Tor Browser 7.0.4 is released

Tor Browser 7.0.4 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

A lot of Tor Browser components have been updated in this release. Apart from the usual Firefox update (to 52.3.0esr) we include a new Tor stable release (0.3.0.10) + an updated HTTPS-Everywhere (5.2.21) and NoScript (5.0.8.1).

In this new release we continue to fix regressions that happened due to the transition to Firefox 52. Most notably, we avoid the scary warnings popping up when entering passwords on .onion sites without a TLS certificate (bug 21321). Handling of our default start page (about:tor) has improved, too, so that using the searchbox on it is working again and it does no longer need enhanced privileges in order to function.

The full changelog since Tor Browser 7.0.2 (for Linux since Tor Browser 7.0.3) is:

  • All Platforms
    • Update Firefox to 52.3.0esr
    • Update Tor to 0.3.0.10
    • Update Torbutton to 1.9.7.5
      • Bug 21999: Fix display of language prompt in non-en-US locales
      • Bug 18913: Don't let about:tor have chrome privileges
      • Bug 22535: Search on about:tor discards search query
      • Bug 21948: Going back to about:tor page gives "Address isn't valid" error
      • Code clean-up
      • Translations update
    • Update Tor Launcher to 0.2.12.3
      • Bug 22592: Default bridge settings are not removed
      • Translations update
    • Update HTTPS-Everywhere to 5.2.21
    • Update NoScript to 5.0.8.1
      • Bug 22362: Remove workaround for XSS related browser freezing
      • Bug 22067: NoScript Click-to-Play bypass with embedded videos and audio
    • Bug 21321: Exempt .onions from HTTP related security warnings
    • Bug 22073: Disable GetAddons option on addons page
    • Bug 22884: Fix broken about:tor page on higher security levels
  • Windows
    • Bug 22829: Remove default obfs4 bridge riemann.
    • Bug 21617: Fix single RWX page on Windows (included in 52.3.0esr)
  • OS X
    • Bug 22829: Remove default obfs4 bridge riemann.
Anonymous

August 23, 2017

Permalink

dear tor, i found this surfing the deepweb and wanted you to know. don't know if its fake or real but you might know...

http://yjrb5bvdgbrs2rhi.onion

Experiments on realistic conditions
This contains the code we used for our paper, "On Realistically Attacking Tor with Website Fingerprinting."

We wrote "notes" for each of the following, which describes how to run and use the files:

Training update. For testing a training set updating scheme.
Splitting. For split finding, split decision, and pre-splitting. About 100 MB.
Classifier. Takes packet sequences collected in the wild as input, and performs time-based splitting, classification-based splitting, and kNN classification on them. About 700 MB.
Tor Logging. Implementation of Tor logging for the above. This is necessary for the file format required by the classifier. Note that the classifier is only allowed to look at time and direction; other information is not available to the website fingerprinting attacker.

Anonymous

August 23, 2017

Permalink

Just to mirror what everyone else has said about this fantastic Tor browser and the work done keeping it going...thank you very much

We do not recommend it. See for a broader discussion about the filtering topic https://www.torproject.org/projects/torbrowser/design/#philosophy section 5: No filters.

That said it should work if you really want that. What security slider level are you on (did you change it from the default) and on what operating system does this happen? Do you get an error or how else do you know it is not working?

Anonymous

August 26, 2017

Permalink

Thank you! Very good browser!

I'm still new to this and truly trying to understand the benefits and how it works. I saw something regarding Tor on Viceland and that is what led me here in the first place. I have downloaded the browser and am ready to use but am hoping someone in this thread will help me understand a little further.

Welcome! There is a "What Next?" item on the Tor Browser start page with links that might help your further. E.g. the Tor Browser manual (https://tb-manual.torproject.org/en-US/) could be a good starting point for you.

Can you tell me if its normal for the tor circuit to show "bridge OBFS4 (United States)" and other times it just shows "bridge OBFS4"

You mean you are using the same obfs4 bridge? That would be strange but I can imagine that the IP address of a different bridge can't properly be mapped to a country by the ip-country-database used for that and then nothing is added in parentheses.

Are you saying that all obfs4 should have a country identifier?

Well, there is nothing in the code that says this bridge should be shown with and that without country identifier when we are talking about obfs4 bridges.

how hide ip address

no way to get tor7 to work on debian wheezy. Not the downloadable packaged stand alone torbrowser, nor the installed tor and torbrowser launcher. The packaged just does not connect and does not give any errors, v6.5 works fine. The installed tor after updating and installing cannot connect with error: cannot reach host ipnumber:port. Disbaling the firewall makes no difference.

I forgot to add that using obfs and bridges also made no difference, v7.04 cannot connect. v6.5 no problems whatsoever connects immediately and directly.

You downloaded Tor Browser from our website, right? Did you start it on the command line (in your tor-browser_en-US directory, assuming you have the en-US version) with something like ./start-tor-browser.desktop --debug --log? What output do you get?

Just want to say thanks for all the hard work, however after the new version i can not long run tor on a windows 10 PC tyr to reinstall and disable the FW/AV but now luck appears task manager then disappears, any one elase had this issue? (note: older versions work)

Which FW/AV software are you using?

7.0.4 crashed with

  1. <br />
  2. Sep 01 21:50:35.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.<br />
  3. Extension error: TypeError: browser.ownerGlobal is null chrome://browser/content/ext-utils.js 800<br />
  4. [[Exception stack<br /><a href="mailto:getBrowserId@chrome" rel="nofollow">getBrowserId@chrome</a>://browser/content/ext-utils.js:800:9<br />
  5. @chrome://browser/content/ext-tabs.js:79:26<br /><a href="mailto:runSafeSyncWithoutClone@resource" rel="nofollow">runSafeSyncWithoutClone@resource</a>://gre/modules/ExtensionUtils.jsm:71:14<br />
  6. emit/promises<@resource://gre/modules/ExtensionUtils.jsm:384:55<br /><a href="mailto:emit@resource" rel="nofollow">emit@resource</a>://gre/modules/ExtensionUtils.jsm:383:20<br />
  7. WebRequestEventManager/register/<a href="mailto:listener@chrome" rel="nofollow">listener@chrome</a>://extensions/content/ext-webRequest.js:51:7<br /><a href="mailto:runChannelListener@resource" rel="nofollow">runChannelListener@resource</a>://gre/modules/WebRequest.jsm:721:24<br /><a href="mailto:observe@resource" rel="nofollow">observe@resource</a>://gre/modules/WebRequest.jsm:504:9<br />
  8. Current stack<br /><a href="mailto:runSafeSyncWithoutClone@resource" rel="nofollow">runSafeSyncWithoutClone@resource</a>://gre/modules/ExtensionUtils.jsm:73:129<br />
  9. emit/promises<@resource://gre/modules/ExtensionUtils.jsm:384:55<br /><a href="mailto:emit@resource" rel="nofollow">emit@resource</a>://gre/modules/ExtensionUtils.jsm:383:20<br />
  10. WebRequestEventManager/register/<a href="mailto:listener@chrome" rel="nofollow">listener@chrome</a>://extensions/content/ext-webRequest.js:51:7<br /><a href="mailto:runChannelListener@resource" rel="nofollow">runChannelListener@resource</a>://gre/modules/WebRequest.jsm:721:24<br /><a href="mailto:observe@resource" rel="nofollow">observe@resource</a>://gre/modules/WebRequest.jsm:504:9<br />
  11. ]]<br />
  12. Sep 01 21:57:42.000 [notice] Owning controller connection has closed -- exiting now.<br />
  13. Sep 01 21:57:42.000 [notice] Catching signal TERM, exiting cleanly.<br />
  14. windows.onRemoved event fired after context unloaded.<br />
  15. [Parent 20315] WARNING: waitpid failed pid:20398 errno:10: file /home/debian/build/tor-browser/ipc/chromium/src/base/process_util_posix.cc, line 268ng on Linux with Libevent

Do you have non-default extension installed in your Tor Browser? Is the crash reproducible?

there are still some problems with loading, idk if it's with my internet or international servers, but i'm just letting you know that it's abnormal compared to other ways of browsing. this usually occurs when entering links presented on search engines. thank you

Yeah ! very very good product ..

A monitoring software on my computer block the use of Tor. Is there any way to bypass this

To all involved and the free software community.

i get the same error
in the mac disk image mounter
for tor dmgs since half a year:

image could no be mounted

no mountable file system

all other dmgs work fine

osx 10.9

i have completly unistalled tor and wanted to reinstall it.

i downloaded and unzipped wit various browsers languages programs

Hm. I opened https://trac.torproject.org/projects/tor/ticket/23452 for your issue. I am not sure yet what is going wrong given that this error report is quite rare and most users won't be affected (I guess).

I have downloaded Tor-Browser 7.0.4 and discovered right after installing this browser
in Resource Monitor - a tool in map system 32 of Windows - that more then 30 ip-addresses
were connected with Tor.exe.
These ip-addresses don't appear after installing Tor-Browser and I wonder if this is a security shortcoming .
These ip-addresses can connect to Tor.exe any time and overlook coonection tot he internet.

I just wanted to say Thank You So Much. I wish I had money to help out, but the best I can do is offer my computer as a guinea pig and try out the beta version.
Thanks again, and so far everything is working great!

Thanks! And, yes, testing the alpha bundles is pretty valuable to us. Please keep doing that if you can and report bugs at https://trac.torproject.org/projects/tor if you find any.

Join the discussion...

We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the post moderator. Please do not comment as a way to receive support or report bugs on a post unrelated to a release. If you are looking for support, please see our ​support portal or ways to get in touch with us.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

10 + 9 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.