tor browser

Tor Browser 6.5a5 is released

Tor Browser 6.5a5 is now available from the Tor Browser Project page and also from our distribution directory.

This release features an important security update to Firefox and contains, in addition to that, an update to NoScript (2.9.5.2) and a fix of our updater code so it can handle unix domain sockets.

The Firefox security flaw responsible for this urgent release is already actively exploited on Windows systems. Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately. A restart is required for it to take effect.

Tor Browser users who had set their security slider to "High" are believed to have been safe from this vulnerability.

A note to Linux users: We still require the same update procedure as experienced during the update to 6.5a4: a dialog will be shown asking to either set `app.update.staging.enabled` or `extensions.torlauncher.control_port_use_ipc` and `extensions.torlauncher.socks_port_use_ipc` to `false` (and restart the browser in the latter case) before attempting to update. The fix for this problem is shipped with this release and we will be back to a normal update experience with the update to 6.5a6. We are sorry for this inconvenience.

Here is the full changelog since 6.5a4:

  • All Platforms
    • Update Firefox to 45.5.1esr
    • Update NoScript to 2.9.5.2
  • Linux
    • Bug 20691: Updater breaks if unix domain sockets are used

Tor Browser 6.5a5-hardened is released

A new hardened Tor Browser release is available. It can be found in the 6.5a5-hardened distribution directory and on the download page for hardened builds.

This release features an important security update to Firefox and contains, in addition to that, an update to NoScript (2.9.5.2) and a fix of our updater code so it can handle unix domain sockets.

The Firefox security flaw responsible for this urgent release is already actively exploited on Windows systems. Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately. A restart is required for it to take effect.

Tor Browser users who had set their security slider to "High" are believed to have been safe from this vulnerability.

Note regarding updating: We still require the same update procedure as experienced during an update to 6.5a4-hardened: a dialog will be shown asking to either set `app.update.staging.enabled` or `extensions.torlauncher.control_port_use_ipc` and `extensions.torlauncher.socks_port_use_ipc` to `false` (and restart the browser in the latter case) before attempting to update. The fix for this problem is shipped with this release and we will be back to a normal update experience with the update to 6.5a6-hardened. We are sorry for this inconvenience.

Here is the full changelog since 6.5a5-hardened:

  • All Platforms
    • Update Firefox to 45.5.1esr
    • Update NoScript to 2.9.5.2
    • Bug 20691: Updater breaks if unix domain sockets are used

Tor Browser 6.0.7 is released

Tor Browser 6.0.7 is now available from the Tor Browser Project page and also from our distribution directory.

This release features an important security update to Firefox and contains, in addition to that, an update to NoScript (2.9.5.2).

The security flaw responsible for this urgent release is already actively exploited on Windows systems. Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately. A restart is required for it to take effect.

Tor Browser users who had set their security slider to "High" are believed to have been safe from this vulnerability.

We will have alpha and hardened Tor Browser updates out shortly. In the meantime, users of these series can mitigate the security flaw in at least two ways:

1) Set the security slider to "High" as this is preventing the exploit from working.
2) Switch to the stable series until updates for alpha and hardened are available, too.

Here is the full changelog since 6.0.6:

  • All Platforms
    • Update Firefox to 45.5.1esr
    • Update NoScript to 2.9.5.2

Update: We would like to remind everyone that we (The Tor Project) are having our 2016 fundraising campaign! Donate today!

Tor Browser 6.5a4-hardened is released

A new hardened Tor Browser release is available. It can be found in the 6.5a4-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox. Other components got an update as well: Tor to 0.2.9.5-alpha, HTTPS-Everywhere to 5.2.7, and OpenSSL to 1.0.2j.

This release includes numerous bug fixes and improvements. Most notably we improved our Unix domain socket support by resolving all the issues that showed up in the previous alpha and by making sure all connections to tor (not only the control port related ones) are using this feature now.

Additionally, we fixed a lot of usability bugs, most notably those caused by our window resizing logic. We moved the relevant code out of Torbutton into a C++ patch which we hope to get upstreamed into Firefox. We improved the usability of our security slider as well by reducing the amount of security levels available and redesigning the custom mode.

Finally, we added a donation banner shown in some localized bundles starting on Nov 23 in order to point to our end-of-the-year 2016 donation campaign.

For those who want to know in which ways the alpha and the hardened series differ: check out the discussion we had on the tbb-dev mailing list a while back.

Update (11/16 2213UTC): We currently have problems with our auto-updater at least on Linux systems. The updates are downloaded but don't get applied for yet unknown reasons. We therefore have decided to disable the automatic updates until we understand the problem and provide a fix for it. Progress on that task can be tracked in ticket 20691 in our bug tracker. We are sorry for this inconvenience. Fresh bundles are available on our download page, though.

Update (11/18 0937UTC): We enabled the updates again with an information prompt. One of the following workarounds can be used to avoid the updater error:

  • in about:config, set app.update.staging.enabled to false before attempting to update
  • in about:config, set extensions.torlauncher.control_port_use_socket to false (disabling the control port Unix domain socket) and restart the browser before attempting to update

Here is the full changelog since 6.5a3-hardened:

  • All Platforms
    • Update Firefox to 45.5.0esr
    • Update Tor to tor-0.2.9.5-alpha
    • Update OpenSSL to 1.0.2j
    • Update Torbutton to 1.9.6.7
      • Bug 20414: Add donation banner on about:tor for 2016 campaign
      • Bug 20111: Use Unix domain sockets for SOCKS port by default
      • Bug 19459: Move resizing code to tor-browser.git
      • Bug 20264: Change security slider to 3 options
      • Bug 20347: Enhance security slider's custom mode
      • Bug 20123: Disable remote jar on all security levels
      • Bug 20244: Move privacy checkboxes to about:preferences#privacy
      • Bug 17546: Add tooltips to explain our privacy checkboxes
      • Bug 17904: Allow security settings dialog to resize
      • Bug 18093: Remove 'Restore Defaults' button
      • Bug 20373: Prevent redundant dialogs opening
      • Bug 20388+20399+20394: Code clean-up
      • Translation updates
    • Update Tor Launcher to 0.2.11.1
      • Bug 20111: Use Unix domain sockets for SOCKS port by default
      • Bug 20185: Avoid using Unix domain socket paths that are too long
      • Bug 20429: Do not open progress window if tor doesn't get started
      • Bug 19646: Wrong location for meek browser profile on OS X
      • Translation updates
    • Update HTTPS-Everywhere to 5.2.7
    • Update meek to 0.25
      • Bug 19646: Wrong location for meek browser profile on OS X
      • Bug 20030: Shut down meek-http-helper cleanly if built with Go > 1.5.4
    • Bug 20304: Support spaces and other special characters for SOCKS socket
    • Bug 20490: Fix assertion failure due to fix for bug 20304
    • Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)
    • Bug 20442: Backport fix for local path disclosure after drag and drop
    • Bug 20160: Backport fix for broken MP3-playback
    • Bug 20043: Isolate SharedWorker script requests to first party
    • Bug 20123: Always block remote jar files
    • Bug 20244: Move privacy checkboxes to about:preferences#privacy
    • Bug 19838: Add dgoulet's bridge and add another one commented out
    • Bug 19481: Point the update URL to aus1.torproject.org
    • Bug 20296: Rotate ports again for default obfs4 bridges
    • Bug 20651: DuckDuckGo does not work with JavaScript disabled
    • Bug 20399+15852: Code clean-up
    • Bug 15953: Weird resizing dance on Tor Browser startup
  • Build System
    • All Platforms

Tor Browser 6.5a4 is released

Tor Browser 6.5a4 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox. Other components got an update as well: Tor to 0.2.9.5-alpha, HTTPS-Everywhere to 5.2.7, and OpenSSL to 1.0.2j.

This release includes numerous bug fixes and improvements. Most notably we improved our Unix domain socket support by resolving all the issues that showed up in the previous alpha and by making sure all connections to tor (not only the control port related ones) are using this feature on OS X and Linux now.

Additionally, we fixed a lot of usability bugs, some caused by Apple's macOS Sierra (meek did not work anymore and windows could not be dragged either). Others were caused by our window resizing logic. We moved that one into a C++ patch which we hope to get upstreamed into Firefox. We improved the usability of our security slider as well by reducing the amount of security levels available and redesigning the custom mode.

Finally, we added a donation banner shown in some localized bundles starting on Nov 23 in order to point to our end-of-the-year 2016 donation campaign.

Update (11/16 2215UTC): We currently have problems with our auto-updater at least on Linux systems. The updates are downloaded but don't get applied for yet unknown reasons. We therefore have decided to disable the automatic updates until we understand the problem and provide a fix for it. Progress on that task can be tracked in ticket 20691 in our bug tracker. We are sorry for this inconvenience. Fresh bundles are available on our download page, though.

Update (11/17 1012UTC): After some investigation and testing it turned out that the Windows platform is not affected by the updating problems. We therefore have enabled updates for it again. Updates for OS X and Linux stay disabled while we are trying to get to the bottom of our problems and to provide fixes/workarounds for them.

Update (11/17 1422UTC): Updates for OS X are enabled now as well as Mac systems are not affected by the bug in the updater code either.

Update (11/18 0953UTC): Updates for Linux are enabled now as well, with an information prompt listing the workarounds. One of the following workarounds can be used to avoid the updater error:

  • in about:config, set app.update.staging.enabled to false before attempting to update
  • in about:config, set extensions.torlauncher.control_port_use_socket to false (disabling the control port Unix domain socket) and restart the browser before attempting to update

Here is the full changelog since 6.5a3:

  • All Platforms
    • Update Firefox to 45.5.0esr
    • Update Tor to tor-0.2.9.5-alpha
    • Update OpenSSL to 1.0.2j
    • Update Torbutton to 1.9.6.7
      • Bug 20414: Add donation banner on about:tor for 2016 campaign
      • Bug 20111: Use Unix domain sockets for SOCKS port by default
      • Bug 19459: Move resizing code to tor-browser.git
      • Bug 20264: Change security slider to 3 options
      • Bug 20347: Enhance security slider's custom mode
      • Bug 20123: Disable remote jar on all security levels
      • Bug 20244: Move privacy checkboxes to about:preferences#privacy
      • Bug 17546: Add tooltips to explain our privacy checkboxes
      • Bug 17904: Allow security settings dialog to resize
      • Bug 18093: Remove 'Restore Defaults' button
      • Bug 20373: Prevent redundant dialogs opening
      • Bug 20388+20399+20394: Code clean-up
      • Translation updates
    • Update Tor Launcher to 0.2.10.2
      • Bug 20111: Use Unix domain sockets for SOCKS port by default
      • Bug 20185: Avoid using Unix domain socket paths that are too long
      • Bug 20429: Do not open progress window if tor doesn't get started
      • Bug 19646: Wrong location for meek browser profile on OS X
      • Translation updates
    • Update HTTPS-Everywhere to 5.2.7
    • Update meek to 0.25
      • Bug 19646: Wrong location for meek browser profile on OS X
      • Bug 20030: Shut down meek-http-helper cleanly if built with Go > 1.5.4
    • Bug 20304: Support spaces and other special characters for SOCKS socket
    • Bug 20490: Fix assertion failure due to fix for bug 20304
    • Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)
    • Bug 20442: Backport fix for local path disclosure after drag and drop
    • Bug 20160: Backport fix for broken MP3-playback
    • Bug 20043: Isolate SharedWorker script requests to first party
    • Bug 20123: Always block remote jar files
    • Bug 20244: Move privacy checkboxes to about:preferences#privacy
    • Bug 19838: Add dgoulet's bridge and add another one commented out
    • Bug 19481: Point the update URL to aus1.torproject.org
    • Bug 20296: Rotate ports again for default obfs4 bridges
    • Bug 20651: DuckDuckGo does not work with JavaScript disabled
    • Bug 20399+15852: Code clean-up
  • Windows
    • Bug 20342: Add tor-gencert.exe to expert bundle
    • Bug 18175: Maximizing window and restarting leads to non-rounded window size
    • Bug 13437: Rounded inner window accidentally grows to non-rounded size
  • OS X
    • Bug 20204: Windows don't drag on macOS Sierra anymore
    • Bug 20250: Meek fails on macOS Sierra if built with Go < 1.7
    • Bug 20590: Badly resized window due to security slider notification bar on OS X
    • Bug 20439: Make the build PIE on OSX
  • Linux
    • Bug 15953: Weird resizing dance on Tor Browser startup
  • Build System
    • All Platforms
    • OS X
      • Bug 20258: Make OS X Tor archive reproducible again
      • Bug 20184: Make OS X builds reproducible again
      • Bug 20210: In dmg2mar, extract old mar file to copy permissions to the new one

Tor Browser 6.0.6 is released

Tor Browser 6.0.6 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release is updating Firefox to 45.5.0esr. Moreover, other components got an update as well: Tor to 0.2.8.9, HTTPS-Everywhere to 5.2.7, and OpenSSL to 1.0.1u.

We fixed a lot of usability bugs, some caused by Apple's macOS Sierra (meek did not work anymore and windows could not be dragged either). We moved directly to DuckDuckGo as our search engine avoiding a roundtrip to Disconnect.me first. Finally, we added a donation banner shown in some localized bundled starting on Nov 23 in order to point to our end-of-the-year 2016 donation campaign.

Here is the full changelog since 6.0.5:

  • All Platforms
    • Update Firefox to 45.5.0esr
    • Update Tor to 0.2.8.9
    • Update OpenSSL to 1.0.1u
    • Update Torbutton to 1.9.5.12
      • Bug 20414: Add donation banner on about:tor for 2016 campaign
      • Translation updates
    • Update Tor Launcher to 0.2.9.4
      • Bug 20429: Do not open progress window if tor doesn't get started
      • Bug 19646: Wrong location for meek browser profile on OS X
    • Update HTTPS-Everywhere to 5.2.7
    • Update meek to 0.25
      • Bug 19646: Wrong location for meek browser profile on OS X
      • Bug 20030: Shut down meek-http-helper cleanly if built with Go > 1.5.4
    • Bug 19838: Add dgoulet's bridge and add another one commented out
    • Bug 20296: Rotate ports again for default obfs4 bridges
    • Bug 19735: Switch default search engine to DuckDuckGo
    • Bug 20118: Don't unpack HTTPS Everywhere anymore
  • Windows
    • Bug 20342: Add tor-gencert.exe to expert bundle
  • OS X
    • Bug 20204: Windows don't drag on macOS Sierra anymore
    • Bug 20250: Meek fails on macOS Sierra if built with Go < 1.7
  • Build system
    • All platforms

Announcing the Tor Browser User Manual

The community team is excited to announce the new Tor Browser User Manual!

The manual is currently only available in English. We will be adding more languages in the near future, as well as adding the manual to Transifex.

During the creation of this manual, community feedback was requested over various mailing lists / IRC channels. We understand that many people who read this blog are not part of these lists / channels, so we would like to request that if you find errors in the manual or have feedback about how it could be improved, please open a ticket on our bug tracker and set the component to "community".

This manual is part of an ongoing effort to foster wider adoption of Tor, and provide better support to all users, new and old. We'll soon have some more exciting new developments to share about our user support efforts, so stay tuned.

Thanks for using Tor!

Q and A with Yawning Angel

Here's an interview I just did with our own Yawning Angel, a longtime Tor developer, about his work on a Linux prototype for a sandbox for the Tor Browser.

What is a sandbox?

It’s a separate environment from the rest of your computer where you run untrusted programs. We’re running Tor Browser.

The idea is that exploits targeting Tor Browser are trapped inside the sandbox and can’t get out and mess with the rest of your computer or deanonymize you.

The amount of information Tor Browser will learn about your computer, and thereby you, will be limited. For example, the sandbox will hide things like your files, and real IP and MAC addresses from Tor Browser.

Tor Browser can only access or manipulate the insides of the sandbox. It's like Plato's Allegory of the Cave. The only reality Tor Browser knows is the inside of the sandbox (cave). We prevent it from interacting with the rest of your computer (the outside world), except via the Tor Network (shadows on the wall).

How will the sandbox help users?

It should make Tor a lot safer for users. We know there are people who try to de-anonymize Tor users by exploiting Firefox. Having Tor Browser run in a sandbox makes their life a lot harder.

Which operating system will the sandbox support?

We need a sandbox for Linux, OSX, and Windows. I’m working on the Linux one. The Tor browser team is looking at OSX. In the future we’d like to do Windows.

Can you talk about the sandbox a bit more?

I use a Go application to manage installing and updating Tor Browser, and set up the sandbox using a utility called bubblewrap (the underlying sandboxing code also used by Flatpak) which is based around Linux's container support.

It ended up being something superficially similar to what the Subgraph OS project has done, but my approach is more targeted as "something you can just download and start using on your existing Linux system", and theirs, as far as I am aware, is more oriented around being a full OS replacement.

Why are you doing this?

It's an interesting technical challenge, and in the light of recent events like The FBI’s Quiet Plan to Begin Mass Hacking, defending users against malicious attackers at the application layer is incredibly important.

Why did we not have this before?

Developer time—we have a lot that we already need to do. We never have time to do this. We have a funding proposal to do this but I decided to do it separately from the Tor Browser team. I’ve been trying to do this since last year. This is my third attempt. I failed twice at coming up with something that I like, but the third time appears to be the charm.

What was the hardest part?

Lots of design problems. It’s incredibly complicated.

What else have you worked on?

Everything—I’ve touched a lot of our code. I designed and wrote obfs4, Meek on Android uses my code, and I work on core Tor.

When will the sandbox be available to users?

This is experimental. Right now I have something that works on my laptop. It is not user friendly at all. It’s a functional prototype. By the end of the year it will be available in alpha form for early adopters to experiment with.

What are you working on right now?

There’re a few security versus usability tradeoffs. Most users will disagree with the tradeoffs I’ve made for myself, so I have to make all that configurable. For example, do we want to give the sandbox access the sound card? We will make it user configurable.

Mozilla is also working on something like this, right?

Mozilla is working primarily on efforts to sandbox the content, media and plugin processes (roughly a per-tab sandbox).
In our version, the entire browser is running in a sandbox.

Both projects in the long run should work to complement each other, since both are a good idea.

Tor Browser 6.5a3-hardened is released

A new hardened Tor Browser release is available. It can be found in the 6.5a3-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox including the recently disclosed extension update vulnerability. All users should upgrade as soon as possible.

In addition to the changes from Tor Browser 6.5a3, the creation of incremental MARs for hardened builds is now fixed.

Note: Due to bug 20185 Tor Browser will not work correctly if the path where it is installed is too long. As a workaround you may need to move it to a directory with a shorter path.

  • All Platforms
  • Update Firefox to 45.4.0esr
  • Update Tor to 0.2.9.2-alpha
  • Update OpenSSL to 1.0.2h (bug 20095)
  • Update Torbutton to 1.9.6.4
    • Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
    • Bug 17767: Make "JavaScript disabled" more visible in Security Slider
    • Bug 19995: Clear site security settings during New Identity
    • Bug 19906: "Maximizing Tor Browser" Notification can exist multiple times
    • Bug 19837: Whitelist internal URLs that Firefox requires for media
    • Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
    • Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
    • Bug 14271: Make Torbutton work with Unix Domain Socket option
    • Translation updates
  • Update Tor Launcher to 0.2.11
    • Bug 14272: Make Tor Launcher work with Unix Domain Socket option
    • Bug 19568: Set CurProcD for Thunderbird/Instantbird
    • Bug 19432: Remove special handling for Instantbird/Thunderbird
    • Translation updates
  • Update HTTPS-Everywhere to 5.2.4
  • Update NoScript to 2.9.0.14
  • Bug 19851: Fix ASan error by upgrading GCC to 5.4.0
  • Bug 17858: Fix creation of incremental MARs for hardened builds
  • Bug 14273: Backport patches for Unix Domain Socket support
  • Bug 19890: Disable installation of system addons
  • Bug 17334: Spoof referrer when leaving a .onion domain
  • Bug 20092: Rotate ports for default obfs4 bridges
  • Bug 20040: Add update support for unpacked HTTPS Everywhere
  • Bug 20118: Don't unpack HTTPS Everywhere anymore
  • Bug 19336+19835: Enhance about:tbupdate page
  • Build system
    • All platforms
      • Bug 20133: Don't apply OpenSSL patch anymore
      • Bug 19528: Set MOZ_BUILD_DATE based on Firefox version

Tor Browser 6.5a3 is released

Tor Browser 6.5a3 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox including the recently disclosed extension update vulnerability. All users should upgrade as soon as possible.

This release bumps the versions of several of our components: Firefox to 45.4.0esr, Tor to 0.2.9.2-alpha and OpenSSL to 1.0.2h, HTTPS-Everywhere to 5.2.4, NoScript to 2.9.0.14. Additionally we are adding Unix Domain Socket support on Linux and OSX, the about:tbupdate page giving information about the update has been improved, the referrer spoofing for .onion domains has been moved from Torbutton to C++ patches.

Note: Due to bug 20185 Tor Browser on Linux and OS X will not work correctly if the path where it is installed is too long. As a workaround you may need to move it to a directory with a shorter path.

Update (9/22 07:15 UTC): We got reports about updates failing on OS X systems. We are still investigating the problem but this is likely due to a combination of issues. For one we might have introduced a permission problem by trying to get our incremental updates working again. Secondly, unix domain socket paths for the control port that contain spaces are not working. See comment 5 in bug 20210 for a preliminary analysis and workarounds. We are sorry for the inconvenience.

Here is the full changelog since 6.5a2:

  • All Platforms
    • Update Firefox to 45.4.0esr
    • Update Tor to 0.2.9.2-alpha
    • Update OpenSSL to 1.0.2h (bug 20095)
    • Update Torbutton to 1.9.6.4
      • Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
      • Bug 17767: Make "JavaScript disabled" more visible in Security Slider
      • Bug 19995: Clear site security settings during New Identity
      • Bug 19906: "Maximizing Tor Browser" Notification can exist multiple times
      • Bug 19837: Whitelist internal URLs that Firefox requires for media
      • Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
      • Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
      • Bug 14271: Make Torbutton work with Unix Domain Socket option
      • Translation updates
    • Update Tor Launcher to 0.2.10.1
      • Bug 14272: Make Tor Launcher work with Unix Domain Socket option
      • Bug 19568: Set CurProcD for Thunderbird/Instantbird
      • Bug 19432: Remove special handling for Instantbird/Thunderbird
      • Translation updates
    • Update HTTPS-Everywhere to 5.2.4
    • Update NoScript to 2.9.0.14
    • Bug 14273: Backport patches for Unix Domain Socket support
    • Bug 19890: Disable installation of system addons
    • Bug 17334: Spoof referrer when leaving a .onion domain
    • Bug 20092: Rotate ports for default obfs4 bridges
    • Bug 20040: Add update support for unpacked HTTPS Everywhere
    • Bug 20118: Don't unpack HTTPS Everywhere anymore
    • Bug 19336+19835: Enhance about:tbupdate page
  • Android
    • Bug 19706: Store browser data in the app home directory
  • Build system
    • All platforms
      • Bug 20133: Don't apply OpenSSL patch anymore
      • Bug 19528: Set MOZ_BUILD_DATE based on Firefox version
    • OS X
      • Bug 19856: Make OS X builds reproducible again
      • Bug 19410: Fix incremental updates by taking signatures into account
Syndicate content Syndicate content