Tor Browser 7.5 is released

The Tor Browser Team is proud to announce the first stable release in the 7.5 series. This release is available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Apart from the usual Firefox security updates it contains some notable improvements compared to the 7.0 series. Here are the highlights:

  1. We redesigned parts of the Tor Browser user interface. One of the major improvements for our users is our new Tor Launcher experience. This work is based on the findings published at 'A Usability Evaluation of Tor Launcher', a paper done by Linda Lee et al. At our work we iterated on the redesign proposed by the research, improving it even further. Here are the main changes we would like to highlight:

    Welcome Screen

    Our old screen had way too much information for the users, leading many of them to spend great time confused about what to do. Some users at the paper experiment spent up to 40min confused about what they needed to be doing here. Besides simplifying the screen and the message, to make it easier for the user to know if they need to configure anything or not, we also did a 'brand refresh' bringing our logo to the launcher.

    Censorship circumvention configuration

    This is one of the most important steps for a user who is trying to connect to Tor while their network is censoring Tor. We also worked really hard to make sure the UI text would make it easy for the user to understand what a bridge is for and how to configure to use one. Another update was a little tip we added at the drop-down menu (as you can see below) for which bridge to use in countries that have very sophisticated censorship methods.

    Proxy help information

    The proxy settings at our Tor Launcher configuration wizard is an important feature for users who are under a network that demands such configuration. But it can also lead to a lot of confusion if the user has no idea what a proxy is. Since it is a very important feature for users, we decided to keep it in the main configuration screen and introduced a help prompt with an explanation of when someone would need such configuration.

    As part of our work with the UX team, we will also be coordinating user testing of this new UI to continue iterating and make sure we are always improving our users' experience. We are also planning a series of improvements not only for the Tor Launcher flow but for the whole browser experience (once you are connected to Tor) including a new user onboarding flow. And last but not least we are streamlining both our mobile and desktop experience: Tor Browser 7.5 adapted the security slider design we did for mobile bringing the improved user experience to the desktop as well.

  2. We ship the first release in Tor's 0.3.2 series, 0.3.2.9. This release includes support for the Next Generation of Onion Services.
  3. On the security side we enabled content sandboxing on Windows and fixed remaining issues on Linux that prevented printing to file from working properly. Additionally, we improved the compiler hardening on macOS and fixed holes in the W^X mitigation on Windows.
  4. We finally moved away from Gitian/tor-browser-bundle as the base of our reproducible builds environment. Over the past weeks and months rbm/tor-browser-build got developed making it much easier to reproduce Tor Browser builds and to add reproducible builds for new platforms and architectures. This will allow us to ship 64bit bundles for Windows (currently in the alpha series available) and bundles for Android at the same day as the release for the current platforms/architectures is getting out.

The full changelog since Tor Browser 7.0.11 is:

  • All Platforms
    • Update Firefox to 52.6.0esr
    • Update Tor to 0.3.2.9
    • Update OpenSSL to 1.0.2n
    • Update Torbutton to 1.9.8.5
      • Bug 21847: Update copy for security slider
      • Bug 21245: Add da translation to Torbutton and keep track of it
      • Bug 24702: Remove Mozilla text from banner
      • Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
      • Translations update
    • Update Tor Launcher to 0.2.14.3
      • Bug 23262: Implement integrated progress bar
      • Bug 23261: implement configuration portion of new Tor Launcher UI
      • Bug 24623: Revise "country that censors Tor" text
      • Bug 24624: tbb-logo.svg may cause network access
      • Bug 23240: Retrieve current bootstrap progress before showing progress bar
      • Bug 24428: Bootstrap error message sometimes lost
      • Bug 22232: Add README on use of bootstrap status messages
      • Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
      • Translations update
    • Update HTTPS Everywhere to 2018.1.11
    • Update NoScript to 5.1.8.3
    • Bug 23104: CSS line-height reveals the platform Tor Browser is running on
    • Bug 24398: Plugin-container process exhausts memory
    • Bug 22501: Requests via javascript: violate FPI
    • Bug 24756: Add noisebridge01 obfs4 bridge configuration
  • Windows
  • OS X
    • Bug 24566: Avoid white flashes when opening dialogs in Tor Browser
    • Bug 23025: Add some hardening flags to macOS build
  • Linux
    • Bug 23970: Make "Print to File" work with sandboxing enabled
    • Bug 23016: "Print to File" is broken on some non-english Linux systems
    • Bug 10089: Set middlemouse.contentLoadURL to false by default
    • Bug 18101: Suppress upload file dialog proxy bypass (linux part)
  • Android
  • Build System
    • All Platforms
      • Switch from gitian/tor-browser-bundle to rbm/tor-browser-build
    • Windows
    • Linux
      • Bug 20929: Bump GCC version to 5.4.0
      • Bug 23892: Include Firefox and Tor debug files in final build directory
      • Bug 24842: include libasan.so.2 and libubsan.so.0 in debug builds
Anonymous

February 04, 2018

Permalink

"Unable to connect"
"Your connection is not secure"
or a simple
"404"
or just and infinite attempt to connect.
This has been the case even before 7.5.
All under Knoppix 8.1 on a Toshiba satellite.

I have now twice, different nights, tried to add a comment that I cannot even reach DuckDuckGo's onion site. I get

Your connection is not secure

My attempts, at least the second, went as far as that you promised me to considered them in a review, but they vanish without a trace. Have you found them of little interest?

This is the fourth evening I try to add that off and on I cannot even reach the onion version of DuckDuckGo. Often I get
Secure Connection Failed
other times Firefox just never reach DuckDuckGo.

There is no security classification on the document when something like this would be considered confidential. The guy even left his name and face in the picture which would be very dumb if he wanted to leak such information.

Anonymous

February 04, 2018

Permalink

Wow, I just went through the entire comment thread to make sure this hasn't been discussed already. The people who work on Tor have the patience of saints.
Anyway, I just noticed a typo on the changelog for version 7.5. That contains the following line:

* Bug 21245: Add da translation to Torbutton and keep track of it

I'm sure that "da" is supposed to be "a". So when time permits, you might want to change that.

Anonymous

February 04, 2018

Permalink

Blank "pr" in cached-microdesc-consensus file is right?

r DrinkPaint 163.172.190.130 9001 9030
s Fast Running Stable V2Dir Valid
v Tor 0.2.9.11
pr
w Bandwidth=1380

Anonymous

February 05, 2018

Permalink

Does the setting plugin.disable_full_page_plugin_for_types still exist? (I have it and its value is set to application/pdf.)

Is there an easy way to reset all about:config settings to default, without reinstalling Tor Browser?

Thank you for your work.

Looking at the Firefox source code, yes, it still exists in Firefox 52. No, there is no easy way to reset all the changes preferences. That's one of the reasons we encourage to use the security slider as doing so allows resetting crucial security preferences in a controlled and reproducible way.

Anonymous

February 05, 2018

Permalink

Problem dowloading Tor Browser
My System is Windows 8.1
I'm writing from Browser Mozilla Firefox 52.6.0.6607
Last charged : Tor browser 7.5 (don't know if clean) 23 Jan 2018
Until old version all worked OK - Now loading is ever blocked - Copied clip board messages where loading stopped with warning messages:
2/6/2018 7:17:19 AM.000 [WARN] Proxy Client: unable to connect to 154.35.22.9:443 ("general SOCKS server failure")
2/6/2018 7:17:19 AM.500 [WARN] Proxy Client: unable to connect to 154.35.22.12:80 ("general SOCKS server failure")
2/6/2018 7:17:20 AM.500 [WARN] Proxy Client: unable to connect to 154.35.22.10:80 ("general SOCKS server failure")
2/6/2018 7:17:20 AM.500 [WARN] Proxy Client: unable to connect to 192.99.11.54:443 ("general SOCKS server failure")

I think IP Addresses are located USA

Any suggestion?
Can I uninstall and clean all registers of Tor Browsre and Mozilla and then reinstall all?

Anonymous

February 06, 2018

Permalink

Dear sirs
How do you make sure the exit IP address is always one country. You used to put a line in Torrc file but it no longer seems to work. Could you advise what the procedure is now?

Yours
Allister Denyer

Anonymous

February 07, 2018

Permalink

TOR is as far as I know intended for all kinds of users (not just the technically expert ones), but it's not evident to me (maybe because I'm not a technically expert one) why all users are prompted to download every new version.

With the exception of those updates that include security-related improvements, it often doesn't seem that there is any reason to install certain updates, despite being encouraged to by prompting from TOR.

Couldn't TOR be specific about which users really need (or can benefit from) updates as they're released, instead of just automatically recommending every update to every user?

> it's not evident to me (maybe because I'm not a technically expert one) why all users are prompted to download every new version.

This can be inconvenient but it's the only way to ensure you have the latest everything bundled in a tested package (Tor Browser bundle). There is a maxim in the cybersecurity world which holds that everyone needs to patch *everything* they use, because leaving anything unpatched opens up a hole. Security experts often find themselves trying to clean up the mess which results when (all too often) bad actors exploit just such a hole.

Anonymous

February 14, 2018

Permalink

TBB 7.5(with Tor 0.3.2.9) is connecting slow when using Guard with Tor 0.3.2.9 or is it a problem with the first hop/Guard?
Guard has enough Bandwidth, bigger as 10000, heartbeat is inconspicuous.

Anonymous

February 14, 2018

Permalink

I just recently updated to the new Tor 7.5 and my Tor will now no longer work?
It keeps saying something about connection disabled or something like that?
I've checked my clock and it's fine!
I've looked everywhere and can't figure this out..
You see, I can install an older version of Tor and it works PERFECTLY fine but NOT when I update to the new version, so now why is this?

Anonymous

February 14, 2018

Permalink

I have a problem with the CAPTCHA on many sites. Is there some kind of formula or something I am not aware of?

Anonymous

February 17, 2018

Permalink

Nice work - thanks.

Would it be possible to have a version of Tor Browser that can be installed on Windows like a regular browser (in additional to the portable TBB)?

What does a regular browser differently? Registry entries? And installation + different profiles for different users? That's tricky. There are no concrete plans yet for providing those features.

Join the discussion...

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

1 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.