Tor Browser 3.6-beta-2 is released

The Tor Browser Team is proud to announce the second beta in the 3.6 series. Packages are available from the Tor Browser Project page and also from our distribution directory.

This release is an important security update over 3.6-beta-1. This release updates OpenSSL to version 1.0.1g, to address potential client-side vectors for CVE-2014-0160.

The browser itself does not use OpenSSL, and is not vulnerable to this CVE. However, this release is still considered an important security update, because it is theoretically possible to extract sensitive information from the Tor client sub-process.

This beta also features a Turkish language bundle, experimental Javascript hardening options, fixes for pluggable transport issues, and a fix for improper update notification while extracting the bundle over an already existing copy.

Here is the complete changelog since 3.6-beta-1:

All Platforms
- Update OpenSSL to 1.0.1g
- Bug 9010: Add Turkish language support.
- Bug 9387 testing: Disable JS JIT, type inference, asmjs, and ion.
- Update fte transport to 0.2.12
- Update NoScript to 2.6.8.19
- Update Torbutton to 1.6.8.1
  - Bug 11242: Fix improper "update needed" message after in-place upgrade.
  - Bug 10398: Ease translation of about:tor page elements
- Update Tor Launcher to 0.2.5.3
  - Bug 9665: Localize Tor's unreachable bridges bootstrap error
- Backport Pending Tor Patches:
  - Bug 9665: Report a bootstrap error if all bridges are unreachable
  - Bug 11200: Prevent spurious error message prior to enabling network.
Linux:
- Bug 11190: Switch linux PT build process to python2
- Bug 10383: Enable NIST P224 and P256 accel support for 64bit builds.
Windows:
- Bug 11286: Fix fte transport launch error

A list of frequently encountered known issues with the Tor Browser can be found on our bugtracker. Please check that list and help us diagnose and arrive at solutions for those issues before contacting support.

Not yet,

Not yet, alas.

https://tor.stackexchange.com/questions/318/how-do-i-keep-my-tor-browse…

The bug #9387 changes

The bug #9387 changes ("Disable JS JIT, type inference, asmjs, and ion. ") seem to involve turning off everything which is intended to make JavaScript fast.
Has there been any systematic attempt to evaluate what effect this may have on performance?
Has there, for that matter, been any systematic attempt to evaluate what additional security benefit this brings, e.g. what proportion of past Firefox vulnerabilities would users have been protected against if each of these features were disabled?

Recent Updates

Reaching People Where They Are

Part of the Tor Project's mission is to further the popular understanding of privacy technologies, and we believe we can achieve it by combining educational efforts with usability

New release: Tor 0.4.1.6

We have a new stable release today. If you build Tor from source, you can download the source code for 0.4.1.6 from the download page on the website. Packages should be available within the next several weeks, with a new Tor Browser in the next week or two.

This release backports several bugfixes to improve stability and correctness. Anyone experiencing build problems or crashes with 0.4.1.5, or experiencing reliability issues with single onion services, should upgrade.

Changes in version 0.4.1.6 - 2019-09-19

Major bugfixes (crash, Linux, Android, backport from 0.4.2.1-alpha):
- Tolerate systems (including some Android installations) where madvise and MADV_DONTDUMP are available at build-time, but not at run time. Previously, these systems would notice a failed syscall and abort. Fixes bug 31570; bugfix on 0.4.1.1-alpha.
- Tolerate systems (including some Linux installations) where madvise and/or MADV_DONTFORK are available at build-time, but not at run time. Previously, these systems would notice a failed syscall and abort. Fixes bug 31696; bugfix on 0.4.1.1-alpha.
Minor features (stem tests, backport from 0.4.2.1-alpha):
- Change "make test-stem" so it only runs the stem tests that use tor. This change makes test-stem faster and more reliable. Closes ticket 31554.

New Release: Tor 0.4.2.1-alpha

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.2.1-alpha from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release in the next couple of weeks.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

This is the first alpha release in the 0.4.2.x series. It adds new defenses for denial-of-service attacks against onion services. It also includes numerous kinds of bugfixes and refactoring to help improve Tor's stability and ease of development.

Changes in version 0.4.2.1-alpha - 2019-09-17

Major features (onion service v3, denial of service):
- Add onion service introduction denial of service defenses. Intro points can now rate-limit client introduction requests, using parameters that can be sent by the service within the ESTABLISH_INTRO cell. If the cell extension for this is not used, the intro point will honor the consensus parameters. Closes ticket 30924.
Major bugfixes (circuit build, guard):
- When considering upgrading circuits from "waiting for guard" to "open", always ignore circuits that are marked for close. Previously we could end up in the situation where a subsystem is notified of a circuit opening, but the circuit is still marked for close, leading to undesirable behavior. Fixes bug 30871; bugfix on 0.3.0.1-alpha.

Join the Global Climate Strike 20-27 September

Humanity is facing a climate crisis.

Tor Browser 3.6-beta-2 is released

Not yet,

The bug #9387 changes

While your suggestion of

I entered about:config and

I Remove most of them in

what does the "experimental

SENDS HARD-CODED ID TO THE

Thank you Mr Troll for

Not bad not bad. I see a lot

I'm connecting thru VPN,

Tor is not working at all on

This blog probably won't