Tor Browser 6.0.4 is released

by gk | August 16, 2016

Tor Browser 6.0.4 is now available from the Tor Browser Project page and also from our distribution directory.

This release finally brings Tor Browser users the latest Tor stable, 0.2.8.6, and avoids pinging Mozilla's servers for system extensions.

Pinging Mozilla's servers was responsible for users getting an extension into their Tor Browser that resulted in annoying and confusing "Your Firefox is out of date" notifications on start-up (bug 19890). Thanks to Mozilla engineers, who fixed that issue as quickly as possible on their side, the extension is not shipped to Tor Browser users anymore since August 11 13:00 UTC. This takes care of getting the add-on removed as well in case it got installed into Tor Browser (as does the fix we ship in Tor Browser 6.0.4) which should have happened/is happening during the next extension update ping. For further information see the discussion in our bug tracker.

Users that are on the alpha channel or are using the hardened Tor Browser were not affected. The same goes for Tails users as far as we know.

The full changelog since Tor Browser 6.0.3 is:

Tor Browser 6.0.4 -- August 16

  • All Platforms
    • Update Tor to 0.2.8.6
    • Update NoScript to 2.9.0.14
    • Bug 19890: Disable installation of system addons
Tags
tor browser
tbb
tbb-6.0

This is such a silly post. You sound like the Boys from Lagos.

There are no such things as "the British Customs and Excise authorities" or "the British Employment authorities". There is the UK's Her Majesty's Revenue and Customs (HMRC), or the UK's Department of Works and Pensions (DWP).

What exact terms did browserleaks.com report, and why couldn't you accurately paste them into your comment?

"It seems highly unlikely that a government which delights in spying on its people would support TOR."

Also, if you think Tor is compromised, why are you asking here for "ANY site with accurate, VERIFIED information"? You might as well go home with Windows 10 under your arm.

How could there be, given that anyone can run a node? Also, a large part of Tor's funding comes straight from the US government. Governments aren't monolithic bodies; different parts have different goals and frequently come into conflict. To be honest, you probably have less to worry about governments running nodes and more in them spying on nodes run by third parties. The Tor Project specifically says that it's probably ineffective against a global adversary. That means that it'll probably only slow down the Five Eyes.

I've just checked https://www.browserleaks.com/whois. I find the information presented, whether accurate or not, is precise and detailed. Is there a reason why you couldn't have copied 'n' pasted the actual strings you saw? Were they against "Organization, or something else?

You see, there're no such things as "the British Customs and Excise authorities" or "the British Employment authorities". Those would be "Her Majesty's Customs and Revenue" or the "Department of Works and Pensions".

Perhaps if you were less vague in writing what you saw. Did you keep a complete record?

"Is this supposed to be an answer to my quesion?"

You expect an authentic answer, but we can't tell between a genuine spoof and your vagueness. Perhaps what you saw was a Tor relay runner spoofing "Organization" to protect their confidentiality. Do you think it's a good idea to make Tor relay runners fully identify themselves to you?

What is wrong with https://torstatus.blutmagie.de or https://atlas.torproject.org, anyway?

Anonymous

Anonymous (not verified) said:

August 24, 2016

Permalink

My question is: does this version remove CNNIC certificate?
Cause firefox and chrome have revoked CNNIC certificate last year, so I am thinking that if it is possible for Tor to remove it. Thanks

Anonymous

Anonymous (not verified) said:

August 24, 2016

Permalink

THANKS

Anonymous

Anonymous (not verified) said:

August 24, 2016

Permalink

There seems to be a memory leak on win7 with both 6.0.3 and 6.0.4, can someone confirm this?

Tor Browser is built on Firefox, and therefore it can only run where Firefox can run. Windows 8(.1) on Arm processors has a significantly limited API that the Firefox devs gave up on as the browser would be unusably slow.

Anonymous

Anonymous (not verified) said:

August 25, 2016

Permalink

How can we move an installed Tor Browser to a new drive letter and location under Windows without losing all of our bookmarks?

You should be able to.
Bookmarks are in places.sqlite file in profile folder, as with firefox.
((folder))\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

To be safe, open bookmarks manager ctrl+shift+b
from menu, export bookmarks to html
from same menu, backup (to a .json file with date in filename, bookmarks-2016-08-30.json)

Anonymous

Anonymous (not verified) said:

August 25, 2016

Permalink

From Ksysguard network history I can see the tbb making internet traffic even offline mode turned on unless you close tbb. What does it mean?

It's not possible as tbb doesn't make any internet traffic, by design. You probably meant tor.exe? I haven't tested offline mode in tbb, why would you need one? But yes it should work if there is such feature in firefox.
As a temporary solution instead of clicking offline mode you can suspend (pause) tor.exe

Anonymous

Anonymous (not verified) said:

August 25, 2016

Permalink

Now makes a connection to UDP (discard) on start up. What's happening there ?

Anonymous

Anonymous (not verified) said:

August 26, 2016

Permalink

Does TOR interfere with the files for a normal firefox version 48.01? I noticed on my Mac OS TOR sha256 e37826e4501e95f99029e1c9187c498cc9d1f5735384b37c7f5ae0d52dd3d326 that my Firefox reverted some how to duckduckgo search.

Anonymous

Anonymous (not verified) said:

August 27, 2016

Permalink

Secure Connection Failed (always)
$DF3EEDE3CEBA425940F82E4C2268F4E4015C3010~TORminion BUILD_FLAGS=NEED_CAPACITY PURPOSE=GENERAL TIME_CREATED=2016-08-27 SOCKS_USERNAME="bug1259785.bmoattachments.org"
>> 650 STREAM 1216 CLOSED 115 63.245.215.122:443 REASON=END REMOTE_REASON=DONE
Exit, BMO or TBB?

Anonymous

Anonymous (not verified) said:

August 28, 2016

Permalink

Why don't you replace the globe icon to the onion icon? It looks much more better and professional.

Anonymous

Anonymous (not verified) said:

August 29, 2016

Permalink

When will I be able to select a word on a page and right click search it? Now noscript always thinks it's an xss attempt.

I don't experience that bug. tbb 6.0.4 windows vista x64

I don't get that warning when disconnect is torbrowsre default searchengine and I context click search some text on page.
I also have no disconnect in noscript options as suggested in first reply in trac bug:
"add a pattern like ^https://search.disconnect.me/[^"<>]+$ to NoScript (Advanced -> XSS)."

Anonymous

Anonymous (not verified) said:

September 01, 2016

Permalink

Hello TorBrowser team,

Many thanks for TB :-)

Your "canvas add-on" is great. I don’t seem to find it among Firefox Add-ons. On Firefox, I use Canvas Blocker, which isn’t as simple and elegant as your solution.

However, the Canvas Defender team (another FF-add-on) claims that blocking canvas fingerprinting is useless and counterproductive. Not very convincing, what do you think?

I think they meant that if 0-4% of firefox users will use the blocker, it will fingerprint them as most people don't use it. And if some other people will use other addon, it will be another fingerprint.

But in case of TBB it's not an issue because all TBB users will use this addon (will be bundled). Maybe there is small drawback because Firefox ESR users won't use it, but I don't now how many users does FF ESR have compared to TBB users.
But no, actually, firefox ESR users can be differentiated from TBB users by the fact that only latter use Tor nodes/ip. So it doesn't matter and there is no drawback in using canvas addon bundled in tbb.

Blocking canvas is an identifier, yes. However, Tor doesn't hide the fact that you're using it either. Tor Browser doesn't stop you from having a fingerprint; it simply makes your fingerprint identical to all other users of Tor Browser (that have the same security slider settings, more or less.) Canvas blocking is part of the fingerprint of Tor Browser; at most, all canvas blocking does is make it clear you're using Tor Browser as opposed to Firefox ESR through tor. Canvas Defender might make a good argument for not blocking the canvas for non-tor browsing, but in terms of the threat models Tor Browser is designed to combat it isn't that relevant.

Anonymous

Anonymous (not verified) said:

September 01, 2016

Permalink

Can only obtain 1 OBFS4 bridge a day and the bridge repeats on the 3rd day.

Anonymous

Anonymous (not verified) said:

September 06, 2016

Permalink

Ever since I've installed TBB 6.0.4 the entry node changes more often than previously.
I've read the entry was supposed to be the same for months but if I use TBB for several hours, there's a point when I've got a new entry node, and then another one. About 2 or 3 different entry nodes.
However, when I restart TBB the same "normal" guard node is back.

It's a bug?

Anonymous

Anonymous (not verified) said:

October 10, 2016

Permalink

HI. Please, The Ubuntu and Debian versions from TOR Repository, Are these .deb files, How I can download them?

Anonymous

Anonymous (not verified) said:

November 17, 2016

Permalink

Mt tor now sits at "Loading network stauts" with about a 40% green bar. has been there for an hour now. Only happened after update

note: i also have gotten a new router i the past week, could that be it??