Tor Browser 7.0.11 is released

by gk | December 09, 2017

Tor Browser 7.0.11 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox and fixes vulnerabilities in Tor. All users are encouraged to update as soon as possible.

This release updates Firefox to version 52.5.2esr and Tor to version 0.3.1.9. In addition to that we updated the HTTPS Everywhere and NoScript extensions we ship.

The full changelog since Tor Browser 7.0.10 is:

  • All Platforms
    • Update Firefox to 52.5.2esr
    • Update Tor to 0.3.1.9
    • Update HTTPS-Everywhere to 2017.12.6
    • Update NoScript to 5.1.8.1
Tags
tor browser
tbb
tbb-7.0
k239

Carson (not verified) said:

December 09, 2017

Permalink

Is there Going to be updates for orfox? The reason why I ask this is when I open the application on my Samsung tab 4 atleast 7 or so times it will say constantly 'orfox not responding' and the browser will close. I tried clearing browser data, and even moved it out of the SD card. I'm stuck with tunneling Tor through Google Chrome for now with orbots vpn mode feature.

Unfortunately, Yawning is no longer working on the sandbox other than some very basic bugfixes. It's half-unmaintained and he is very pessimistic about it. It's probably not featured prominently because of that reason.

k239

Someone (not verified) said:

December 10, 2017

Permalink

First off, thanks for all your work on this important piece of software. I really appreciate it.

And yet…

The update procedure is below par, to say the least. Not only is it more than irritating that all files get the same date, including those inside the “Downloads” folder, moreover, should you have downloaded something the day of the update, those downloads are gone, and unrecoverably so. That is plain bad.

It happened twice at least in the past two months, regarding different updates.

I am sure you don’t have much time at hand, but I’d really like to know if this is recognised as a bug, or just considered an inconvenience, or even expected behaviour.

You know, sometimes it can be important to remember when exactly you downloaded something. And the thing about same-day downloads just being deleted through the update can not possibly be expected behaviour, can it?

All the things you mentioned are considered bugs. For the timestamp we have https://trac.torproject.org/projects/tor/ticket/11506 and for the issue with downloads/new bookmark items getting erased see: https://trac.torproject.org/projects/tor/ticket/18367 (for Windows) and https://trac.torproject.org/projects/tor/ticket/18369 for Linux. On macOS this is already fixed (in case you installed Tor Browser into /Applications).

So, what is "just" missing is the dev capacity to fix those issues.

Speaking of UA and RU, I'd love to see projects to help people there use Tor more easily. In order to difficulty:

1. leverage the language skills of NYC people to provide more up-to-date documentation/hints in Ukrainian and Russian, especially how to obtain and use bridges.

2. leverage said skills to provide outreach to "clearnet" publications which people and UA and RU might see, perhaps suggesting a TP editorial in Ukrainian or Russian which explains what the Tor network is and why people need it, if they can reach it.

3. provide more fast entry nodes inside or near those countries; could hard because the RU government hates both Tor and Western UA.

Speaking of which, does anyone know why there are a few Tor nodes in the Russia Today domain? Isn't that a government run operation? Same question for IR nodes.

k239

geeyp (not verified) said:

December 10, 2017

Permalink

Hello and thank you for the update. I still have the C.R. IP address stuck in the circuit prior to me right now after updating. Is there any danger with this? Thank you in advance.

k239

geeyp (not verified) said:

December 10, 2017

Permalink

Hello again. I left a message the other day regarding this in the comment section of Tor 7 0 10 and also today in comment section of Tor 7.0.11. Just concerned that I seem to have found myself locked together with IP address 31.31.73.222 and cannot change it.when dialing in a new Tor circuit. This has gone on for approximately one week now. What, if anything, should I do?

Yes, thanks for your answer! I watched these changes whenever I dialed in a new circuit and it was only recently that I noticed the first one is staying the same. Whereas previously it was not. It is now good to know that it doing this, is safe. Totally appreciate this and thank you once again!

k239

dima (not verified) said:

December 10, 2017

Permalink

hi

k239

Carson (not verified) said:

December 10, 2017

Permalink

Nevermind, I figured out that if you have an issue with the Orfox browser responding on your phone or tablet Just use Application VPN mode to get through that if you seem to continue to have the issue it might be resolved hopefully sooner than later.

k239

Hal Fost (not verified) said:

December 10, 2017

Permalink

For the last couple of weeks, Tor has been much SLOWER as ALL connections ultimately go through Ukraine. Something seems wrong. Never has all connections gone through the same country.

FWIW, as the cyberwar between (Western) Ukraine and Russia continues to heat up, I have seen more and more Ukraine nodes coming on line (good) and thus more of my circuits go through Ukraine, but by no means all.

Did you use GPG to verify the version of Tor Browser Bundle (I assume) you installed? You can also try Tails from Tails Project (tails.boum.org), a sister project to Tor Project for more security/anonymity.

k239

anon (not verified) said:

December 10, 2017

Permalink

For about a month going to many Tumblr websites I get the error "The page isn’t redirecting properly". This appears to be some incompatibility with Tor's HTTPS Everywhere, where the page is going back and forth between HTTP and HTTPS. Something glitches in that transition.

I tried turning off HTTPS Everywhere by disabling the "Enable HTTPS Everywhere" checkbox from the toolbar. That did not fix it.

Does anyone know how to work around this? I cannot access most of Tumblr.

k239

Emerald (not verified) said:

December 11, 2017

Permalink

I am unable to cut and paste in Google Docs using the Tor browser. I am able to cut and paste using other browsers, but Tor is my primary browser.
Please add this to the next upgrade.
Thank you,
Emerald

k239

Anonymous (not verified) said:

December 11, 2017

Permalink

Why there is so much Cyrillics in the posts? I guess our Russian friends know English pretty well since they are on this page. Are they just kidding?

Several reputable news organizations including The Guardian and (as I recall) NYT have published profiles of the "trolls from Olgino", based on extensive interviews with former professional trolls. One point which is consistently mentioned is that many of the trolls tasked with acting as commentards in EN lang blogs do not really have strong EN lang skills.

That said, I haven't attempted to translate the cyrillic comments--- for all I know they come from RU citizens worried about SORM, or from Ukraine citizens (note that modern OCR softwares such as Tesseract can tell the difference between Ukrainian, Bulgarian, and Russian cyrillic, if you have a scanner).

Professional trollers write & speak several languages fluently and they are payed for that : the others like spoil "the intellectual or technical" element_argument ; it is a hateful attitude from fake resident and they have too a strong EN lang skills (a lot of site provide a perfect translation).
That 's the net , it is worst on a mailing-list (whatever the topic), pedagogy & tolerance are the way i follow but maybe i am wrong.
Sometimes, so am i, i post some trolls without realizing it : sorry for the inconvenience.
All the languages are welcome & everybody can participate.
thank for reading.

k239

nena (not verified) said:

December 11, 2017

Permalink

What is happening with the Squirrel mail, i´m not allowed to recieve mails from twitter.
can somebody help me please?

k239

BC (not verified) said:

December 11, 2017

Permalink

When I updated to this version of TOR, I got a warning message from my Firewall/Anti-virus saying that the Certificate was not valid.

> Tor in Tails is not picking up the update. Am I doing something wrong?

No, this appears to be a decision by Tails Project to wait for the next regularly scheduled edition of Tails.

A few years ago, it was a big advance when Tor Browser team and Mozilla firefox-esr correlated their releases, but for various (good) reasons Tails still has a different release schedule.

> Or should I care?

Definitely, everything which allows our increasingly numerous and ferocious enemies to attempt to exploit potential vulnerabilities is a concern.

That said, I think the Tails team is very smart and dedicated. Note that Tails incorporates many protections beyond what is provided by Tor Browswer, so it is possible that these factored into their decision not to release an emergency bug fix.

"Tails incorporates many protections beyond what is provided by Tor"

Is Tails team working on providing basic Tor security, static Entry Guards, yet?
As a tool or an full basic instruction to do this on the bash would be enough.

Disclaimer: I am a Tails user but not affiliated with Tails Project, and I'd love to know more myself about future plans. Corrections (especially from TP) to anything I say below would be welcome.

Tails Project provides a good deal of information about their present/future work, but it is not always easy to find. It helps to know that Tails Project uses the wonderful Riseup Labs to host much of their development.

2018 agenda:
https://tails.boum.org/news/our_plans_for_2018/index.en.html

Over the past few years, Tails P made a lot of progress getting Tails closer to Debian stable and addressing other issues. Unsolved critical issues include:

Ensuring good entropy:
https://tails.boum.org/blueprint/randomness_seeding/

Ameliorating persistence issues:
https://tails.boum.org/blueprint/persistent_Tor_state/

Getting Tails audited:
https://labs.riseup.net/code/issues/14508

TP has said they will consider incorporating Tor Messenger (once it gets out of beta), and they have been working on incorporating access controls and I think repeatable builds (obviously very important).

Further, much effort has been going into providing something many will find very desirable:

Developing Tails server edition:
https://tails.boum.org/blueprint/tails_server/

Some more pages useful for getting a sense of where Tails is now and where it is going next:

Blueprints (apparently not kept up to date or ordered by priority):
https://tails.boum.org/blueprint/

Developer virtual meetups:
https://tails.boum.org/contribute/calendar/

Known issues:
https://tails.boum.org/support/known_issues/index.en.html

Bugfixes in the next upcoming release:
https://labs.riseup.net/code/projects/tails/issues?query_id=111

Note that Tails Project needs donations! If you cannot easily use the offered payment methods, you may be able to donate to Riseup Networks instead (again, Riseup provides servers for Tails development work, so donating to Riseup means you are indirectly donating to Tails).

k239

Raul (not verified) said:

December 11, 2017

Permalink

Since Windows 10 Update (version 1703) on December 10th, 2017 the browser doesn't start anymore. I updated to version 7.0.11 and the problem continues. I also renamed the old folder on the desktop in order to be able to install a complete new and fresh version and the problem seems to be the same.

k239

P (not verified) said:

December 13, 2017

Permalink

Keep getting 'Image not recognized' when trying to open downloaded 7.0.11image for mac. currently running OSX 10.13.1 same when trying to download experimental Tor version as well

k239

Anonymous (not verified) said:

December 13, 2017

Permalink

Does tor browser make that internet companies cant see how long you are spending time on the net. And what you are searching