Tor Browser 7.0a4 is released

by boklm | May 16, 2017

Tor Browser 7.0a4 is now available from the Tor Browser Project page and also from our distribution directory.

This will probably be the last alpha before the first stable release in the 7.0 series.

This release features a lot of improvements since the 7.0a3 release. Among other things Firefox has been updated to 52.1.1esr, fixing a security bug for Windows users (although by default Tor Browser users are not affected as WebGL is put behind click-to-play placeholders, thanks to NoScript). The canvas prompt is now shown again, the browser is not crashing anymore on about:addons with the security slider set to "high" and Selfrando has been integrated into the Linux 64bit build.

There are still some unresolved issues that we are working on getting fixed for the stable release. Among them, the browser is crashing (with e10s enabled) or the download is stalling (with e10s disabled) when opening/downloading files that need an external application to handle them (this is bug 21766 and bug 21886).

Note: comments were closed as we were upgrading our blog. They are now open.

Note for Linux users: You may get the error Directory /run/user/$uid/Tor does not exist after updating your browser. This is bug 22283. A workaround for this issue is to edit the file Browser/TorBrowser/Data/Tor/torrc and remove the ControlPort and SocksPort lines.

The full changelog since Tor Browser 7.0a3 is:

  • All Platforms
    • Update Firefox to 52.1.1esr
    • Update Tor to 0.3.0.6
    • Update Tor Launcher to 0.2.12.1
      • Bug 20761: Don't ignore additional SocksPorts
      • Translation update
    • Update HTTPS-Everywhere to 5.2.16
    • Update NoScript to 5.0.4
    • Bug 21962: Fix crash on about:addons page
    • Bug 21778: Canvas prompt is not shown in Tor Browser based on ESR52
    • Bug 21569: Add first-party domain to Permissions key
    • Bug 22165: Don't allow collection of local IP addresses
    • Bug 13017: Work around audio fingerprinting by disabling the Web Audio API
    • Bug 10286: Disable Touch API and add fingerprinting resistance as fallback
    • Bug 13612: Disable Social API
    • Bug 10283: Disable SpeechSynthesis API
    • Bug 21675: Spoof window.navigator.hardwareConcurrency
    • Bug 21792: Suppress MediaError.message
    • Bug 16337: Round times exposed by Animation API to nearest 100ms
    • Bug 21726: Keep Graphite support disabled
    • Bug 21685: Disable remote new tab pages
    • Bug 21790: Disable captive portal detection
    • Bug 21686: Disable Microsoft Family Safety support
    • Bug 22073: Make sure Mozilla's experiments are disabled
    • Bug 21683: Disable newly added Safebrowsing capabilities
    • Bug 22071: Disable Kinto-based blocklist update mechanism
    • Bug 22072: Hide TLS error reporting checkbox
    • Bug 20761: Don't ignore additional SocksPorts
    • Bug 21340: Identify and backport new patches from Firefox
    • Bug 22153: Fix broken feeds on higher security levels
    • Bug 22025: Fix broken certificate error pages on higher security levels
    • Bug 21710: Upgrade Go to 1.8.1
  • Mac
    • Bug 21940: Don't allow privilege escalation during update
    • Bug 22044: Fix broken default search engine on macOS
    • Bug 21879: Use our default bookmarks on OSX
    • Bug 21779: Non-admin users can't access Tor Browser on macOS
  • Linux
    • Bug 22041: Fix update error during update to 7.0a3
    • Bug 22238: Fix use of hardened wrapper for Firefox build
    • Bug 20683: Selfrando support for 64-bit Linux systems

Comments

Please note that the comment area below has been archived.

May 26, 2017

Permalink

I downloaded the new updated tor 7.0a4 from here on this site and got this from my antivirus that the file contained a virus called Virus.Gen
Gen:Variant.Graftor.369260 (Traces) File E:\Tor Browser\Browser\Tor\Pluggable Transports\obfs4proxy.exe

the download is infected?

May 31, 2017

Permalink

When I use https://ipleak.net/ or https://browserleaks.com/ip the public IP address doesn't match tor circuit report. for example the TOR circuit states
Bridge :obfs4 (sweden)
Netherlands (178.62.197.82)
Austria (193.171.202.146)
Internet

But the public IP information is 192.56.55.26 and 95.130.11.147 respectively. Both are in France.

Any idea why this occurs?

Two possibilities:

A) Tor Browser isolates each tab on a different circuit, so if you go to a website and click on the green onion to see what path you're using, and then you go to a new tab and you load ipchicken or your favorite geoip tool, Tor Browser will be separating those two connections onto two different circuits, for your protection.

B) Some exit relays are multi-homed, meaning they advertise a different IP address than the one(s) they use for outgoing connections.

Without further information, I would bet on 'A' in this case.

yawning

May 31, 2017

In reply to arma

Permalink

C) The GeoIP database shipped with Tor Browser disagrees with the GeoIP database that a random site is using.

D) Have a look at the circuit display when you are loading those sites. You might probably see that some circuits change. If that's the case timeouts or other errors in Tor lead to picking a new circuit. Now, the thing is that the measurement (IP address detection) takes place at time t with circuit X being active but you are probably looking at time t1 at the circuit display giving you a different impression due to the above described timeouts/errors.

June 01, 2017

Permalink

Hi, before I try 7.0a4, I would like to know one thing:
What is the average download size when Tor is updated from 6.5.0 to 6.5.2 on 64 bit Linux? Is 85 MB in a normal range? Seems quite a lot. Thank you

For a full update, yes. We provide smaller updates, which are called incremental updates, for updating from the previous version (sometimes even from the version before the previous version). Those are usually way smaller. For instance the incremental update from 6.5 to 6.5.1 was about 8 MByte and the one from 6.5.1 to 6.5.2 around 5 MByte.

Yes. 6.5.2 is the latest stable Tor Browser. This is a release announcement for the alpha series of Tor Browser.

Incidentally, this alpha series is very close to being the new stable. Stay tuned for Tor Browser to tell you it has an update.

June 04, 2017

Permalink

A Chinese famous proxy software named Freegate, which you can make Tor Browser tunnel through with its listening port provided, but first you have to clear any types of bridges out before you can do it, without the bridges you are easier to be tracked, doesn't Tor Project go through the Freegate's trick?