddegh and MaBishomarim available on port 80 and 443

Tor Browser 5.5.4 is released

Tor Browser 5.5.4 is now available from the Tor Browser Project page and also from our distribution directory.

This release updates firefox to 38.7.1. Mozilla decided to disable the Graphite library in this release and we are taking the same action: irrespective of the security slider settings the Graphite library won't be used for rendering fonts in Tor Browser 5.5.4. The Graphite font rendering library was already disabled for users on the security level "High" or "Medium-High".

The full changelog since 5.5.3 is:

Tor Browser 5.5.4 -- March 18 2016

  • All Platforms
    • Update Firefox to 38.7.1esr
    • Update Torbutton to 1.9.4.5
      • Bug 18557: Exempt Graphite from the Security Slider (Firefox disables Graphite by default)
    • Bug 18536: Make Mosaddegh and MaBishomarim available on port 80 and 443

Tor Browser 6.0a3-hardened is released

A new hardened Tor Browser release is available. It can be found in the 6.0a3-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox.

This release bumps the versions of several of our components, e.g.: Firefox to 38.7.0esr, Tor to 0.2.8.1-alpha, OpenSSL to 1.0.1s, NoScript to 2.9.0.4 and HTTPS-Everywhere to 5.1.4.

Additionally, we fixed long-standing bugs in our Tor circuit display and window resizing code, and improved the usability of our font fingerprinting defense further.

Note: There is no incremental update from 6.0a2-hardened available due to bug 17858. The internal updater should work, though, doing a complete update.

Here is the complete changelog since 6.0a2-hardened:

Tor Browser 6.0a3-hardened -- March 8

  • All Platforms
    • Update Firefox to 38.7.0esr
    • Update Tor to 0.2.8.1-alpha
    • Update OpenSSL to 1.0.1s
    • Update NoScript to 2.9.0.4
    • Update HTTPS Everywhere to 5.1.4
    • Update Torbutton to 1.9.5.1
      • Bug 16990: Don't mishandle multiline commands
      • Bug 18144: about:tor update arrow position is wrong
      • Bug 16725: Allow resizing with non-default homepage
      • Bug 16917: Allow users to more easily set a non-tor SSH proxy
      • Translation updates
    • Bug 18030: Isolate favicon requests on Page Info dialog
    • Bug 18297: Use separate Noto JP,KR,SC,TC fonts
    • Bug 18170: Make sure the homepage is shown after an update as well
    • Bug 16728: Add test cases for favicon isolation
  • Windows
    • Bug 18292: Disable staged updates on Windows

Tor Browser 6.0a3 is released

A new alpha Tor Browser release is available for download in the 6.0a3 distribution directory and on the alpha download page.

This release features important security updates to Firefox.

This release bumps the versions of several of our components, e.g.: Firefox to 38.7.0esr, Tor to 0.2.8.1-alpha, OpenSSL to 1.0.1s, NoScript to 2.9.0.4 and HTTPS-Everywhere to 5.1.4.

Additionally, we fixed long-standing bugs in our Tor circuit display and window resizing code, and improved the usability of our font fingerprinting defense further.

Here is the full changelog since 6.0a2:

Tor Browser 6.0a3 -- March 8

  • All Platforms
    • Update Firefox to 38.7.0esr
    • Update Tor to 0.2.8.1-alpha
    • Update OpenSSL to 1.0.1s
    • Update NoScript to 2.9.0.4
    • Update HTTPS Everywhere to 5.1.4
    • Update Torbutton to 1.9.5.1
      • Bug 16990: Don't mishandle multiline commands
      • Bug 18144: about:tor update arrow position is wrong
      • Bug 16725: Allow resizing with non-default homepage
      • Bug 16917: Allow users to more easily set a non-tor SSH proxy
      • Translation updates
    • Bug 18030: Isolate favicon requests on Page Info dialog
    • Bug 18297: Use separate Noto JP,KR,SC,TC fonts
    • Bug 18170: Make sure the homepage is shown after an update as well
    • Bug 16728: Add test cases for favicon isolation
  • Windows

    • Bug 18292: Disable staged updates on Windows

Tor Browser 5.5.3 is released

Tor Browser 5.5.3 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release bumps the versions of several of our external components: Firefox to 38.7.0esr, OpenSSL to 1.0.1s, NoScript to 2.9.0.4 and HTTPS-Everywhere to 5.1.4.

Additionally, we fixed long-standing bugs in our Tor circuit display and window resizing code, and improved the usability of our font fingerprinting defense further.

The full changelog since 5.5.2 is:

Tor Browser 5.5.3 -- March 8 2016

  • All Platforms

    • Update Firefox to 38.7.0esr
    • Update OpenSSL to 1.0.1s
    • Update NoScript to 2.9.0.4
    • Update HTTPS Everywhere to 5.1.4
    • Update Torbutton to 1.9.4.4
      • Bug 16990: Don't mishandle multiline commands
      • Bug 18144: about:tor update arrow position is wrong
      • Bug 16725: Allow resizing with non-default homepage
      • Translation updates
    • Bug 18030: Isolate favicon requests on Page Info dialog
    • Bug 18297: Use separate Noto JP,KR,SC,TC fonts
    • Bug 18170: Make sure the homepage is shown after an update as well
  • Windows

    • Bug 18292: Disable staged updates on Windows

Tor Browser 6.0a2-hardened is released

A new hardened Tor Browser release is available. It can be found in the 6.0a2-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox. Users on the security level "High" or "Medium-High" were not affected by the bugs in the Graphite font rendering library.

Additionally, we fixed a number of issues found with the release of Tor Browser 5.5, which already got addressed in Tor Browser 5.5.1, and we switched to a Debian Wheezy system for building the hardened series as well.

Note: There is no incremental update from 6.0a1-hardened available due to bug 17858. The internal updater should work, though, doing a complete update.

Here is the complete changelog since 6.0a1-hardened:

Tor Browser 6.0a2-hardened -- February 15 2016

  • All Platforms
    • Update Firefox to 38.6.1esr
    • Update NoScript to 2.9.0.3
    • Bug 18168: Don't clear an iframe's window.name (fix of #16620)
    • Bug 18137: Add two new obfs4 default bridges
  • Windows
  • OS X
  • Linux
  • Build System
    • Linux
      • Bug 15578: Switch to Debian Wheezy guest VMs (10.04 LTS is EOL)
      • Bug 18198: Building the hardened Tor Browser in a Debian Wheezy VM is broken

Tor Browser 6.0a2 is released

A new alpha Tor Browser release is available for download in the 6.0a2 distribution directory and on the alpha download page.

This release features important security updates to Firefox. Users on the security level "High" or "Medium-High" were not affected by the bugs in the Graphite font rendering library.

Additionally, we fixed a number of issues found with the release of Tor Browser 5.5, which already got addressed in Tor Browser 5.5.1.

Here is the complete changelog since 6.0a1:

Tor Browser 6.0a2 -- February 15 2016

  • All Platforms
    • Update Firefox to 38.6.1esr
    • Update NoScript to 2.9.0.3
    • Bug 18168: Don't clear an iframe's window.name (fix of #16620)
    • Bug 18137: Add two new obfs4 default bridges
  • Windows
  • OS X
  • Linux
Syndicate content Syndicate content