Tor Browser 7.5 is released

The Tor Browser Team is proud to announce the first stable release in the 7.5 series. This release is available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Apart from the usual Firefox security updates it contains some notable improvements compared to the 7.0 series. Here are the highlights:

  1. We redesigned parts of the Tor Browser user interface. One of the major improvements for our users is our new Tor Launcher experience. This work is based on the findings published at 'A Usability Evaluation of Tor Launcher', a paper done by Linda Lee et al. At our work we iterated on the redesign proposed by the research, improving it even further. Here are the main changes we would like to highlight:

    Welcome Screen

    Our old screen had way too much information for the users, leading many of them to spend great time confused about what to do. Some users at the paper experiment spent up to 40min confused about what they needed to be doing here. Besides simplifying the screen and the message, to make it easier for the user to know if they need to configure anything or not, we also did a 'brand refresh' bringing our logo to the launcher.

    Censorship circumvention configuration

    This is one of the most important steps for a user who is trying to connect to Tor while their network is censoring Tor. We also worked really hard to make sure the UI text would make it easy for the user to understand what a bridge is for and how to configure to use one. Another update was a little tip we added at the drop-down menu (as you can see below) for which bridge to use in countries that have very sophisticated censorship methods.

    Proxy help information

    The proxy settings at our Tor Launcher configuration wizard is an important feature for users who are under a network that demands such configuration. But it can also lead to a lot of confusion if the user has no idea what a proxy is. Since it is a very important feature for users, we decided to keep it in the main configuration screen and introduced a help prompt with an explanation of when someone would need such configuration.

    As part of our work with the UX team, we will also be coordinating user testing of this new UI to continue iterating and make sure we are always improving our users' experience. We are also planning a series of improvements not only for the Tor Launcher flow but for the whole browser experience (once you are connected to Tor) including a new user onboarding flow. And last but not least we are streamlining both our mobile and desktop experience: Tor Browser 7.5 adapted the security slider design we did for mobile bringing the improved user experience to the desktop as well.

  2. We ship the first release in Tor's 0.3.2 series, 0.3.2.9. This release includes support for the Next Generation of Onion Services.
  3. On the security side we enabled content sandboxing on Windows and fixed remaining issues on Linux that prevented printing to file from working properly. Additionally, we improved the compiler hardening on macOS and fixed holes in the W^X mitigation on Windows.
  4. We finally moved away from Gitian/tor-browser-bundle as the base of our reproducible builds environment. Over the past weeks and months rbm/tor-browser-build got developed making it much easier to reproduce Tor Browser builds and to add reproducible builds for new platforms and architectures. This will allow us to ship 64bit bundles for Windows (currently in the alpha series available) and bundles for Android at the same day as the release for the current platforms/architectures is getting out.

The full changelog since Tor Browser 7.0.11 is:

  • All Platforms
    • Update Firefox to 52.6.0esr
    • Update Tor to 0.3.2.9
    • Update OpenSSL to 1.0.2n
    • Update Torbutton to 1.9.8.5
      • Bug 21847: Update copy for security slider
      • Bug 21245: Add da translation to Torbutton and keep track of it
      • Bug 24702: Remove Mozilla text from banner
      • Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
      • Translations update
    • Update Tor Launcher to 0.2.14.3
      • Bug 23262: Implement integrated progress bar
      • Bug 23261: implement configuration portion of new Tor Launcher UI
      • Bug 24623: Revise "country that censors Tor" text
      • Bug 24624: tbb-logo.svg may cause network access
      • Bug 23240: Retrieve current bootstrap progress before showing progress bar
      • Bug 24428: Bootstrap error message sometimes lost
      • Bug 22232: Add README on use of bootstrap status messages
      • Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
      • Translations update
    • Update HTTPS Everywhere to 2018.1.11
    • Update NoScript to 5.1.8.3
    • Bug 23104: CSS line-height reveals the platform Tor Browser is running on
    • Bug 24398: Plugin-container process exhausts memory
    • Bug 22501: Requests via javascript: violate FPI
    • Bug 24756: Add noisebridge01 obfs4 bridge configuration
  • Windows
  • OS X
    • Bug 24566: Avoid white flashes when opening dialogs in Tor Browser
    • Bug 23025: Add some hardening flags to macOS build
  • Linux
    • Bug 23970: Make "Print to File" work with sandboxing enabled
    • Bug 23016: "Print to File" is broken on some non-english Linux systems
    • Bug 10089: Set middlemouse.contentLoadURL to false by default
    • Bug 18101: Suppress upload file dialog proxy bypass (linux part)
  • Android
  • Build System
    • All Platforms
      • Switch from gitian/tor-browser-bundle to rbm/tor-browser-build
    • Windows
    • Linux
      • Bug 20929: Bump GCC version to 5.4.0
      • Bug 23892: Include Firefox and Tor debug files in final build directory
      • Bug 24842: include libasan.so.2 and libubsan.so.0 in debug builds

What do you mean with "after opening". Do you see a browser windows that is crashing then? Or does this mean right after you are double-clicking on the link to start Tor Browser? Do you see any error message?

EDIT:

Oh, and does this happen with a newly installed Tor Browser as well?

It starts normally,it works for a few seconds and then i get either "windows closed the application" or "the tab has crashed",and everything after that crashes immediately.
Uninstalled it,made a clean install,previously was updated from earlier editions,it seems to work fine now.
Thank you!

Anonymous

February 02, 2018

Permalink

I am getting very many
"Your connection is not secure"
and similar. In fact my tor is almost useless. What to do? Its been happening before 7.5 too.

> I am getting very many "Your connection is not secure" and similar.

More detail would help, but I guess the problem is not with Tor but with the fact that browsers generally are complaining more these days about cryptographic misconfigurations. Possibly what is happening is that the browser is expecting a secure connection but an encountering poorly encrypted or unencrypted connection when you click on some link in some webpage. One common way in which this can happen is that a webpage includes "hard links" to third party websites, often holding pictures illustrating news stories, etc. Does this sound at all like what you were doing when you saw these error messages?

Anonymous

February 03, 2018

Permalink

I cannot use obfs4 built-in bridge after upgrade TorBrowser from 7.01 to 7.5 (windows + linux), WHY ? please help !

Anonymous

February 04, 2018

Permalink

"Unable to connect"
"Your connection is not secure"
or a simple
"404"
or just and infinite attempt to connect.
This has been the case even before 7.5.
All under Knoppix 8.1 on a Toshiba satellite.

I have now twice, different nights, tried to add a comment that I cannot even reach DuckDuckGo's onion site. I get

Your connection is not secure

My attempts, at least the second, went as far as that you promised me to considered them in a review, but they vanish without a trace. Have you found them of little interest?

This is the fourth evening I try to add that off and on I cannot even reach the onion version of DuckDuckGo. Often I get
Secure Connection Failed
other times Firefox just never reach DuckDuckGo.

There is no security classification on the document when something like this would be considered confidential. The guy even left his name and face in the picture which would be very dumb if he wanted to leak such information.

Anonymous

February 04, 2018

Permalink

Wow, I just went through the entire comment thread to make sure this hasn't been discussed already. The people who work on Tor have the patience of saints.
Anyway, I just noticed a typo on the changelog for version 7.5. That contains the following line:

* Bug 21245: Add da translation to Torbutton and keep track of it

I'm sure that "da" is supposed to be "a". So when time permits, you might want to change that.

Anonymous

February 04, 2018

Permalink

Blank "pr" in cached-microdesc-consensus file is right?

r DrinkPaint 163.172.190.130 9001 9030
s Fast Running Stable V2Dir Valid
v Tor 0.2.9.11
pr
w Bandwidth=1380

Anonymous

February 05, 2018

Permalink

Does the setting plugin.disable_full_page_plugin_for_types still exist? (I have it and its value is set to application/pdf.)

Is there an easy way to reset all about:config settings to default, without reinstalling Tor Browser?

Thank you for your work.

Looking at the Firefox source code, yes, it still exists in Firefox 52. No, there is no easy way to reset all the changes preferences. That's one of the reasons we encourage to use the security slider as doing so allows resetting crucial security preferences in a controlled and reproducible way.

Anonymous

February 05, 2018

Permalink

Problem dowloading Tor Browser
My System is Windows 8.1
I'm writing from Browser Mozilla Firefox 52.6.0.6607
Last charged : Tor browser 7.5 (don't know if clean) 23 Jan 2018
Until old version all worked OK - Now loading is ever blocked - Copied clip board messages where loading stopped with warning messages:
2/6/2018 7:17:19 AM.000 [WARN] Proxy Client: unable to connect to 154.35.22.9:443 ("general SOCKS server failure")
2/6/2018 7:17:19 AM.500 [WARN] Proxy Client: unable to connect to 154.35.22.12:80 ("general SOCKS server failure")
2/6/2018 7:17:20 AM.500 [WARN] Proxy Client: unable to connect to 154.35.22.10:80 ("general SOCKS server failure")
2/6/2018 7:17:20 AM.500 [WARN] Proxy Client: unable to connect to 192.99.11.54:443 ("general SOCKS server failure")

I think IP Addresses are located USA

Any suggestion?
Can I uninstall and clean all registers of Tor Browsre and Mozilla and then reinstall all?

Anonymous

February 06, 2018

Permalink

Dear sirs
How do you make sure the exit IP address is always one country. You used to put a line in Torrc file but it no longer seems to work. Could you advise what the procedure is now?

Yours
Allister Denyer

Anonymous

February 07, 2018

Permalink

TOR is as far as I know intended for all kinds of users (not just the technically expert ones), but it's not evident to me (maybe because I'm not a technically expert one) why all users are prompted to download every new version.

With the exception of those updates that include security-related improvements, it often doesn't seem that there is any reason to install certain updates, despite being encouraged to by prompting from TOR.

Couldn't TOR be specific about which users really need (or can benefit from) updates as they're released, instead of just automatically recommending every update to every user?

> it's not evident to me (maybe because I'm not a technically expert one) why all users are prompted to download every new version.

This can be inconvenient but it's the only way to ensure you have the latest everything bundled in a tested package (Tor Browser bundle). There is a maxim in the cybersecurity world which holds that everyone needs to patch *everything* they use, because leaving anything unpatched opens up a hole. Security experts often find themselves trying to clean up the mess which results when (all too often) bad actors exploit just such a hole.

Many people use Tor every day, so if you have evidence that some of them may be endangered by a specific flaw, please give technical details sufficient for devs to fix the problem.

Anonymous

February 14, 2018

Permalink

TBB 7.5(with Tor 0.3.2.9) is connecting slow when using Guard with Tor 0.3.2.9 or is it a problem with the first hop/Guard?
Guard has enough Bandwidth, bigger as 10000, heartbeat is inconspicuous.

Anonymous

February 14, 2018

Permalink

I just recently updated to the new Tor 7.5 and my Tor will now no longer work?
It keeps saying something about connection disabled or something like that?
I've checked my clock and it's fine!
I've looked everywhere and can't figure this out..
You see, I can install an older version of Tor and it works PERFECTLY fine but NOT when I update to the new version, so now why is this?

Anonymous

February 14, 2018

Permalink

I have a problem with the CAPTCHA on many sites. Is there some kind of formula or something I am not aware of?

Anonymous

February 17, 2018

Permalink

Nice work - thanks.

Would it be possible to have a version of Tor Browser that can be installed on Windows like a regular browser (in additional to the portable TBB)?

What does a regular browser differently? Registry entries? And installation + different profiles for different users? That's tricky. There are no concrete plans yet for providing those features.

Anonymous

February 21, 2018

Permalink

To whom it may concern

My TBB stopped working after an autoupgrade, the bootstrap process appears unaffected, however, the browser cannot load any webpages, it keep saying 'Secure Connection Failed'.

I tried to use new identity, use various bridge modes, didn't help one bit. Suspecting a corrupted update, I downloaded a fresh copy of installer using VPN, and the problem still persists.

I'm on windows7 64bit, previous version of TBB works fine. Please help.

Anonymous

February 25, 2018

Permalink

Since this weekend, the website torproject.org is unreachable - through tor AND plain firefox. I live in Belgium and used telenet and orange as provider. Just this blog is reachable, the download pages and other links in this blog are unreachable too (connection timed out). Problem in BE with restrictions on our internet or at Tor?

Anonymous

February 27, 2018

Permalink

Since updating TOR - it won't work for me. I installed the update - wouldn't work - would put in the URL, and it simply wouldn't respond.

Then my PC crashed. When I got it back up the last version of TOR was there again. It worked, but then wanted the update. I updated it.

Now it won't work again....same problem. I put in the URL, hit the arrow or return - and nothing happens. I'm running 2007 Windows Vista, Home Pack Premium Service Pack 2. If it is not compatible, is there a way to revert back to the last version?

Not easily, I am afraid. We believe we have a fix for that, see: https://trac.torproject.org/projects/tor/ticket/25112 which will make it into the next stable release if all goes well. That one is planned for next week. Meanwhile I think a good option is to use the Tor Browser alpha which you can find on our website as well: https://www.torproject.org/projects/torbrowser.html.en#downloads-alpha. Sorry for the inconvenience.

Anonymous

March 08, 2018

Permalink

Starting from two days ago I am unable to sync Tor 7.5.
I get a standard notification box "500 Error" without password prompt and checking about:sync-log this error is displayed "Sync.ErrorHandler ERROR Sync encountered a login error".
Is anybody else experiencing the same issue?

Join the discussion...

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

4 + 7 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.