Tor Browser 7.5.2 is released
Tor Browser 7.5.2 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox.
Note: Users of the Tor Browser alpha series are strongly encouraged to use the stable series while we are preparing a new alpha release.
The full changelog since Tor Browser 7.5.1 is:
- All platforms
- Update Firefox to 52.7.2esr
Use an onion search engine,…
Use an onion search engine, like http://msydqstlz2kzerdg.onion/ (https://ahmia.fi/).
The easiest answer is …
The easiest answer is "install and use Tor Browser"--- the latest version, for the appropriate architecture (e.g. Windows, Linux) obtained from www.torproject.org.
For more privacy protections, you may want to consider using Tails:
https://tails.boum.org/about/index.en.html
Tails will enable you to browse the web anonymously:
https://tails.boum.org/doc/anonymous_internet/Tor_Browser/index.en.html
Within limits:
You can't. Tor provides no…
You can't. Tor provides no protection against global adversaries, but USA, People's Republic of China and other govenments are global adversaries because of MLATs and CLOUD. Say thank to Trump and the Congress.
Tor Project products such as…
Tor Project products, such as Tor Browser, cannot by themselves protect against flaws in your operating system, much less hardware vulnerabilities such as speculative execution.
If you are concerned about Spectre/Meltdown, good, and you may want to consider using Tails, which uses Tor Browser but has further protections; see
tails.boum.org
Tails Project is independent of Tor Project but allied with it.
The current version of Tails is hardened against some Spectre attacks and should be immune to known Meltdown attacks. It is not currently possible, and may never be possible, to be completely protected from Spectre attacks, for reasons discussed in previous comments in this blog.
Tor Browser, cannot by…
Tor Browser, cannot by themselves protect against flaws in your operating system, much less hardware vulnerabilities such as speculative execution.
Actually, Retpoline does just that. Firefox was going to compile with Retpoline, but since Tor has its own build of Firefox, it would be great to hear that Retpoline is definitely enabled in the build target.
What does "instantly" mean?…
What does "instantly" mean? Just after trying to start Tor Browser? Or once you start surfing? I suspect your local AV/Firewall software does not like the new version. Could you try removing it and see whether it fixes your problem? Which previous version did work for you?
Follow the first link in the…
Follow the first link in the post to the Tor Project download page, download the new version of Tor Browser, verify the file, unpack it, and surf! Feel free to flip the bird in the general direction of Cambridge Analytica.
Thanks for allowing comments…
Thanks for allowing comments, but where are the details about this vulnerability?
"Users of higher security levels are not affected", "do not allow ogg/vorbis" and so on?
We did not have time to…
We did not have time to analyze the implications for Tor Browser and don't have access to the PoC. So, it's hard to say something which is constructive at this point. That's the reason behind just saying: "Update!".
[Edit: I got told that setting media.ogg.enabled
to false
would make sure the vulnerable code would not have been triggered. It's not clear yet whether setting media.webaudio.enabled
to false
, which is possible with the security slider, would have helped as well.]
Okay. The most decent…
Okay. The most decent solution "Automatic updates" eliminates the need to even say "Update!" :) But is there some place where you publish (later) the results of analysis of effectiveness of the measures taken in Tor Browser (ssp, selfrando, etc)?
[Edit: I got told that…
[Edit: I got told that setting media.ogg.enabled to false would make sure the vulnerable code would not have been triggered. It's not clear yet whether setting media.webaudio.enabled to false, which is possible with the security slider, would have helped as well.]
Probably not. The underlying…
Probably not. The underlying flaw would still have been there and adapting the exploit would not have been that hard.
Sorry for a simple question…
Sorry for a simple question. I'm no security expert. Does 'Ghostery' work with Tor? If so, does it work well or ok? cheers.
Tor Project recommendation —…
Tor Project recommendation — Don't enable or install browser plugins. Tor Browser will block browser plugins such as Flash, RealPlayer, Quicktime, and others: they can be manipulated into revealing your IP address. Similarly, do not install additional addons or plugins into Tor Browser, as these may bypass Tor or otherwise harm your anonymity and privacy: https://www.torproject.org/download/download-easy.html.en#warning
So you should only have the…
So you should only have the three browser plugins with Tor, HTTPS, Torbutton and TorLauncer? cheers
Is the above correct? …
Is the above correct? Should you only have those three browser plugins? Thank you.
It's simple, assuming you…
It's simple, assuming you want to use Tor Browser to surf the internet anonymously:
1. download Tor Browser from https://www.torproject.org/download/download-easy.html.en
2. verify the file (a tarball)
3. unpack the tarball on your computer using your regular OS
4. use the provide startup script to start Tor Browser
5. surf!
You should probably read a bit about how to use Tor Browser wisely before you do too much surfing, though:
https://www.torproject.org/download/download-easy.html.en#warning
Ideally you should also read a bit about how the Tor network (including the underlying Tor client/server software) works:
https://www.torproject.org/about/overview.html.en#thesolution
You may also want to consider using Tails for additional protections. But Tails, much less Tor Browser, cannot protect you against some threats:
https://tails.boum.org/doc/about/warning/index.en.html
@ Tor Project: the OP asked a FAQ. Why is there no one document easily found in the Tor Project site which answers it?
Good question. I am actually…
Good question. I am actually not sure whether we have an entry in the FAQ for the question or not as I am not sure what is meant by "How does it work?". But, yes, once we figured that out and the FAQ does indeed not contain it we should add an entry.
We plan to help the …
We plan to help the Guardian Project getting an updated Orfox out in the coming days. And meanwhile we are continuing to work on getting Tor Browser for Android into shape. The first alpha is planned for July, so stay tuned.
No, the ISP is only seeing…
No, the ISP is only seeing that you are using Tor but nothing more.
I hope the following…
I hope the following explainer will help, in which <--> means unencrypted data link and <==> means encrypted data link.
Ordinary websurfing with a browser other than Tor Browser works like this:
DNS.server <--> your.computer <--> your.ISP <--> some.website
Websurfing with Tor Browser works like this:
your.computer <==> your.ISP <==> entry.node <==> middle.node <==> exit.node <--> http.site
your.computer <==> your.ISP <==> entry.node <==> middle.node <==> exit.node <==> https.site
Details:
The Tor network consists of entry, middle, exit nodes, and special servers called Directory Authorities.
The Tor circuit entry <==> middle <==> exit is triply encrypted. Middle node knows IP of entry and exit, but exit node and entry node do not know each other's identity. The encryption is stripped off in layers by the next node in the circuit, as packets traverse the Tor network. Hence the term "onion routing", which is the core concept characterizing Tor.
The identity of exit nodes and some entry/middle nodes is public information. Nonpublished entry nodes are bridges, which can afford additional anonymity and censorship-resistance. There are various kinds of bridges, some especially designed to resist very censorious governmental monitoring.
When you first join the Tor network using Tor Browser, your computer contacts a Directory Authority via an encrypted connection, to get current information on which Tor nodes are operating, so your ISP can see that you are using Tor. Unless, possibly, if you use a bridge (because bridges are not publicly associated with Tor) to try to join the Tor network.
The exit node in a Tor circuit must contact a DNS server (via unencrypted data link) to locate the IP of the website you type into Tor Browser's location pane, but since it doesn't know your real IP, neither does the operator of the DNS server, nor the operator of the website you are visiting.
Tor Browser is a fully functional browser based on Mozilla Firefox, but carefully tailored to maximize anonymity via the Tor network.
Tor Project offers various other software in addition to Tor Browser. All of them use the underlying client/server Tor software and are open source and free to the public.
"Onions" are bit more complicated and offer additional protections for people who need to publish information anonymously.
Other names: "entry guard" = entry node, "relay" = entry/middle node, "hidden service" = onion.
После обновления не на все…
После обновления не на все сайты входит. Что то перемудрили похоже.
I am just getting started…
I am just getting started again, it has been a year or so since I have been here, just updating everything. Have a peaceful day...
Hi guys - After upgrading to…
Hi guys - After upgrading to 7.5.2, Tor always insists on connecting to the UK as its first relay node, no matter how many times I try a different circuit.
Has anyone experienced this, and what's up with it?
I need the link to a hidden…
I need the link to a hidden wiki
anyone have?