Tor Browser 7.5 is released

The Tor Browser Team is proud to announce the first stable release in the 7.5 series. This release is available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Apart from the usual Firefox security updates it contains some notable improvements compared to the 7.0 series. Here are the highlights:

  1. We redesigned parts of the Tor Browser user interface. One of the major improvements for our users is our new Tor Launcher experience. This work is based on the findings published at 'A Usability Evaluation of Tor Launcher', a paper done by Linda Lee et al. At our work we iterated on the redesign proposed by the research, improving it even further. Here are the main changes we would like to highlight:

    Welcome Screen

    Our old screen had way too much information for the users, leading many of them to spend great time confused about what to do. Some users at the paper experiment spent up to 40min confused about what they needed to be doing here. Besides simplifying the screen and the message, to make it easier for the user to know if they need to configure anything or not, we also did a 'brand refresh' bringing our logo to the launcher.

    Censorship circumvention configuration

    This is one of the most important steps for a user who is trying to connect to Tor while their network is censoring Tor. We also worked really hard to make sure the UI text would make it easy for the user to understand what a bridge is for and how to configure to use one. Another update was a little tip we added at the drop-down menu (as you can see below) for which bridge to use in countries that have very sophisticated censorship methods.

    Proxy help information

    The proxy settings at our Tor Launcher configuration wizard is an important feature for users who are under a network that demands such configuration. But it can also lead to a lot of confusion if the user has no idea what a proxy is. Since it is a very important feature for users, we decided to keep it in the main configuration screen and introduced a help prompt with an explanation of when someone would need such configuration.

    As part of our work with the UX team, we will also be coordinating user testing of this new UI to continue iterating and make sure we are always improving our users' experience. We are also planning a series of improvements not only for the Tor Launcher flow but for the whole browser experience (once you are connected to Tor) including a new user onboarding flow. And last but not least we are streamlining both our mobile and desktop experience: Tor Browser 7.5 adapted the security slider design we did for mobile bringing the improved user experience to the desktop as well.

  2. We ship the first release in Tor's 0.3.2 series, 0.3.2.9. This release includes support for the Next Generation of Onion Services.
  3. On the security side we enabled content sandboxing on Windows and fixed remaining issues on Linux that prevented printing to file from working properly. Additionally, we improved the compiler hardening on macOS and fixed holes in the W^X mitigation on Windows.
  4. We finally moved away from Gitian/tor-browser-bundle as the base of our reproducible builds environment. Over the past weeks and months rbm/tor-browser-build got developed making it much easier to reproduce Tor Browser builds and to add reproducible builds for new platforms and architectures. This will allow us to ship 64bit bundles for Windows (currently in the alpha series available) and bundles for Android at the same day as the release for the current platforms/architectures is getting out.

The full changelog since Tor Browser 7.0.11 is:

  • All Platforms
    • Update Firefox to 52.6.0esr
    • Update Tor to 0.3.2.9
    • Update OpenSSL to 1.0.2n
    • Update Torbutton to 1.9.8.5
      • Bug 21847: Update copy for security slider
      • Bug 21245: Add da translation to Torbutton and keep track of it
      • Bug 24702: Remove Mozilla text from banner
      • Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
      • Translations update
    • Update Tor Launcher to 0.2.14.3
      • Bug 23262: Implement integrated progress bar
      • Bug 23261: implement configuration portion of new Tor Launcher UI
      • Bug 24623: Revise "country that censors Tor" text
      • Bug 24624: tbb-logo.svg may cause network access
      • Bug 23240: Retrieve current bootstrap progress before showing progress bar
      • Bug 24428: Bootstrap error message sometimes lost
      • Bug 22232: Add README on use of bootstrap status messages
      • Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
      • Translations update
    • Update HTTPS Everywhere to 2018.1.11
    • Update NoScript to 5.1.8.3
    • Bug 23104: CSS line-height reveals the platform Tor Browser is running on
    • Bug 24398: Plugin-container process exhausts memory
    • Bug 22501: Requests via javascript: violate FPI
    • Bug 24756: Add noisebridge01 obfs4 bridge configuration
  • Windows
  • OS X
    • Bug 24566: Avoid white flashes when opening dialogs in Tor Browser
    • Bug 23025: Add some hardening flags to macOS build
  • Linux
    • Bug 23970: Make "Print to File" work with sandboxing enabled
    • Bug 23016: "Print to File" is broken on some non-english Linux systems
    • Bug 10089: Set middlemouse.contentLoadURL to false by default
    • Bug 18101: Suppress upload file dialog proxy bypass (linux part)
  • Android
  • Build System
    • All Platforms
      • Switch from gitian/tor-browser-bundle to rbm/tor-browser-build
    • Windows
    • Linux
      • Bug 20929: Bump GCC version to 5.4.0
      • Bug 23892: Include Firefox and Tor debug files in final build directory
      • Bug 24842: include libasan.so.2 and libubsan.so.0 in debug builds
Anonymous

January 25, 2018

Permalink

Am I missing something, I thought torbrowser 7.5 was meant to allow me to visit onion v3 links?
"Problem loading" on every v3 site I try.

Okay, then you could try to change the extensions-overrides.js file before you start. You can find it in your Tor Browser directory in Browser\TorBrowser\Data\Browser\profile.default\preferences. Open it with notepad or some other editor and add at the end of the file pref("browser.tabs.remote.autostart.2", false);. Save and restart.

Anonymous

January 26, 2018

Permalink

oh nice, even thought my network is only 10KB/s, i still using Tor, because the chinese police is fucking my network and spying on it.

Anonymous

January 26, 2018

Permalink

Both updates this month failed!! They would neither restart nor therefore work tor. The earlier one to version 7.0.11 was such a hassle redownloading and finally restoring tor on my own, after the same thing happened trying the 7.5 update today, 1/2017, I just reloaded 7.0.11 and await tor, or mozilla, or whoever is going to disable it until it thus stops working (i hope that is not soon). Unhappy.

Which operating system are you on? Could you enable update logging and report back which error you are seeing? Set app.update.log to true and then open the browser console with Ctrl+Shift+J when downloading/installing the update. You should see debug output there.

Anonymous

January 26, 2018

Permalink

Torbrowser failed restart after download of 7.5

  1. <br />
  2. Jan 27 08:47:33.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.<br />
  3. Jan 27 08:47:33.000 [notice] Bootstrapped 100%: Done<br />
  4. Jan 27 08:47:34.000 [notice] New control connection opened from 127.0.0.1.<br />
  5. Jan 27 08:47:34.000 [notice] New control connection opened from 127.0.0.1.<br />
  6. Unable to update the static FcBlanks: 0x0600<br />
  7. Unable to update the static FcBlanks: 0x0601<br />
  8. Unable to update the static FcBlanks: 0x0602<br />
  9. Unable to update the static FcBlanks: 0x0603<br />
  10. Unable to update the static FcBlanks: 0x06dd<br />
  11. Unable to update the static FcBlanks: 0x070f<br />
  12. Unable to update the static FcBlanks: 0x2028<br />
  13. Unable to update the static FcBlanks: 0x2029<br />
  14. Unable to update the static FcBlanks: 0xfff9<br />
  15. Unable to update the static FcBlanks: 0xfffa<br />
  16. Unable to update the static FcBlanks: 0xfffb<br />
  17. Illegal AddressMatcher: [xpconnect wrapped nsIPrefBranch] -- TypeError: s.split is not a function<br />
  18. Illegal AddressMatcher: [xpconnect wrapped nsIPrefBranch] -- TypeError: s.split is not a function<br />
  19. Jan 27 08:48:18.000 [notice] Owning controller connection has closed -- exiting now.<br />
  20. Jan 27 08:48:18.000 [notice] Catching signal TERM, exiting cleanly.</p>
  21. <p>(firefox:27617): GLib-ERROR **: creating thread 'gdbus': Error creating thread: Resurssi ei tilapäisesti ole käytettävissä<br />
  22. /home/hurtta/bin/torbrowser: rivi 368: 27617 Jäljitys/katkaisupisteansa (luotiin core-tiedosto) TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" -profile TorBrowser/Data/Browser/profile.default "${@}" < /dev/null<br />
  23. hurtta:~$<br />

Starting it again worked

  1. <br />
  2. hurtta:~$ torbrowser --verbose<br />
  3. Unable to update the static FcBlanks: 0x0600<br />
  4. Unable to update the static FcBlanks: 0x0601<br />
  5. Unable to update the static FcBlanks: 0x0602<br />
  6. Unable to update the static FcBlanks: 0x0603<br />
  7. Unable to update the static FcBlanks: 0x06dd<br />
  8. Unable to update the static FcBlanks: 0x070f<br />
  9. Unable to update the static FcBlanks: 0x2028<br />
  10. Unable to update the static FcBlanks: 0x2029<br />
  11. Unable to update the static FcBlanks: 0xfff9<br />
  12. Unable to update the static FcBlanks: 0xfffa<br />
  13. Unable to update the static FcBlanks: 0xfffb<br />
  14. 1517035791500 addons.webextension.<unknown> WARN Loading extension 'null': Reading manifest: Error processing permissions.1: Unknown permission "privacy"<br />
  15. 1517035791500 addons.webextension.<unknown> WARN Loading extension 'null': Reading manifest: Error processing permissions.4: Unknown permission "unlimitedStorage"<br />
  16. 1517035791600 addons.webextension.<unknown> WARN Loading extension 'null': Reading manifest: Error processing devtools_page: An unexpected property was found in the WebExtension manifest.<br />
  17. Jan 27 08:49:52.142 [notice] Tor 0.3.2.9 running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.2n, Zlib 1.2.8, Liblzma N/A, and Libzstd N/A.<br />
  18. Jan 27 08:49:52.142 [notice] Tor can't help you if you use it wrong! Learn how to be safe at <a href="https://www.torproject.org/download/download#warning
  19. Jan" rel="nofollow">https://www.torproject.org/download/download#warning<br />
  20. Jan</a> 27 08:49:52.143 [notice] Read configuration file "/home/hurtta/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc-defaults".<br />
  21. Jan 27 08:49:52.143 [notice] Read configuration file "/home/hurtta/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc".<br />
  22. Jan 27 08:49:52.145 [notice] Scheduler type KIST has been enabled.<br />
  23. Jan 27 08:49:52.145 [notice] Opening Socks listener on 127.0.0.1:9150<br />
  24. Jan 27 08:49:52.145 [notice] Opening Control listener on 127.0.0.1:9151<br />
  25. Jan 27 08:49:52.000 [notice] Parsing GEOIP IPv4 file /home/hurtta/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Tor/geoip.<br />
  26. 1517035792100 addons.webextension.{73a6fe31-595d-460b-a920-fcc0f8843232} WARN Loading extension '{73a6fe31-595d-460b-a920-fcc0f8843232}': Reading manifest: Error processing permissions.1: Unknown permission "privacy"<br />
  27. 1517035792100 addons.webextension.{73a6fe31-595d-460b-a920-fcc0f8843232} WARN Loading extension '{73a6fe31-595d-460b-a920-fcc0f8843232}': Reading manifest: Error processing permissions.4: Unknown permission "unlimitedStorage"<br />
  28. Jan 27 08:49:52.000 [notice] Parsing GEOIP IPv6 file /home/hurtta/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Tor/geoip6.<br />
  29. Jan 27 08:49:52.000 [notice] Bootstrapped 0%: Starting<br />
  30. Jan 27 08:49:52.000 [notice] Starting with guard context "default"<br />
  31. Jan 27 08:49:52.000 [notice] Bootstrapped 45%: Asking for relay descriptors<br />
  32. Jan 27 08:49:52.000 [notice] New control connection opened from 127.0.0.1.<br />
  33. Jan 27 08:49:52.000 [notice] New control connection opened from 127.0.0.1.<br />
  34. 1517035792800 <a href="mailto:addons.webextension.https-everywhere-eff@eff.org" rel="nofollow">addons.webextension.https-everywhere-eff@eff.org</a> WARN Loading extension '<a href="mailto:https-everywhere-eff@eff.org" rel="nofollow">https-everywhere-eff@eff.org</a>': Reading manifest: Error processing devtools_page: An unexpected property was found in the WebExtension manifest.<br />
  35. 1517035792800 <a href="mailto:addons.webextension.https-everywhere-eff@eff.org" rel="nofollow">addons.webextension.https-everywhere-eff@eff.org</a> WARN Please specify whether you want browser_style or not in your browser_action options.<br />
  36. Illegal AddressMatcher: [xpconnect wrapped nsIPrefBranch] -- TypeError: s.split is not a function<br />
  37. Illegal AddressMatcher: [xpconnect wrapped nsIPrefBranch] -- TypeError: s.split is not a function<br />
  38. Jan 27 08:49:53.000 [notice] Bootstrapped 52%: Loading relay descriptors<br />

( Preview seems not work on comment ... )

Anonymous

January 27, 2018

Permalink

My opinion. Just keep Torbrowser 7.0.11. Disable automatic updates and even alerts to update (though not all possible). Install Torbrowser 7.5 somewhere else as Torbrowser2, in a portable way. Use the one that works. My opinion, 7.5 is full of unsolved problems and new incompatibilities.

I'm autoquote myself. I've changed several first node (blacklisting the IPs on my firewall) and now v3 sites work fine. But there are some general problems with v3 sites because they go up/down frequently.
BTW, 7.5 works good with the normal .onion sites and the rest of the web.

Anonymous

January 28, 2018

Permalink

It is written on the download page :
Tor Browser
Version 7.5 (2018-01-23) - Windows 10, 8, 7, Vista, and XP

This is FALSE. Torbrowser 7.5 is completly incompatible with Vista x64 !!! Both, Firexof part and the Tor part DO NOT work on Vista 64.
Tried on several computers. This is simply put "not working".
You need to go back to Torbrowser 7.0.11 and configure it before anything to stay away from automated updates.
If you got in the menu, your links tranfered, you need to save them from Torbrowser 7.5 before deleting Torbrowser and restore them in 7.0.11.
Take care not to update to 7.5 if it was not automated, before this major bug, if this is one, is repaired.

You could help us debug that and try to find a fix for your problem. So, you said the Tor part is not working either on Vista 64bit. Could you download the expert bundle (32bit), extract it and run it on your machine? (The link to the file is: https://archive.torproject.org/tor-package-archive/torbrowser/7.5/tor-w… and to the signature: https://archive.torproject.org/tor-package-archive/torbrowser/7.5/tor-w…) What error are you getting?

Anonymous

January 28, 2018

Permalink

I am very glad to see TP using some thoughtful advice from a researcher who has studied usability issues!

However, I am concerned that your work in trying to improve usability (which is a good idea in general) will be rather quickly "buried" if TP neglects the needed follow up:

o reorganize the website so that the most up-to-date and most useful (to newbies) data is easy to find; for example

+ the nice "videos" [animated images] above showing how to use the new interface,
+ "follow these simple steps" tutorials on verifying the detached signature of the tarball,
+ EFF's diagram of the onion concept (a Snowden leak shows NSA teaches bad guys using it; why shouldn't we teach the world using it?),
+ links to EFF's "Surveillance Self-defense", ACLU's "They are Watching" sites, Riseup

(examples of information *not* useful to newbies would include the original Tor design specification and outdated technical information now of interest primarily to historians of technology not to newcomers to the Tor community),

o list of key people and Tor Board must be kept up to date and easy to find,

o statement of principles must be kept up to date and easy to find (in particular, keep trying to make "no backdoors ever" less ambiguous and easier to understand, perhaps by saying the same thing five different ways and by defining all terms e.g. [software application level] "backdoor"),

o list of Tor products and their status (mature, beta) must be easy to find and kept up to date,

o to help at risk people (e.g. soda tax advocates, bloggers, journalists) better understand the technical attacks they might reasonably expect to confront in the months and years ahead, I think the following should also be easy to find in TP's website:
+ link to EFF's collection (not up to date alas) of published Snowden leaks,
+ in particular, to GCHQ/NSA attacks on Tor circa 2012,
+ link to Micah Lee's encryption for activists tutorial,
+ link to WP "Top Secret America", The Intercept "Cell Spies", Wikileaks "Spy Files" sites,
+ link to Citizen Lab site (e.g. reports on Ethiopian government cyberattacks on USPERS),
+ links to best nontechnical explanations of Shellshock, Krack, Meltdown, Spectre flaws,

o institute a regular Friday post in this blog allowing users to "ask us anything", or make suggestions in the comments; sure it will be a pain to keep out spambot comments from such a regular posting, but such an institution will surely be useful and reassuring to newbie Tor users and non-US Tor users in particular, if they see a genuine question being answered promptly and authoritatively; many newbie questions are best answered by citing a link or two and currently these are too hard to find if for security reasons you don't keep them in browser bookmarks (see above for a better way to keep the most quotable links handy)

o ask Tails people to check the blog for questions about Tails; Tails Project is listed as partner of Tor Project so it is confusing and off-putting when some comment in the blog here angrily suggests that Tails questions don't belong here; of course they do; the purpose of this blog is or ought to be to offer helpful information to the Tor community--- including not only node operators, other volunteers and "power users", but also "ordinary users", especially newbies!

o in short, look over your entire website and outreach activities, and ask a hard question about everything you see: does this enhance our *current* drives to persuade/enable more ordinary people all over the world to use Tor (wisely) every day?

> Meltdown, Spectre flaws

While using Tails 3.5 (running on a laptop which uses an Intel chip) to comment in this blog, I am definitely seeing the unfortunate effects of the patch against Meltdown! This is interesting because although I upgraded Tails as soon as 3.4 and 3.5 became available, this is the first time I've definitely seen the slowdown due to preventing the problematic speculative execution.

Needless so say, as one journalist wrote, the needs of security must always come before matters of convenience, so I am happy to cope with changes.

We have a UX mailing list (https://lists.torproject.org/cgi-bin/mailman/listinfo/ux) and regular UX team meetings on IRC (https://trac.torproject.org/projects/tor/wiki/org/teams/UxTeam) Feel free to subscribe and contribute, and welcome to the meetings!

If you want to start working right away on branding issues in Tor Browser for instance, have a look at our bug tracker: https://trac.torproject.org/projects/tor/query?status=!closed&keywords=….

Anonymous

January 28, 2018

Permalink

Since I use 7.5 I see in my task manager constantly something being uploaded and downloaded. This was never before. What's that about?
And everytime I delete history in Tor, after logging in and out somwhere with my email, and refresh de page I see my email already filled in the box. How is that possible?

Anonymous

January 28, 2018

Permalink

Already reported on TBB 7.0 series, see https://blog.torproject.org/comment/273040#comment-273040

TBB ships with several sites allowed by default to install add-ons.
Even after they are removed, they are re-allowed upon restart.

This HUGE security hole still exists in TBB 7.5.

The excuse that they can't remove them because they get NoScript updates via those sites
is bull@#$%. The commenter was exactly correct who said that starting from firefox is a
bad idea for security. Better to start from scratch.

Anonymous

January 29, 2018

Permalink

Tor for Windows works perfectly but Tor for Linux does not.A strange
situation in the sphere of anonymity and security. :)

> Tor for Windows works perfectly but Tor for Linux does not.

This is a very sweeping and ambiguously stated claim made without any evidence whatever.

You claim "Tor for Linux" does not work perfectly. Do you mean Tor Browser 7.5 for 64 bit Linux? Did you download the tarball from torproject.org and verify the detached signature before installing it on your 64 bit computer running some Linux distribution?

For all we know at this point, you tried to install 64-bit Tor Browser on an old 32-bit laptop, for example.

I am just an ordinary Tor user, not affiliated with Tor Project, but I've see enough comments to know that the more detail you can provide, the better, assuming you actually want TP to help you fix a genuine problem.

> A strange situation in the sphere of anonymity and security. :)

The Tor community is under constant assault, ranging from technical attacks (e.g. from Carnegie-Mellon nasties) to state-sponsored disinformation/suasion campaigns (e.g. those documented a few years ago in this blog).

Tor Project has very few paid employees and runs mostly on volunteer labor.

Given the forces arrayed against the Tor community, I feel we deserve a great deal of credit for having proven (so far) much harder to kill off than some of the nastiest governments on Earth wish.

Anonymous

January 29, 2018

Permalink

I wanted to watch a new story video in Australia that only plays to Australia, so I set exitnodes to Australia's country code (AU). This worked and Tor is exiting in Australia. I went to the news web page and it saw me from Australia and drew the page. But when I go to play the video it fails and says I am from the wrong country.

How is it the video was able to determine my real IP address? Is this an HTML5 thing, and I thought by default Tor prevented videos from obtaining your real IP? I am confused.

How do I configure Tor 7.5 to not give up my real IP to a video stream?

My guess: when your Tor Browser requested the page it used an exit server in AU, so the remote server gave you the exit server the page and it passed back down the circuit to you. But when your Tor Browser requested the video, owing to the vagaries of CDN networks, that was on a different server using a different URL domain and Tor created a new circuit for the second connection, for which the exit server was not in AU.

> I set exitnodes to Australia's country code (AU).

Or maybe my guess is wrong!

Tails may be safer for you, because Tails does better at avoiding leakages of your real IP.

Anonymous

January 29, 2018

Permalink

Hi there,

An error occured when I was trying to verify the signautre of tor browser 7.5 using GPG4WIN, plz see below:

gpg: requesting key 93298290 from hkp server pool.sks-keyservers.net
gpg: no valid OpenGpg data found
gpg: total number processed: 0
gpg: keyserver communications error : keyserver helper internal error
gpg: keyserver communications error: General error

Could you help me to see what is the problem?

Many thanks in advance!

Anonymous

February 02, 2018

In reply to by ABC (not verified)

Permalink

Sounds like it might not be listed in that keyserver, or something else went wrong on the server.

That key (the TBB signing key) has been around for a long time so it should have propagated to that keyserver. I checked and it is in pgp.mit.edu. Try downloading it there. Search for
"0x93298290"

My guess is this is due to something innocuous, but you certainly shouldn't install the new TBB until you can verify the detached signature.

What do you mean with "after opening". Do you see a browser windows that is crashing then? Or does this mean right after you are double-clicking on the link to start Tor Browser? Do you see any error message?

EDIT:

Oh, and does this happen with a newly installed Tor Browser as well?

It starts normally,it works for a few seconds and then i get either "windows closed the application" or "the tab has crashed",and everything after that crashes immediately.
Uninstalled it,made a clean install,previously was updated from earlier editions,it seems to work fine now.
Thank you!

Anonymous

February 02, 2018

Permalink

I am getting very many
"Your connection is not secure"
and similar. In fact my tor is almost useless. What to do? Its been happening before 7.5 too.

Anonymous

February 03, 2018

Permalink

I cannot use obfs4 built-in bridge after upgrade TorBrowser from 7.01 to 7.5 (windows + linux), WHY ? please help !

Join the discussion...

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

4 + 5 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.