Tor Browser 7.0.5 is released

Tor Browser 7.0.5 is now available from the Tor Browser Project page and also from our distribution directory.

This release makes HTTPS-Everywhere compatible with Tor Browser on higher security levels and ensures that browser windows on macOS are properly rounded.

The full changelog since Tor Browser 7.0.4 is:

  • All Platforms
    • Update Torbutton to 1.9.7.6
      • Bug 22989: Fix dimensions of new windows on macOS
      • Translations update
    • Update HTTPS-Everywhere to 2017.8.31
    • Update NoScript to 5.0.9
    • Bug 23166: Add new obfs4 bridge to the built-in ones
    • Bug 23258: Fix broken HTTPS-Everywhere on higher security levels
    • Bug 21270: NoScript settings break WebExtensions add-ons
Anonymous

September 05, 2017

Permalink

"about:config" : 2
- TRUE = network.IDN_show_punycode
- FALSE = browser.urlbar.trimURLs
"searchengine" : 4
- UNCHECKED : google, tweeter, yahoo, youtube
that's the settings i recommended.

Anonymous

September 05, 2017

Permalink

Why after posting a comment on this page does the page keep constantly refreshing forcing you to restart Tor Browser? The 'old' Tor Blog page had no such issue.

And why does Tor Browser have such a high start-up load - unlike any other browser?

tor7.0.4 worked very well.
new identity, tor circuit worked.

with 7.0.5 tor circuit always same first relay, any time delete and reinstall, re download, and install, this occur, first relay is set to the same relay node IP. ( on windows version )

this is not good.

Anonymous

September 05, 2017

Permalink

I like to use Tor Browser to surf politically sensitive issues. I'm using 7.0.5. In the past, I had been able to search YouTube, see the videos in a playlist, but not all the uploads in a channel. I had been able to read the description. The first few lines would be visible, but I could select the text by dragging from above it to below the missing comments, copying, and pasting in another application. I was able to watch the videos by installing Video DownloadHelper and downloading (I checked for direct access by watching in URLSnooper2, and I saw no unencrypted accesses.)

Recently, about a week or two before this update, YouTube quit displaying correctly. The main screen had only a faint line across the top. Video pages had only a list of URL's. I had no way to search. I could still download videos. Then, video downloading quit working.

With this update, video downloading works again. When I installed it, I got a YouTube page to display correctly. I thought it was working as described in the first paragraph again. After that, I haven't gotten another Youtube page to display correctly - thus I cannot search, see playlists, etc. Disabling HTTPS Everywhere does not fix the problem.

I thought with HTML5, we would be able to watch videos again, and we used to be able to. I surmise that YouTube is intentionally breaking their site for Tor. They easily could get SOME sort of site for non-Javascript browsers. I don't know if the problem is that recent changes in the Tor Browser keep even a semblance of a YouTube page from displaying, or if YouTube has been breaking things intentionally recently.

YouTube is an important site for users of the Tor Browser. Could anybody tell me if my anonymity would be at anything more than a theoretical risk by dropping down to Medium security? I would hope some of you Tor Browser guys would study the issue, and either get it working a little better under High Security, tell us what settings we need to make with plugins, or put up a blog post explaining why getting a YouTube page to display at all in the TB is just not feasible.

Here's a fun issue. I go to post this comment, and hit Preview. I get a window with the text in a box, and Save and Preview buttons. I hit Preview again, and it goes into a loop of eternal loading. I had to drop down to Medium security to even post this comment, or else I got an eternal page load loop again! I'm running on Win7.

The loop you are experiencing is a bug in our blog, see: https://trac.torproject.org/projects/tor/ticket/22530 The Youtube issues might be due to recent changes on Youtube, see: https://trac.torproject.org/projects/tor/ticket/22129 and related tickets. So, yes, setting the slider to higher than "low" risks breaking sites which is not a bug in this case.

"Could anybody tell me if my anonymity would be at anything more than a theoretical risk by dropping down to Medium security?"

No one should be lulled into dropping protections which exist for very good reasons in order to use a site. Yes, it appears YouTube is now broken for Tor users who care about their privacy.

I won't drop my drawers for javascript.

Anonymous

September 05, 2017

Permalink

Correct testing -littlebit tired,no coffee:
with javascript ON, Security slider High,

-GUI seems normal, BUT
-"Block all unencrypted requests" ISN'T working, can't click it ON
-no counting.

Not good.

Make a clean new installation, then test.

But that HTTPSE is really a hole! It bypasses unencrypted images on encrypted pages even when you can click that checkbox!

Anonymous

September 06, 2017

Permalink

It won't connect and opens oddly sised and placed windows. Then it usually crashes.

I'm using the 64 bit version on Linux. The tarball checks out - md5 is
dd94e0655818035d3129028c88b1bc31

This is the first time tor browser has actually not worked for me.

After posting that, I worked out the problem only occurs if I also have Firefox running. Maybe one is not supposed to but I generally do, and have not seen this with previous versions.

Yes - the EN_US version, freshly downloaded and untarred. I tried several times before finding the connection with running another Firefox instance.

Anonymous

September 06, 2017

Permalink

12:53:13.424 [Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIHttpChannel.suspend]" nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)" location: "JS frame :: resource://gre/modules/WebRequest.jsm :: maybeSuspend :: line 601" data: no] 1 (unknown)
maybeSuspend resource://gre/modules/WebRequest.jsm:601:7
HttpObserverManager.applyChanges< resource://gre/modules/WebRequest.jsm:749:24
next self-hosted:1120:9
TaskImpl_run resource://gre/modules/Task.jsm:319:42
TaskImpl resource://gre/modules/Task.jsm:277:3
createAsyncFunction/asyncFunction resource://gre/modules/Task.jsm:252:14
runChannelListener resource://gre/modules/WebRequest.jsm:738:12
observe resource://gre/modules/WebRequest.jsm:504:9

Anonymous

September 06, 2017

Permalink

how come every time since an upload to an .onion site the first tor relay is always ROMANIA 185.100.84.212?

even reinstalled tor from the old 7.0.1 and updated
still romania 185.100.84.212
every time.

do i have to entirely delete tor from the machine and run from the ISO 7.0.5? instead?

can someone through a relay sniff the traffic, and change tor relay settings so that the aforementioned relay is always first, set.

Anonymous

September 06, 2017

Permalink

Hi, will tails users be affected by this update? On tails 3.1 the browser is version 7.0.4, and it did not automatic upgrade me, I can not manually upgrade either.

Please help.

Anonymous

September 06, 2017

Permalink

Hi the TOR browser in Tails 3.1 is still at 7.0.4, it does not automatically upgrade, and I can not manually upgrade it from within Tails 3.1.

Is this a security concern?

Can i use 7.0.4 on MSWindows without problems, too?

There is no essential change in 7.0.5? And the broken HTTPS-Everywhere 2017.8.31, no "unencrypted requests" blocking -that shouldn't happen, is a problem here.

There is no other simple way to stop HTTP requests?)-:

Webextensions are working with javascript only ? -would be a problem.

I have the same problem with HTTPS-Everywhere2017.8.31 in TBB 7.0.5.

"happen with an unmodified, clean Tor Browser?"
I can not testing yet but when H-E2017.8.31 in TBB 7.0.6 will working
like TBB 7.0.4 WITHOUT javascript, that would be very good and necessary.

Anonymous

September 08, 2017

Permalink

I hope developers can reassess the capacity of the great firewall of china in the furture, the last article on this subject is at least a few years ago.

Ever since July this year, connection to Tor network can be routinely and effectively blocked by GFW, regardless of what type of bridges I'm using. I'm able to get past GFW by forcing Tor to use a free/commercial VPN, even the effectiveness of this workaround is diminishing now.

Don't get me wrong, the fact that such a small development team is able to challenge the world's most sophisticated censorship is a huge accomplishment. I appreciate Tor team's effort in ending censorship and promoting online privacy. If there's anything I can do that will help Tor(and not get me killed in the process), let me know.

Anonymous

September 09, 2017

Permalink

hi, had a bit of trouble during the verification. several outputs looked quite different to what is mentioned on your verification guide. can you please help me on this? sorry, i'm new to gpg.

1)
after i imported the public key, I ran gpg --fingerprint 0x4E2C6E8793298290 and it gave me:

pub rsa4096 2014-12-15 [C] [expires: 2020-08-24]
EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
uid [ unknown] Tor Browser Developers (signing key)
sub rsa4096 2016-08-24 [S] [expires: 2018-08-24]

key fingerprint is correct, but why does the rsa key only say "4096" while it should say "4096R/93298290"? And why is the uid line tagged "unknown"?

2)
when trying to verify the tar.xz and tar.xz.asc files, it gave me:

gpg: Signature made Mo 04 Sep 2017 00:37:26 CEST
gpg: using RSA key D1483FA6C3C07136
gpg: Good signature from "Tor Browser Developers (signing key) " [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: A430 0A6B C93C 0877 A445 1486 D148 3FA6 C3C0 7136

Fingerprints are correct, but is there a new RSA key? It differs from what is shown on the verification guide ("RSA key ID D40814E0" is mentioned there). Also, why is something regarding the signature "unknown"?

Is there a reason to be concerned? Would be very thankful for your help

Anonymous

September 09, 2017

Permalink

Hello all,I hope all is right in every ones world.I am new to all this like many on here,went from a good working Tor to "After the Update"not so much.But we as a legion have not only the means but the sheer multitude of almost unlimited human knowledge.So i have tweaked my settings here and there and not yet perfect but i have learned a lot.So thank all of you who have spent untold hours,days and weeks in the development of Tor.And free say it with me free,who are these crazy lovable people who do this for $0.00 you have my respect and thanks.And i feel honored to part of this History.
Sincerely the ghost

Anonymous

September 10, 2017

Permalink

This be all soooo funny!

Support for 32 bit systems by Mozilla was announced as ending in September 2017 yet i now see that Mozilla has decided to continue with the current series ad infinitum due to the millions of 32 bit systems still happily grinding away

Never mind. I blew $US 260 recently on acquiring the home version of Win 10 and I'm slowly setting it up for Lubuntu and Tor. Yes, when the project is complete I'll somehow network my XP home to this Linux OS so that I can continue with the XP and use the Linux as an up-to-date browser.

The good news is that my total expenditure on laptops and ancillaries since 2004 is still less than $US 750 - or $US 58 per year. Viva Linux!

Join the discussion...

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

2 + 1 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.