Tor Browser 7.0.11 is released

by gk | December 9, 2017

Tor Browser 7.0.11 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox and fixes vulnerabilities in Tor. All users are encouraged to update as soon as possible.

This release updates Firefox to version 52.5.2esr and Tor to version 0.3.1.9. In addition to that we updated the HTTPS Everywhere and NoScript extensions we ship.

The full changelog since Tor Browser 7.0.10 is:

  • All Platforms
    • Update Firefox to 52.5.2esr
    • Update Tor to 0.3.1.9
    • Update HTTPS-Everywhere to 2017.12.6
    • Update NoScript to 5.1.8.1

Comments

Please note that the comment area below has been archived.

Bridges won't help you if the exit node is being blocked. Just trigger a new Tor circuit for that site and hope for the best. Either that or explicitly set a known exit node (although that's not very secure).

Попробуйте вот так: зайдите на http://cameleo.xyz/ (или любой другой анонимайзер) и вставьте вашу ссылку https://www.ncbi.nlm.nih.gov/pubmed/advanced

Всё работает без проблем. Видимо сайт блокирует подключение именно TOR

Using a bridge/obsf4 only changes how you connect to the Tor network, not how the websites you visit see you. All they see is a request from an exit relay. The website you linked to appears to block all exit relay ip addresses. This is not something that you can get around without the website in question unblocking exit node ip addresses.

December 09, 2017

Permalink

helo

December 09, 2017

Permalink

Hello

December 09, 2017

In reply to boklm

Permalink

TOR updated this morning even though I always uncheck automatic updates to avoid losing all of my bookmarks. TOR worked for 5 minutes and crashed and now will not restart. I've lost all my bookmarks AGAIN!!!

December 09, 2017

In reply to boklm

Permalink

my noscript was on the left up until a few updates ago. It's been on the right ever since, even now.

December 09, 2017

Permalink

This website cannot provide a secure connection warning in ms edge and slimjet browsers, ISP is Talktalk, are they blocking??? I have downloaded and installed successfully through filehippo :-)

December 09, 2017

Permalink

is it safe to use Evolution email-client (with 7.0.11 TB) for an onion_webmail imap/pop settings ?
(thunderbird is not maintained & not included as add-on. )

December 09, 2017

Permalink

Der Browser wird immer besser Ihr seid einfach Perfekt. Herzlichen Dank für Alles

December 09, 2017

Permalink

is javascript enabled so dangerous? I mean, I can not do a lot of things with javascript disabled. I would also like to know if I can put a kind of proxy after the final node of the tor, because ip ip is identified in several sites and they define this ip as very aggressive. These things limit me a lot ....

Thanks for the great software.

The risk of JavaScript comes from the fact that it's a complicated language that can contain bugs. It does not innately put you at risk (e.g. it cannot simply bypass the proxy settings and phone home), but it can contain bugs that could be exploitable. It's a good idea to set the security slider higher if possible, but it is not a strict requirement.

For your second question, I'd like to mention that putting a proxy after Tor is rarely a good idea. It centralizes all your traffic and defeats the purpose of having rotating exit nodes. If you really have to connect to an individual website that is blocking Tor, try using a web proxy like kproxy.com or something, in Tor browser of course.

> The risk of JavaScript comes from the fact that it's a complicated language that can contain bugs

Also, if you allow JavaScript (for example by using TB with security slider set at "medium") you will probably see warnings about canvas fingerprinting, which you should answer "Never for this site".

Depends on who your adversaries are, and how dangerous it would be to you if they were able to compromise your brower.

We can assume that the FBI, for example, has knowledge of Firefox bugs that nobody else knows about. They've had such knowledge in the past and used it to attack Tor users. And the vast majority of exploitable bugs rely on JavaScript.

If you don't have such powerful adversaries then perhaps you don't need to worry about that. Or there are other steps you can take, such as using Whonix or sandboxed-tor-browser, to reduce the risks if your browser is compromised.

As far as proxies go, I think you'll find any free proxy service will look just as "suspicious", to server operators, as Tor. Paid services may appear more "reputable" because they're both less popular in general, and less appealing to spammers.

Great reply, but I think more needs to be said about this:

> If you don't have such powerful adversaries then perhaps you don't need to worry about that.

I think that almost everyone is seriously underestimating their chances of being victimized by a "serious" attack by a well-funded attacker. For at least two reasons:

o because some attacks are easily converted into dragnet attacks (e.g. targeting all Tor users) and because some well-funded attackers (e.g. cyberespionage-as-a-service companies) are clearly happy to perform dragnet attacks on entire classes of internet users,

o more and more cyberespionage-as-a-service companies, often founded by former FBI, USSS, NSA/TAO agents with experience in creating malware, keep appearing, because more and more large corporations and nasty governments are demanding their services; among the most popular is "active defense" which means using social media to suss out potential adversaries, finding their IPs, and attacking their personal devices; increasingly, almost anyone who engages in political activity in a dozens of countries including "Western democracies" is likely to be surveilled by these companies acting on behalf of government or corporate clients; known victims include dozens of
+ fracking protest groups
+ oil pipeline protest groups
+ Black Lives Matter, Occupy, and other social justice movements
+ human righst groups (including the best known such as Amnesty and HRW)
+ foreclosure and mega-bank protest groups
+ net-neutrality supporters

For more information, please see

https://www.theguardian.com/world/2017/dec/12/surveillance-firms-spied-…

https://www.theguardian.com/world/2017/dec/12/inside-the-secret-world-o…

https://theintercept.com/series/oil-and-water/

USPERs please note that at least one of the UK-based companies mentioned in The Guardian, TASK International, appears to have an active US branch (in FL).

There are many cyberespionage-as-a-service companies based in such places as USA, EU, India, South Asia, and Russia, but the best known are Gamma International (London and Munich), maker of FinFisher, Hacking Team (Italy), NSO Group (Israel) and Cyberbit (Israel, formed by merging NICE Ltd and portions of Elbit Systems, the Israeli spy/kill-drone maker; see the books on NSA by James Bamford for more background on NICE's business relations with the biggest US telecoms) .

My feeling is that pretty much anyone who is politically active needs to use Tor, strong end-to-end encryption, and other privacy/security-enhancing tools.

i noticed few mistakes :

1° * dragnet : more relays, more users, the next generation of onions could help.
2° * as service = Contract manufacturer
it is like that most of secret service work afaik.

- cyber-espionage : related at police/deviance/free lance.
- Western democracies : do you mean an occupied area with a fake label ? It is an E.U. plan not an US one.
- caterpilar does not obeys to u.k orders but to fr/israeli joint-venture (organized crime)
- the business relations with the telecom are a part of counter-terrorism & anti-mafia ops.

Tor can't do nothing against Professional Parabolic Microphone & harassment/racket/missing person/fake news/fake uspers.

The roses grow up on the dung-heap , almost everyone is seriously over estimating their chances to not be a victim after a "serious" attack by a well-funded attacker.

My feeling is that if you can't beat it , they can be stopped by their allies.
Using Tor, strong end-to-end encryption, and other privacy/security-enhancing tools ; it can be reported, denounced, and their criminal plot will fail.

December 09, 2017

Permalink

When will Tor Browser get Firefox 59? It is much faster than the current version, and it looks better!

You realize hushmail is the one that gave their logs to the FBI with no resistance a while back, right? Their reputation is almost as bad as HMA is now days. I thought we were over recommending those scammers.

That's one of the long-standing unsolved problems for Tor users, and I believe it is fair to say that most experts think it is unsolvable.

One point here is that most email services require you to log in as a unique user (and to use some payment method), and sending any unique identifier over Tor would appear to be inconsistent with anonymity, which is the purpose of Tor.

I would urge you to explore using end-to-end encrypted messaging instead. I have great hopes for Tor Messenger (a still experimential project of Tor Project which may eventually be incorporated into Tails; see tails.boum.org), but you can try Signal. In a recent tweet, Edward Snowden recommends using Signal with Tor.

Careful. "Anonymity" is a tricky concept. What Tor provides you could be called location privacy: whatever site you visit/wherever you log in those folks providing the services don't see where you are from doing so. And in that way doing email over Tor is working perfectly fine.

December 19, 2017

In reply to gk

Permalink

I'd love to hear your thoughts on "Onions Everywhere" (analogous to "HTTPS Everywhere").

December 09, 2017

Permalink

Hi,
I am seeing the update in green on tor's menu. So I clicked on it. Then my antivirus software then requests to block the firefox.exe and tor.exe files from opening. These files are legit, right? What should I do? Tech dummy here. Please help, anyone?

December 09, 2017

In reply to by YM (not verified)

Permalink

I'm sure someone else has a better answer, but you should make sure that you downloaded from the real Tor Project website, using HTTPS. You can be additionally sure by using GnuPG to verify the downloads. The website provides explanations on how to do this.

December 10, 2017

In reply to by YM (not verified)

Permalink

Antivirus software is never perfect and can generate false alarms. Executable files (.exe's) could easily carry nasty stuff, so it's not surprising your AV software would be worried about them. But since you know these two files are coming from the Tor project, just go ahead and install them.

December 09, 2017

Permalink

Is there Going to be updates for orfox? The reason why I ask this is when I open the application on my Samsung tab 4 atleast 7 or so times it will say constantly 'orfox not responding' and the browser will close. I tried clearing browser data, and even moved it out of the SD card. I'm stuck with tunneling Tor through Google Chrome for now with orbots vpn mode feature.

Unfortunately, Yawning is no longer working on the sandbox other than some very basic bugfixes. It's half-unmaintained and he is very pessimistic about it. It's probably not featured prominently because of that reason.

December 10, 2017

Permalink

First off, thanks for all your work on this important piece of software. I really appreciate it.

And yet…

The update procedure is below par, to say the least. Not only is it more than irritating that all files get the same date, including those inside the “Downloads” folder, moreover, should you have downloaded something the day of the update, those downloads are gone, and unrecoverably so. That is plain bad.

It happened twice at least in the past two months, regarding different updates.

I am sure you don’t have much time at hand, but I’d really like to know if this is recognised as a bug, or just considered an inconvenience, or even expected behaviour.

You know, sometimes it can be important to remember when exactly you downloaded something. And the thing about same-day downloads just being deleted through the update can not possibly be expected behaviour, can it?

All the things you mentioned are considered bugs. For the timestamp we have https://trac.torproject.org/projects/tor/ticket/11506 and for the issue with downloads/new bookmark items getting erased see: https://trac.torproject.org/projects/tor/ticket/18367 (for Windows) and https://trac.torproject.org/projects/tor/ticket/18369 for Linux. On macOS this is already fixed (in case you installed Tor Browser into /Applications).

So, what is "just" missing is the dev capacity to fix those issues.

Speaking of UA and RU, I'd love to see projects to help people there use Tor more easily. In order to difficulty:

1. leverage the language skills of NYC people to provide more up-to-date documentation/hints in Ukrainian and Russian, especially how to obtain and use bridges.

2. leverage said skills to provide outreach to "clearnet" publications which people and UA and RU might see, perhaps suggesting a TP editorial in Ukrainian or Russian which explains what the Tor network is and why people need it, if they can reach it.

3. provide more fast entry nodes inside or near those countries; could hard because the RU government hates both Tor and Western UA.

Speaking of which, does anyone know why there are a few Tor nodes in the Russia Today domain? Isn't that a government run operation? Same question for IR nodes.

December 10, 2017

Permalink

Hello and thank you for the update. I still have the C.R. IP address stuck in the circuit prior to me right now after updating. Is there any danger with this? Thank you in advance.

December 10, 2017

Permalink

Hello again. I left a message the other day regarding this in the comment section of Tor 7 0 10 and also today in comment section of Tor 7.0.11. Just concerned that I seem to have found myself locked together with IP address 31.31.73.222 and cannot change it.when dialing in a new Tor circuit. This has gone on for approximately one week now. What, if anything, should I do?

December 10, 2017

In reply to boklm

Permalink

Yes, thanks for your answer! I watched these changes whenever I dialed in a new circuit and it was only recently that I noticed the first one is staying the same. Whereas previously it was not. It is now good to know that it doing this, is safe. Totally appreciate this and thank you once again!

December 10, 2017

Permalink

hi

December 10, 2017

Permalink

Nevermind, I figured out that if you have an issue with the Orfox browser responding on your phone or tablet Just use Application VPN mode to get through that if you seem to continue to have the issue it might be resolved hopefully sooner than later.

December 10, 2017

Permalink

For the last couple of weeks, Tor has been much SLOWER as ALL connections ultimately go through Ukraine. Something seems wrong. Never has all connections gone through the same country.

FWIW, as the cyberwar between (Western) Ukraine and Russia continues to heat up, I have seen more and more Ukraine nodes coming on line (good) and thus more of my circuits go through Ukraine, but by no means all.

Did you use GPG to verify the version of Tor Browser Bundle (I assume) you installed? You can also try Tails from Tails Project (tails.boum.org), a sister project to Tor Project for more security/anonymity.

December 10, 2017

Permalink

For about a month going to many Tumblr websites I get the error "The page isn’t redirecting properly". This appears to be some incompatibility with Tor's HTTPS Everywhere, where the page is going back and forth between HTTP and HTTPS. Something glitches in that transition.

I tried turning off HTTPS Everywhere by disabling the "Enable HTTPS Everywhere" checkbox from the toolbar. That did not fix it.

Does anyone know how to work around this? I cannot access most of Tumblr.

December 11, 2017

Permalink

I am unable to cut and paste in Google Docs using the Tor browser. I am able to cut and paste using other browsers, but Tor is my primary browser.
Please add this to the next upgrade.
Thank you,
Emerald

December 11, 2017

Permalink

Why there is so much Cyrillics in the posts? I guess our Russian friends know English pretty well since they are on this page. Are they just kidding?

Several reputable news organizations including The Guardian and (as I recall) NYT have published profiles of the "trolls from Olgino", based on extensive interviews with former professional trolls. One point which is consistently mentioned is that many of the trolls tasked with acting as commentards in EN lang blogs do not really have strong EN lang skills.

That said, I haven't attempted to translate the cyrillic comments--- for all I know they come from RU citizens worried about SORM, or from Ukraine citizens (note that modern OCR softwares such as Tesseract can tell the difference between Ukrainian, Bulgarian, and Russian cyrillic, if you have a scanner).

Professional trollers write & speak several languages fluently and they are payed for that : the others like spoil "the intellectual or technical" element_argument ; it is a hateful attitude from fake resident and they have too a strong EN lang skills (a lot of site provide a perfect translation).
That 's the net , it is worst on a mailing-list (whatever the topic), pedagogy & tolerance are the way i follow but maybe i am wrong.
Sometimes, so am i, i post some trolls without realizing it : sorry for the inconvenience.
All the languages are welcome & everybody can participate.
thank for reading.

December 11, 2017

Permalink

What is happening with the Squirrel mail, i´m not allowed to recieve mails from twitter.
can somebody help me please?

December 11, 2017

Permalink

When I updated to this version of TOR, I got a warning message from my Firewall/Anti-virus saying that the Certificate was not valid.

> Tor in Tails is not picking up the update. Am I doing something wrong?

No, this appears to be a decision by Tails Project to wait for the next regularly scheduled edition of Tails.

A few years ago, it was a big advance when Tor Browser team and Mozilla firefox-esr correlated their releases, but for various (good) reasons Tails still has a different release schedule.

> Or should I care?

Definitely, everything which allows our increasingly numerous and ferocious enemies to attempt to exploit potential vulnerabilities is a concern.

That said, I think the Tails team is very smart and dedicated. Note that Tails incorporates many protections beyond what is provided by Tor Browswer, so it is possible that these factored into their decision not to release an emergency bug fix.

"Tails incorporates many protections beyond what is provided by Tor"

Is Tails team working on providing basic Tor security, static Entry Guards, yet?
As a tool or an full basic instruction to do this on the bash would be enough.

Disclaimer: I am a Tails user but not affiliated with Tails Project, and I'd love to know more myself about future plans. Corrections (especially from TP) to anything I say below would be welcome.

Tails Project provides a good deal of information about their present/future work, but it is not always easy to find. It helps to know that Tails Project uses the wonderful Riseup Labs to host much of their development.

2018 agenda:
https://tails.boum.org/news/our_plans_for_2018/index.en.html

Over the past few years, Tails P made a lot of progress getting Tails closer to Debian stable and addressing other issues. Unsolved critical issues include:

Ensuring good entropy:
https://tails.boum.org/blueprint/randomness_seeding/

Ameliorating persistence issues:
https://tails.boum.org/blueprint/persistent_Tor_state/

Getting Tails audited:
https://labs.riseup.net/code/issues/14508

TP has said they will consider incorporating Tor Messenger (once it gets out of beta), and they have been working on incorporating access controls and I think repeatable builds (obviously very important).

Further, much effort has been going into providing something many will find very desirable:

Developing Tails server edition:
https://tails.boum.org/blueprint/tails_server/

Some more pages useful for getting a sense of where Tails is now and where it is going next:

Blueprints (apparently not kept up to date or ordered by priority):
https://tails.boum.org/blueprint/

Developer virtual meetups:
https://tails.boum.org/contribute/calendar/

Known issues:
https://tails.boum.org/support/known_issues/index.en.html

Bugfixes in the next upcoming release:
https://labs.riseup.net/code/projects/tails/issues?query_id=111

Note that Tails Project needs donations! If you cannot easily use the offered payment methods, you may be able to donate to Riseup Networks instead (again, Riseup provides servers for Tails development work, so donating to Riseup means you are indirectly donating to Tails).

December 11, 2017

Permalink

Since Windows 10 Update (version 1703) on December 10th, 2017 the browser doesn't start anymore. I updated to version 7.0.11 and the problem continues. I also renamed the old folder on the desktop in order to be able to install a complete new and fresh version and the problem seems to be the same.

December 13, 2017

Permalink

Keep getting 'Image not recognized' when trying to open downloaded 7.0.11image for mac. currently running OSX 10.13.1 same when trying to download experimental Tor version as well

December 13, 2017

Permalink

Does tor browser make that internet companies cant see how long you are spending time on the net. And what you are searching

December 13, 2017

Permalink

You loosers still haven't fuxed this yet??? #sad

Tor Browser 7.0.11 ships with addons.mozilla.com and testpilot.firefox.com allowed to install add-ons!!!

Worse, this is hidden in Preferences>Security>Exceptions which is not accessible unless user knows how to activate menu bar.

After disallowing those sites, they are re-enabled on restart!!

Tor Browser Bundle is SPYWARE!!!!

Thank you, I just checked and you are correct. This is a serious security issue. Always these problems with browsers built by companies allied to or working with the security agencies. People have said before TOR should be built from scratch not using anything from those in the pocket of the security agencies. Now developers how about an answer of how to get rid of this testpilot as it is not in about:config and you have to remove it every time the browser is started.

December 15, 2017

In reply to gk

Permalink

>What exactly is the issue?
See the post above by Donald T. Rump… (not verified)
Go to the options settings- privacy-exceptions and you will see that the sites if deleted regenerate when the browser is restarted. This version seems so buggy it should not have been release without more trials.

December 16, 2017

In reply to gk

Permalink

Load about:preferences#security and click on the "Exceptions" button next to the line "Warn me when sites try to install add-ons". A window with title "Allowed Sites - Add-ons Installation" pops up, with <a href="https://addons.mozilla.org>[/geshifilter-code" rel="nofollow">https://addons.mozilla.org>[/geshifilter-code</a>] and [geshifilter-code]<a href="https://testpilot.firefox.com[/geshifilter-code" rel="nofollow">https://testpilot.firefox.com[/geshifilter-code</a>] listed as sites that are allowed to install add-ons.  Clicking "Remove all Sites" and "Save Changes" removes the entries only for the current session - the sites are whitelisted again after the next browser start!  Apparently, there is no [geshifilter-code]about:config preference controlling the whitelist.

Thanks. That behavior might be due to Tor Browser being in Private Browsing Mode (PBM) and your choice is not saved to disk. Does that change if you get out of PBM on about:preferences#privacy?

That said I guess there is no reason to allow testpilot.firefox.com to be on the whitelist in the first place? I've opened https://trac.torproject.org/projects/tor/ticket/24655. However, we do get NoScript updates via addons.mozilla.org, thus it seems to me we can't remove this by default.

December 14, 2017

Permalink

More and more of the places I connect to use the Fortinet Firewall and webfiltering services. Some even block getting to the Tor Project website, but most prevent the Tor Browser from connecting to the Internet. I have tried the various bridges and still getting blocked.

any tricks?

December 14, 2017

Permalink

old problem back again. Since installing the update to 7.0.10 I am getting an error on some sites 'cannot establish a secure connection as your computer clock is incorrect'. I remember a year or so ago that I was getting that error message. My computer clock is correct so what is it that TOR wants?

December 14, 2017

Permalink

I noticed that the first jump node is static. No matter how many times I request new tor circuits the IP address for the first jump does not change. What gives? Seems to me that this is a security issue since that node can easily be compromised if it predictably stays the same for a given user.

December 14, 2017

Permalink

Just updated Tor browser and now the first jump IP address is static. It will not change no matter how many times I request new identity or request new tor circuits. This seems to be a serious security flaw that allows predictability to occur. If my connections always go through the same node, that node can be compromised and information obtained.

December 14, 2017

Permalink

Is it correct that the Tor Browser bundle 7.0.11 for Windows x32 is signed with the key
RSA 0xC3C07136?
If so why is it not signed with the more trusted Tor Browser Developers signing key 0x93298290?

December 14, 2017

Permalink

What ever you changed, it is not working properly. Tor starts up and states it is not properly configured on your own website more then half the time it starts up. The tor relays on first jump are now fixed and stay the same no matter how many times you request a change in circuits. It seems to me this is unsafe in it's current form. It is not just my computer. I've tried 7.0.10 on various computers with no issues. Of course you force update your newest version despite me not wanting to update to the new version. You guys are not making TBB user friendly or safe by default. Starting to wonder if you are truly interested in safety/security for your users.

The guard nodes are indeed fixed and this is a security feature. You might want to read up on that: https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/S…. And, no, we are not force-updating anyone. You can disable the auto-update. Could you explain what you mean with "Tor starts up and states it is not properly configured"? What are you doing and what is happening?

December 14, 2017

Permalink

Since version 7.07, I have complained that my Zonealarm firewall reports that Tor Browser is trying to access explorer.exe. This suspicious behavior continues in version 7.11.

This is a behavior I did not notice before version 7.07.

When Tor Browser starts up, I get one warning from ZoneAlarm, and deny permission. Then it immediately does it again, and I deny it permission again. I select the check box for the denial of permission to be remembered, but ZoneAlarm never remembers the denial.

I have downloaded and re-installed multiple times, and have verified the downloads with both sha256checksum and gpg.

Will there ever be any explanation of this suspicious behavior?

December 15, 2017

In reply to gk

Permalink

As stated, I believe it started in version 7.07
I know it has continued in every version since, even with multiple clean installs.

I am running it in Windows 7 Pro, 64-bit with the ZoneAlarm firewall.

Seems like, aside from the two access attempts at startup that always occur, it also does it when I begin to type something into the address bar. Make me wonder if there is some kind of key logging activity going on.

Should Tor Browser be accessing explorer.exe at all?

Could you find out the exact version following the link I gave you above? Otherwise it is hard for us to work on a fix for your issue (assuming it's possible for us at all).

Not sure about accessing explorer.exe. I'd say Tor Browser has not business accessing it but without understanding what is going on it's hard to tell.

December 14, 2017

Permalink

HELLO, BEEN A WHILE, GLAD TO SEE THERE ARE STILL SOME CHALLENGES , like my caps lock getting stuck, thank you all for putting tor together, I'm to much a novice to accomplish such a thing, Merry Christmas everyone.

December 15, 2017

Permalink

Whle using the web site https://ipleak.net/ I noticed that torbrowser fails to connect to the web site quite a lot. the web site is rarely able to identify the Torbrowser DNS servers does this sound normal?

December 15, 2017

Permalink

TorBrowser\Browser\AccessibleMarshall.dll gets auto blocked and flagged as potentially harmful file by F-Secure SAFE anti virus. This is the first version it has flagged it.

December 15, 2017

Permalink

Using linux, my browser updated automatically to 7.0.11

Problems:

1: I had turned automatic updates off but the update happened anyway

2: All browser preferences and plugin preferences were reset without any warning, which is highly problematic especially if you are browsing the web falsely thinking scripts are disabled

Also, as mentioned by others here, the NoScript icon jumped to the right side of the window.

When did you turn automatic updates off? And how did you do that? As to the preferences reset: Tor Browser is not doing that. It does not touch your profile directory where those preferences are stored (with the exception of extension updates). How did you install Tor Browser on your computer?

December 18, 2017

In reply to gk

Permalink

I installed Tor Browser by downloading and extracting the tarball from the tor project site. The signature was valid. I turned off automatic updates weeks ago via the update tab in about:preferences (and if I then go to about:config I can see that app.update.auto is set to false).

I dug around and found the file "last-update.log" which tells me a replace request was performed. The entire "Browser" directory appears to have been replaced. Is this normal?

December 17, 2017

Permalink

Worst version for years, full of glitches which admin are either not giving complete replies to or they are not even posting some peoples replies. I have nearly all the problems reported in this list and 103+ messages shows there are real problems.

Got a friend who also says he posted and it did not show up. Which department of the NSA wrote the code for this version?.

December 17, 2017

Permalink

hello im on Firefox tor says everything is safe now ,so can brows like hidden wiki with my id info and location safely,newbee

December 20, 2017

Permalink

Torbutton showed one relay in the circuit as "Unknown country (IP unknown)".
Is it possible to block these in torrc?

December 23, 2017

Permalink

For what it's worth, TB 7.0.11 is working fine for me on a laptop and a PC. (I downloaded and verified the tarball, so I didn't experience an auto-update, which may partially explain my happier experience that some users report.)

December 26, 2017

Permalink

Tor Browser 7.0.11, windows
any time using Twitter, after loading the page, it reloads the page in the mobile version.

December 26, 2017

Permalink

when you un script block this site, it says it is offline. Never seen this behavior before in any browser.

December 27, 2017

Permalink

Can another track you, if you visit an adult site? What do they used this information for? Can anyone help/. I'm not going to lie, I have visit a site or 2. I have looked in. lollll, I don't want it to mess up my career.

December 30, 2017

Permalink

I can't use twitter at all. I've got "allow scripts globally" enabled and all objects unblocked, but none of the buttons work: Tweet, Retweet, Like, Edit Profile, arrows for drop-down menus etc etc. I click and they get highlighted but nothing happens.

January 01, 2018

Permalink

متصفح موزيلا سيئ جدا وبطيئ والكثير من الاضافات لاتعمل به او غير متوفرة يرجى التغيير الى متصفح اخر يكون اسرع

Yes, but it seems Tor Browser does not know the authority that signed the certificate and is throwing the error for that reason. I hope Mozilla fixes this in one of the upcoming Firefox versions as a regular Firefox 52 is affected, too.

January 03, 2018

Permalink

Tried to donate but kept getting error stating my card (mastercard) was declined and this should not be so as the card is in completely good standing...must be on your side...please fix and i will try again. Let me know. Thanks

January 04, 2018

Permalink

Meltdown and Spectre
i would like to read an official announcement.
is tbb affected? any security advisories? javascript?

We think we are not in a bad shape (as in: we don't need to do an urgent security release) as we are a) on Firefox 52 ESR which does not have SharedArrayBuffers available and b) as we have reduced various timing sources to 100ms in the past to make it harder for any timing side-channel attack to succeed. Work remains to be done, though.

Mozilla has an official announcement which is worth reading: https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-cl…

January 10, 2018

Permalink

When you use a new identity, noscript continues to allow scripts that were temporarily enabled using the old identity (but the user interface incorrectly shows that these scripts are blocked)!

I conclude that there is some information retained across identities and the profile is not properly reset though I don't know if this is specific only to noscript or also extends to other areas of the browser.