Tor Browser 7.5 is released

The Tor Browser Team is proud to announce the first stable release in the 7.5 series. This release is available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Apart from the usual Firefox security updates it contains some notable improvements compared to the 7.0 series. Here are the highlights:

  1. We redesigned parts of the Tor Browser user interface. One of the major improvements for our users is our new Tor Launcher experience. This work is based on the findings published at 'A Usability Evaluation of Tor Launcher', a paper done by Linda Lee et al. At our work we iterated on the redesign proposed by the research, improving it even further. Here are the main changes we would like to highlight:

    Welcome Screen

    Our old screen had way too much information for the users, leading many of them to spend great time confused about what to do. Some users at the paper experiment spent up to 40min confused about what they needed to be doing here. Besides simplifying the screen and the message, to make it easier for the user to know if they need to configure anything or not, we also did a 'brand refresh' bringing our logo to the launcher.

    Censorship circumvention configuration

    This is one of the most important steps for a user who is trying to connect to Tor while their network is censoring Tor. We also worked really hard to make sure the UI text would make it easy for the user to understand what a bridge is for and how to configure to use one. Another update was a little tip we added at the drop-down menu (as you can see below) for which bridge to use in countries that have very sophisticated censorship methods.

    Proxy help information

    The proxy settings at our Tor Launcher configuration wizard is an important feature for users who are under a network that demands such configuration. But it can also lead to a lot of confusion if the user has no idea what a proxy is. Since it is a very important feature for users, we decided to keep it in the main configuration screen and introduced a help prompt with an explanation of when someone would need such configuration.

    As part of our work with the UX team, we will also be coordinating user testing of this new UI to continue iterating and make sure we are always improving our users' experience. We are also planning a series of improvements not only for the Tor Launcher flow but for the whole browser experience (once you are connected to Tor) including a new user onboarding flow. And last but not least we are streamlining both our mobile and desktop experience: Tor Browser 7.5 adapted the security slider design we did for mobile bringing the improved user experience to the desktop as well.

  2. We ship the first release in Tor's 0.3.2 series, 0.3.2.9. This release includes support for the Next Generation of Onion Services.
  3. On the security side we enabled content sandboxing on Windows and fixed remaining issues on Linux that prevented printing to file from working properly. Additionally, we improved the compiler hardening on macOS and fixed holes in the W^X mitigation on Windows.
  4. We finally moved away from Gitian/tor-browser-bundle as the base of our reproducible builds environment. Over the past weeks and months rbm/tor-browser-build got developed making it much easier to reproduce Tor Browser builds and to add reproducible builds for new platforms and architectures. This will allow us to ship 64bit bundles for Windows (currently in the alpha series available) and bundles for Android at the same day as the release for the current platforms/architectures is getting out.

The full changelog since Tor Browser 7.0.11 is:

  • All Platforms
    • Update Firefox to 52.6.0esr
    • Update Tor to 0.3.2.9
    • Update OpenSSL to 1.0.2n
    • Update Torbutton to 1.9.8.5
      • Bug 21847: Update copy for security slider
      • Bug 21245: Add da translation to Torbutton and keep track of it
      • Bug 24702: Remove Mozilla text from banner
      • Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
      • Translations update
    • Update Tor Launcher to 0.2.14.3
      • Bug 23262: Implement integrated progress bar
      • Bug 23261: implement configuration portion of new Tor Launcher UI
      • Bug 24623: Revise "country that censors Tor" text
      • Bug 24624: tbb-logo.svg may cause network access
      • Bug 23240: Retrieve current bootstrap progress before showing progress bar
      • Bug 24428: Bootstrap error message sometimes lost
      • Bug 22232: Add README on use of bootstrap status messages
      • Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
      • Translations update
    • Update HTTPS Everywhere to 2018.1.11
    • Update NoScript to 5.1.8.3
    • Bug 23104: CSS line-height reveals the platform Tor Browser is running on
    • Bug 24398: Plugin-container process exhausts memory
    • Bug 22501: Requests via javascript: violate FPI
    • Bug 24756: Add noisebridge01 obfs4 bridge configuration
  • Windows
  • OS X
    • Bug 24566: Avoid white flashes when opening dialogs in Tor Browser
    • Bug 23025: Add some hardening flags to macOS build
  • Linux
    • Bug 23970: Make "Print to File" work with sandboxing enabled
    • Bug 23016: "Print to File" is broken on some non-english Linux systems
    • Bug 10089: Set middlemouse.contentLoadURL to false by default
    • Bug 18101: Suppress upload file dialog proxy bypass (linux part)
  • Android
  • Build System
    • All Platforms
      • Switch from gitian/tor-browser-bundle to rbm/tor-browser-build
    • Windows
    • Linux
      • Bug 20929: Bump GCC version to 5.4.0
      • Bug 23892: Include Firefox and Tor debug files in final build directory
      • Bug 24842: include libasan.so.2 and libubsan.so.0 in debug builds
Anonymous

January 23, 2018

Permalink

WOOOOOOOOOOHOOOOOOO SNOWFLAKE COMES TO Tor Browser Stable BUILDS FINALLY (for Linux and Mac) :D :D

To run a Snowflake bridge:

  1. go to your browser (obviously won't work with Tor Browser or browsers who disable WebRTC)
  2. Open https://keroserene.net/snowflake/options.html and click the Yes button to opt in to being a proxy.
  3. Go to https://keroserene.net/snowflake/snowflake.html (IMPORTANT: this is the page that you should always have open to be a Snowflake bridge.)

I'm not sure when the Snowflake addon will be available but it will make running a Snowflake bridge so much easier!

Not that ridiculous as long you have any basic perception on internetsecurity issues that are going on in this world.
Simple reading about basic security and the misfit of webrtc technology (and iframes, javascripts and flash as well).

"Uncovering 2017’s Largest Malvertising Operation"
https://blog.confiant.com/uncovering-2017s-largest-malvertising-operati…?

Enabling Webrtc in Torbrowser (or actually any browser) and allowing iframes as well is just a kind of bizarre view on privacy and security because this technology 'talks too much!' and both are also a security risk you should not allow.

Just some simple reading, no professor techtalks about architectures, that's all it takes to get both feet on the ground again.

Malvertising is the example for the misusage of techniques.
Fingerprinting (allowing webgl also) needs you to allow javascripts and webgl, or webrtc and iframes makes phishing techniques more possible.
Why? Moste people do not have any clue what is happening on many websites and who they are connecting to besides the domain they see in the url bar.
But, it is not the criminals we are afariad for here right? This website, Torproject is mainly about other people that are a threat to innocent people. And these people just use the same techniques criminals are using and vice versa.
So, tell me, why is it a good idea to just cooperate in advance with the people that are threatening you by making your defence ultimate weak by allowing javascripts, wengl, iframes and audio video tecnique that can reveal your identity?
And that is what someone make a litlle dance of joy for, a mindset of people lowering their torbrowser settings itstead of seeting hat security in its highest modus and forbid those iframes.
No iframes and no javascripts is less attack surface, but yes indeed it has the downside for the social media addictive, you do not see your favorite twitter or instagram images right away.
Another side o this topic, bandwith, I would be curious what would happen with Tortraffic if everybody that uses torbrowser was just blocking iframes for one day.
Would it drop by 5 times or more?
Our addiction (or yours) tot social media is already a big threat to the world, do not make it more worse by forcing people tot allow more usage of javascript, webgl, iframes and this webrtc profiling sjt.
The best browser is a clean browser and it seems already an enormous challenge for torproject (and mozilla users) to be aware of all the new fancy rappy things in every new release and take in out or break again to end up with a clean, safe browser.
Technique is ment to serve people and not to threaten people, when it does both, you shoul strongly consider tot completly avoid that technique or at least as much as possible.
You can do that certainly with iframes, webgl and webrtc, and a lot of times with a lot of javascropt too, just loo at the loading time of many pages and how many domains are passing underneath the browser screen.
The more you block, the faster the loading, the lower bandwith, the safer browsing.
Keep it as simple you can get, because mozilla has shown at least the last 5 years how many trouble you get if you are taking that other direction some people would say the bloatware direction, i would say the unneccesary complicated direction.
Keep that esr version clean!
Put the safety setting higher and don't 'bend as a service' for the people that are a threat to you by lowering your security because of all the easyness and fancy new shiny stuff.

Just wanted to say that I am often frustrated when my comments do not appear, but I always try to bear in mind the point gk just made---which has been pointed out in this blog before, but probably bears more frequent repetition.

Among "cosmetic" changes I'd like to see ASAP are:

o reorganize torproject.org website to present first the most recent and the most useful to the greatest number of Tor users, especially new Tor users,

o regular Friday "ask anything" blog where commentators can worry over potential security flaws, propose new features, etc., and get some feedback from TP,

o refactor the blog to eliminate annoying issues which appear to be related to Javascript, improve rapid posting of thoughtful comments, improve spambot resistance, etc.

o faster TP response to emergencies (IMO the Meltdown/Spectre qualifies as something which would obviously cause considerable concern among well-informed Tor users),

o better communication in other languages (e.g. Spanish).

But I realize that TP has very limited resources and I accept that just now it may be more urgent to direct key Tor people to work on researching the latest technical attacks, fixing bugs, reaching out to the media and to policy makers, etc. etc.

Sometimes we all just need to try to be patient and to save our strength for the biggest current threats.

Just chiming in so forgive me if I missed something, but the simple answer regarding features in single tabs is that Firefox is largely a single-process browser. AFAIK currently there is no strong degree of isolation between tabs. At least that was historically the reason Torbutton never had tab-by-tab modes, it was either on or off for the whole browser. In other words: because technical reasons.

As another commenter mentioned, malvertising isn't really any different from any other use of those features.

Anonymous

January 23, 2018

Permalink

21:30:44.932 browser.ownerGlobal is null 1 ext-utils.js:800
getBrowserId chrome://browser/content/ext-utils.js:800:9
chrome://browser/content/ext-tabs.js:79:26
runSafeSyncWithoutClone resource://gre/modules/ExtensionUtils.jsm:71:14
emit/promises< resource://gre/modules/ExtensionUtils.jsm:384:55
from self-hosted:595:17
emit resource://gre/modules/ExtensionUtils.jsm:383:20
WebRequestEventManager/register/listener chrome://extensions/content/ext-webRequest.js:51:7
runChannelListener resource://gre/modules/WebRequest.jsm:721:24
errorCheck resource://gre/modules/WebRequest.jsm:568:7
observeActivity resource://gre/modules/WebRequest.jsm:536:12

Anonymous

January 24, 2018

In reply to by test (not verified)

Permalink

Half of the us (and many other parts in the world) wished they had an internet connection of 'just' 2 mb a second.
Does it give just two mb with torrent sharing and big downloads, then it could be on purpose.

Anonymous

January 24, 2018

In reply to by test (not verified)

Permalink

> cant find "torrc" file to use this solution for speed up
Please don't do this. The link redirects through multiple ad splash pages, one of them blocks you if you try downloading it over tor, it asks you to install a third-party file without explaining what it does or link you to documentation, all of which are suspicious before you get the file. But then if you overwrite the default tor configuration with this completely unreviewed one, it could make your traffic stand out from other tor users, or it could force your tor traffic through an adversarial node. You have no idea unless you read tor's documentation and understand exactly what configuration the file applies and whether that configuration is safe. Think. You would be overwriting highly-secure privacy software with a file given to you by some random Joe on the internet.

Anonymous

January 24, 2018

In reply to by test (not verified)

Permalink

Get better internet, I have used tor browser on windows 10, and 2 different linux distros and they all worked fine, its you.

> Get better internet,

"Let them eat cake"?

This kind of attitude is self-defeating for the Tor community. We must persuade/help "ordinary people" all around the world to use Tor (wisely). Unkindly suggesting they have only to blame if they live in a region where few alternatives are available when it comes to Internet providers only helps our enemies.

Anonymous

January 25, 2018

In reply to by test (not verified)

Permalink

I've been having a similar problem. Starting roughly the same time all of my systems can only get about 25kbps over Tor. This includes a Qubes desktop on WiFi and an android phone on 4G. Really odd considering everything is different between then, including the ISP. I used to get around 1Mbps. The problem is still going on, and I think it might have something to do with recent versions of Tor, but I don't really know.

Point is I've never gotten anywhere near 2Mbps over Tor before. (And if you're talking 2MB/s and not 2Mbps, that's 8 times more insane.)

Anonymous

January 23, 2018

Permalink

Is there any more information about Tor Browser for Android? Or is all the information just related to Orbot?

We are working on Tor Browser for Android. We have hired two developers a while ago and are preparing the move from Orfox to Tor Browser for Android. We hope to have at least alpha releases up later this year.

Anonymous

January 23, 2018

Permalink

Mozilla has destroyed their browser and you seem to act as if it's no problem. Webextensions fundamentally does not work with a hardened, locked down browser. If you harden in about:config and disable javascript APIs, extensions lose access to these APIs as well, meaning if you need certain security tools to have access to these APIs there is no way unless the browser is fundamentally redesigned to prevent javascript that is run (not that I would recommend running any) by third party sites from also accessing these APIs. Separate javascript contexts must be set up such that specific APIs can be enabled for each extension as necessary, and then the old setup of having as many APIs disabled as possible can be maintained for the 3rd party site context. If someone were being ambitious, a system that intercepted API calls in each of these contexts and listed requested APIs and allowed the user to selectively allow/deny specific calls for the browser session or permanently, etc would be great. However, the chances of anything like that appearing are zero.

Mozilla every day makes their browser more and more dumbed down. I ask both Mozilla and TorProject to please stop the PR and focus on power users, the only users you have left who care about you at all, instead of promoting the incompetent, clueless users which Silicon Valley has managed to churn out worldwide. Perhaps if you focused on power users, we'd have less "regular users"!

Mozilla keeps whitewashing core issues, adding intrusive bloat/spyware and entertaining the ignorant userbase with more nonsense, while in the background they neuter and reduce configurability of their browser often without discussion, and destroy the tiny bit left of their competent userbase. The main thing Firefox had over Chromium was its configurability and ability to be manually yet practically hardened according to a power user's needs, which only Chromium's developers historically reacted to with hostility, but now it would seem that same culture of hostility has infected Mozilla, which alongside their incompetence is a great mix. What a shame. Using the argument of "security" is laughable at best. Yes the old extension systems had core security issues. However, I really don't see how webextensions has really solved this. In fact that it relies on the same javascript engine as third party websites in some ways it has actually reduced security. The main thing that was needed was isolation, removal of bloat, permissions system that controlled API access, etc. Webextensions brings little of value and actually makes the browser more exploitable in certain scenarios.

I hope the TorProject does not let itself be entirely compromised since it relies on Mozilla for a browser, and instead voices these issues, because otherwise frankly TorBrowser will be just as dead as Firefox, which would be a shame.

So please TorProject, avoid the PR and nonsense, focus on securing your browser and making it practical/configurable for power users instead of wasting all your time on a userbase that are already too far gone to save.

Anonymous

January 24, 2018

In reply to by Anonymous (not verified)

Permalink

+1

If you harden in about:config and disable javascript APIs, extensions lose access to these APIs as well
That is not an issue for the Tor Browser Bundle. They maintain a fork of firefox, so there's nothing stopping them from just moving the old XUL code to the browser core itself and shunning add-ons altogether. Nobody should ever be installing any new add-ons or changing any settings anyway, to avoid getting fingerprinted.

> Nobody should ever be installing any new add-ons or changing any settings anyway, to avoid getting fingerprinted.

On the one hand, I agree with this as general advice. Smart Tor people who have thought hard about many sides to various issues, and who probably know more than we do, are making decisions in an effort to keep most of us mostly safer, and we need to mostly trust them to make the decisions, in the current threat environment, which provide the most benefit for the most Tor users.

On the other hand: the slider is intended as a (necessary) compromise between two competing realities, both of which must be recognized:

o providing anonymity demands everyone look the same, as far as possible

o at-risk people confront a very different mix of likely threats depending up real time details of where they are, who they are associating with, what they are doing with electronic devices, etc.

So adjusting the security slider is one change which IMO every Tor user should feel free to make according to his/her best estimate of what makes most sense for them personally in the moment in terms of the trading better security for worse anonymity or vice versa.

I hate to rain on your parade because you make a lot of really important points here, but

1) the documentation strongly discourages installing extensions in Tor Browser, and
2) the documentation strongly discourages changing about:config settings

because both can make you vulnerable to fingerprinting attacks. Actually it's pretty much guaranteed if we're talking about after-market disabling specific JavaScript APIs.

I share your frustration about some design decisions, but I think you need to take a much wider view to appreciate all the factors which go into making them.

Tor Browser and other products are built by Tor Project, an NGO based in the US with a handful of paid employees and precarious funding. Even as Tor software products are subjected to endless technical attacks by well funded enemies, Tor Project is subjected to increasingly dangerous legal and political attacks. To counter the former, we need Tor Project to continue to exist. Obviously. And to ensure that TP continues to exist, IMO it is essential to *grow* the userbase worldwide, not to *shrink* it as you seem to want to do.

Let me point out two specific reasons why this point should be self-evident.

First: for years many Tor users around the world expressed increasing concern that TP's funding mostly came from sources tied to obscure portions of the US State Department or even USIC. Further, as all the worlds governments continue to shift towards dramatically increased authoritarianism, those "freedom-building" portions of the USG have come under increasing attack within "the swamp", seriously endangering their continued existence. This could lead to most TP funding simply disappearing, almost overnight.

Further, many users who depend upon Tor have expressed concern that because the USG has provided most of the funding for TP, the USG inevitably will exert undue influence upon TP policy decision and even technical decisions which could perhaps result in opening up holes of which Tor developers are unaware. (C.f. NSA's manipulation of NIST to weaken cryptographic protocols in obscure ways which no-one noticed.) As a result of these concerns, when Shari Steele became CEO, she made it a priority to evolve TP away from a funding model dependent upon highly endangered USG grants and towards funding based upon direct user contributions, similarly to US based NGOs such as ACLU and EFF (Steele previously worked at EFF). And clearly, to succeed in this, TP needs to greatly broaden the user base for Tor products, not to shrink it.

Further, it is clear that all around the world The People are calling for more privacy, even in CN. Tor products are among the very few which are available right now, are battle-tested, and usable by most non-technical citizens, and IMO as a matter of principle, the US tech world (which bears some responsibility for enabling NSA's "collect it all"/"pwn it all" global dragnet) has an urgent moral obligation attempt to redress NSA's abuses by providing privacy/security/anonymity-enhancing tools like Tor.

Second: Former FBI Director Comey, current FBI Director Wray, and deputy AG Rod Rosenstein are among the senior USG officials who have been insistently calling that a divided, weak, and self-loathing Congress slip a provision into some law which would outlaw non-backdoored encryption in the USA, which means to some extent, almost everywhere. Tor Project has repeatedly stated that the project will never put a secret federal backdoor into Tor. Assuming they mean, "not even under threat of imprisonment", if the provision which Rosenstein and the others demand are enacted (probably in dead of night, with no debate, in the context of a rider on some last second attempt to avoid the next USG shutdown), then Tor Project will become an illegal NGO. What then? I don't know, but it is certainly reasonable to fear that Tor products might simply no longer be available to anyone anywhere.

(As a matter of fact, Tor Project has not recently reiterated the "no backdoors ever" vow, and IMO it is not possible to repeat this vow too often, so Shari or Roger, please repeat it in unambiguous language!)

> So please TorProject, avoid the PR and nonsense, focus on securing your browser and making it practical/configurable for power users instead of wasting all your time on a userbase that are already too far gone to save.

Tor does not continue to exist by some magical process independent of the course of human events, and Tor Project does exist in a political vacuum.

If you want to continue to use new versions of Tor products, you should support growing the user base, not shrinking it.

This is not inconsistent with continuing to request specific features which you hope will improve security/anonymity for everyone.

> I wonder why not to move Tor Project from the US to Canada?

CA is alas one of the FVEY countries (US, UK, CA, AU, NZ).

When the Trudeau government was elected there was briefly hope that CSE (Canada's NSA) would cease cooperation with NSA in illegal dragnet surveillance, but that hope seems to have died.

OTH, the University of Toronto's Munk School of Journalism hosts Citizen Lab, which has done wonderful work in exposing malware abuses by "little" governments like Ethiopia, sometimes even by CN. So far, alas, Citizen Lab has not been able to expose abuses by FVEY governments.

Some years ago, there was hope that Iceland might prove to be a data refuge, but this was quickly brought into question by a horrific corruption scandal. Traditionally neutral countries like Switzerland or Finland beckon, but Switzerland is endangered by a dispute with USG over banking secrecy, and Finland is subject to bullying by RU as well as US. Hong Kong is increasingly dangerous.

Germany might be the best bet, but also seems to harbor the greatest concentration of (mostly non-German) spooks.

Belgium has waffles, but is also bugged like nobody's brother.

I think the only solution is for TP to ask advice from HRW and Amnesty how to establish a legal presence as an NGO based in multiple continents.

And to keep in mind the possibility of going underground.

Anonymous

February 14, 2018

In reply to by Anonymous (not verified)

Permalink

> Laugh as America turns itself into China.

I read that Tech dirt article too (shout out to Tech dirt, the exemplar of endangered journalism, and took it as vindication of my warnings here since many years.

No US media (AFAIK) have even attempted to study the effects on opinions in the US business community of ingenious CN propaganda (e.g. China Daily) which is doing so much to quietly convert the USA into a hateful model of technology-enabled authoritarianism.

The biggest untold aspect of the Snowden leaks story is the begged question of just what USG intends to do with all the data it is slurping up in all those ever-multiplying ever-expanding dragnet surveillance programs.

The answer, it appears, is precrime. Or even pre-thoughtcrime. CN is pointing the way, but US intends to go much further, according to NCTC, FBI and National Laboratory white papers. Most amazing of all: this is not even much of a secret, many of the discussion of how to implement American precrime is in openly published whitepapers. But apparently no muckraking journalists are reading them.

Given all the constant "save the children!" rhetoric coming from FBI, you'd think some swamp creature would perceive the problem with NCTC's explicit goal of identifying future bad actors/thinkers starting from age 2-7, which is quite literally their target group, and this shocking fact is not even secret. It is specifically mentioned in several obscure but unclassified documents.

We need LANL's counterpart to Snowden to bring out the secret documents, which are apparently even more horrifying that the unclassified ones.

Not all Tor Project employees are US citizens... it's not like ITAR is an issue for them. As the software is open source, if the organization itself could not legally exist in the US, development would likely resume in another country, under another organization, where it is legal. The software could be trivially forked and resumed like nothing happened (after some logistical nightmares, at least). US developers would either simply stop contributing, or would contribute anonymously.

As for the risk of backdoors, again, Tor is open source. Anyone can read the source code, and anyone can read every single changed line between two versions. Sure, it would be possible to insert a bug with some clever abuse of undefined behavior and other C oddities, but it will not ensure a backdoor will get through, much less get through undetected for any significant periods of time. Even if you do not read the source code, others do. The devs do, many programmers do, I do. That's a lot of eyes on the code. Could it be better? Yes. But should we be freaking out about the risk of backdoors? No. It's better to worry about the sad state of Firefox (and by extension, Tor Browser) security than it is to worry about the political future of Tor Project.

> As for the risk of backdoors, again, Tor is open source. Anyone can read the source code, and anyone can read every single changed line between two versions.

The problem with this argument is that NSA messed with at least one protocol (a public standard for a pseudo-random number generator published by NIST) and nobody noticed--- not even the supposed experts who work for NIST. (This was one of the many revelations from the Snowden leaks, and was discussed at length in this blog a few years ago.)

In other words, some of the most crucial elements of Tor can be meaningfully critiqued by only a tiny handful of cryptographic researchers. If USG arrests them all--- all those who live in the US and do not already work for NSA, that is--- it could be almost impossible for "anyone" to recognize that a subtle "backdoor" has been introduced into the published source code.

There has never been a more desperate need for technically able "fresh blood" in math and computer science than at present. The problem is that USG funds the education of most of the students and too many of them are forced into working for USG upon graduation.

The only answer, I think, is to try to be bold by trying to build campus organizations which try to persuade US techies to follow the example of Snowden by working for The People by working against the Universal Adversary.

NSA boycott, anyone?

Join the discussion...

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

10 + 3 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.