Tor Browser 6.0.6 is released

by boklm | November 15, 2016

Tor Browser 6.0.6 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release is updating Firefox to 45.5.0esr. Moreover, other components got an update as well: Tor to 0.2.8.9, HTTPS-Everywhere to 5.2.7, and OpenSSL to 1.0.1u.

We fixed a lot of usability bugs, some caused by Apple's macOS Sierra (meek did not work anymore and windows could not be dragged either). We moved directly to DuckDuckGo as our search engine avoiding a roundtrip to Disconnect.me first. Finally, we added a donation banner shown in some localized bundled starting on Nov 23 in order to point to our end-of-the-year 2016 donation campaign.

Here is the full changelog since 6.0.5:

  • All Platforms
    • Update Firefox to 45.5.0esr
    • Update Tor to 0.2.8.9
    • Update OpenSSL to 1.0.1u
    • Update Torbutton to 1.9.5.12
      • Bug 20414: Add donation banner on about:tor for 2016 campaign
      • Translation updates
    • Update Tor Launcher to 0.2.9.4
      • Bug 20429: Do not open progress window if tor doesn't get started
      • Bug 19646: Wrong location for meek browser profile on OS X
    • Update HTTPS-Everywhere to 5.2.7
    • Update meek to 0.25
      • Bug 19646: Wrong location for meek browser profile on OS X
      • Bug 20030: Shut down meek-http-helper cleanly if built with Go > 1.5.4
    • Bug 19838: Add dgoulet's bridge and add another one commented out
    • Bug 20296: Rotate ports again for default obfs4 bridges
    • Bug 19735: Switch default search engine to DuckDuckGo
    • Bug 20118: Don't unpack HTTPS Everywhere anymore
  • Windows
    • Bug 20342: Add tor-gencert.exe to expert bundle
  • OS X
    • Bug 20204: Windows don't drag on macOS Sierra anymore
    • Bug 20250: Meek fails on macOS Sierra if built with Go < 1.7
  • Build system
    • All platforms
Tags
tor browser
tbb
tbb-6.0

Nobody should use Windows or Mac for anything. It is irresponsible to, because the NSA requires them to be easy to hack, and even if you don't care about your own information being stolen, you should care about China and Russia using the same backdoors, making your computer part of a botnet, and using it to DDoS democracy-promoting websites such as WikiLeaks and Reporters Without Boundaries.

The very minimal to be reasonably secure is a microkernel. They aren't all slow like Tanenbaum's "Minix".
QubesOS and GenodeOS are much better. Even SubgraphOS and Trisquel are far superior to Windows and Mac.
QubesOS is good enough for people like me who don't have a PHD in information security and just want to avoid being part of the problem.
Also, please support Coreboot and Libreboot by making your next laptop purchase a Librem or at least something with open firmware like Chromebook.

There's a lot you can do to track down the issue, but one of the simplest is run the Tor Browser in a terminal (command prompt) and post the output on the Tor stack exchange, IRC, in a comment here, or (if you identify a reproducible bug) on the bug tracker.

I don't know Windows, but on Linux you would open a terminal and run
./tor-browser-en_US/Browser/start-tor-browser > tor.log 2>&1
... use the browser until it crashes, then open the "tbb.log" file in a text editor. I assume the process is fairly similar on Windows. Alternatively you could use Tails or switch to Linux ;-P

Out to tor.log and open tbb.log? Lol.
Your terminal sucks more than Windoze ;-P
You offer to use Tor Browser for Windows on Tails or Linux... Rofl.

Use QubesOS for a few easy, idiot-proof GUI experience while still being reasonably secure. All computers with Windows are infected and need reformatted.

Yes I mixed up 'tor.log' and 'tbb.log', and of course anyone who accidentally substitutes one arbitrary temporary filename for another must have no clue what they're talking about or how to troubleshoot a program crash ;) sarcasm aside, thanks for pointing that out especially for the OP.

And this about offering to run TBB for Windows on tails or Linux... I never said the "for Windows" part. The wink-toung was intended to mean "that's my suggestion, but use whatever OS you want." If I say anything more on this I would probably be feeding the troll.

If you use TAILS it is always better than Windows, but it's meant for public computers. Own your own computer install QubesOS, then you can run TAILS inside QubesOS for reasonable security.

When you will configure Tweetdeck.com so we can login on TOR.
Right now its not working and we are not able to login into tweetdeck.com on TOR browser.
Please Help.

We have a ticket for it: https://trac.torproject.org/projects/tor/ticket/16450. But alas, it does not have priority at the moment. Patches are welcome, though.

EDIT: I forgot to mention, there is a workaround mentioned in this ticket (although that one is not recommended).

AVG said their was a virus in tor when the update finished. help please

That means you're infected with "Windows".
To remove the infection, installing "QubesOS" is the most user-friendly option that is still reasonably safe.

When will tor messenger stable be released.
Thank you' tor community for the hard work.

Tor Browser is not stable yet, and you want Tor Messenger to be stable? Huh.

Is Mike Perry still involved with the tor project?

Yes. Check out his recent blog post about phone hardening: https://blog.torproject.org/blog/mission-improbable-hardening-android-s….

It helps a lot

UNITED HACKER ARMY says thank you tor and their partners

Hi;
Fantastic

Здравствуйте. Я не знаю английский но очень хочется спросить - в Твиттер выхожу через ваш браузер и почему то при репостах нелециприятных новостей по России сайт начинает "зависать" и требовать обновления страницы,и так постоянно! Это говорит о взломе спецслужбами РФ вашего браузера?

It is great!

thank you tor and their partners

thankyou tor.

THANK

Good job, thanks a lot. But regrettably there is a flaw in the new update.

"We moved directly to DuckDuckGo as our search engine avoiding a roundtrip to Disconnect.me first.". <<---- It doesn't work in Debian. All searches are still redirected from Disconnect.me to DuckDuckGo. Please check and fix it.

Did you test with a fresh Tor Browser or after auto-updating from a previous version? If the latter, then this is expected. The "problem" is the default search engine is cached in your profile directory and we don't touch that directory (apart from updating the extensions we provide) as we don't want to mess with user data. The relevant file is search.json.mozlz4 in Browser/TorBrowser/Data/Browser/profile.default.

One could think about "Don't write that information to disk in the first place", though. It, however, remains to be seen if and how the search functionality would break in this case.

Yeah, done. It works properly now. Thank you so much! Cheers............

Might this be easiest to fix by going into options/preferences, and selecting DDG as default search?

I think so, yes. Or you could click into the search bar and select Change Search Settings.

The same happen on ubuntu trusty tahr

Do you really want DDG anyways? Cloudflare doesn't let anyone read anything anonymously. The only advantages to DDG are it has a .onion version(so less reliant on certificate authorities) and that it doesn't use Google.

https://ixquick.com/ and https://startpage.com/ use Google but all Google knows is that a request came from ixquick. Isn't that worth it to read articles censored by cloudflare? Just click "proxy" in search results and you can read. Some sites block https://archife.org/web/ but none block ixquick's/startpage's ever-changing proxies.

nothing plays when i go to youtube and i mean nothing, the videos keeps black.

Use video download site,

or check noscript whitelisted domains.
I think there are three domains to play YT videos.
I think that also www.google.com must be whitelisted to show comments (though ugh, YT comments are often best hidden)

rightclick on video - NoScript - temporary lift restriction on this website

400kbps max on any circuit - something really fucked up! (Videos can't load sometimes)

It's irresponsible to enable javascript anywhere; https://labs.bromium.com/2014/02/21/the-wild-wild-web-youtube-ads-servi…
By letting China and Russia put your computer in a botnet, you are helping them make DDoS attacks against democracy promoting websites such as WikiLeaks and Reporters without Boundaries.
Goto about:config and set javascript.enabled to "false".
To watch youtube without dangerous ActiveX or JavaScript, just copy&paste the YouTube link into http://keepvid.com or https://keepvid.jp or savefrom.net to get the mp4/m4a/mp3 without running or installing untrustworthy code.
Also, not required, but recommended, is to replace Windows with the easy-to-use-but-still-reasonably-secure QubesOS.

Don't run Javascript!

Use youtube-dl on either your Linux, Mac or Windows desktop to download it, and then view it.

This program will also work on several other video streaming websites like Daily Motion, Vimeo, BBC iPlayer, Vid.me, LiveLeak, MetaCare and Lynda.

Music streaming sites supported include: Soundcloud, 8tracks, Bandcamp, Beatport, Deezer, AudioMack, EveryonesMixtape, Myspace, Freesound and Hearthis.at

https://rg3.github.io/youtube-dl/

Best case scenario:

1. Run QubesOS
2. Install youtube-dl from the Debian repos in the applicable Whonix-Workstation template:

sudo apt-get install youtube-dl

3. Create a separate Whonix-Workstation AppVM just for downloading videos
4. Download cr*p from Youtube via the Tor network e.g.

youtube-dl https://www.youtube.com/watch?t=4&v=BaW_jenozKc

Note: download later versions of youtube-dl from testing repos if it fails to download; Youtube are a finicky bunch who don't like workarounds.

5. Move file to an offline Debian AppVM with no networking entitled 'Youtube c*rap'
6. Use quality open source media player (VLC media player) to watch video unmolested by creepy Google freaks who want to profile you
7. Frustrate governments who want to know every cat video you watch as part of their bulk personal data-sets
8. Shred file when finished

Win-win-win

Thank you' tor community for the hard work.

"We moved directly to DuckDuckGo as our search engine avoiding a roundtrip to Disconnect.me first."

It doesn't work in macOS Sierra 10.12.1. All searches are still redirected from Disconnect.me to DuckDuckGo.

See my reply above: This works on fresh Tor Browser 6.0.6 but if you upgrade from earlier versions you either have to set the the default search engine manually or delete the cached search settings in your profile folder.

Thanks for your explanations.

Please make it possible to change language in the app

thank you

I'm on Mac OS X 10.10.5 (yosemite)
Until today I used Tor 6.0.5. Perfect, never one problem.
Since the upgrade 606, Tor quit immediately on start. Clic on restart, quit, restar, quit…
I tryed to instal an older version but it quit anyway.
Now I use Tor 555, no one 6 version work.
What is wrong ?