Tor Browser 4.5 is released

The Tor Browser Team is proud to announce the first stable release in the 4.5 series. This release is available from the Tor Browser Project page and also from our distribution directory.

The 4.5 series provides significant usability, security, and privacy enhancements over the 4.0 series. Because these changes are significant, we will be delaying the automatic update of 4.0 users to the 4.5 series for one week.

Usability Improvements


On the usability front, we've improved the application launch experience for both Windows and Linux users. During install, Windows users are now given the choice to add Tor Browser to the Start Menu/Applications view, which should make it easier to find and launch. This choice is on by default, but can be disabled, and only affects the creation of shortcuts - the actual Tor Browser is still self-contained as a portable app folder. On the Linux side, users now start Tor Browser through a new wrapper that enables launching from the File Manager, the Desktop, or the Applications menu. The same wrapper can also be used from the command line.

We've also simplified the Tor menu (the green onion) and the associated configuration windows. The menu now provides information about the current Tor Circuit in use for a page, and also provides an option to request a new Tor Circuit for a site. Tor Browser is also much better at handling Tor Circuits in general: while a site remains in active use, all associated requests will continue to be performed over the same Tor Circuit. This means that sites should no longer suddenly change languages, behaviors, or log you out while you are using them.


Figure 1: The new Tor Onion Menu


Security Improvements


On the security front, the most exciting news is the new Security Slider. The Security Slider provides user-friendly vulnerability surface reduction - as the security level is increased, browser features that were shown to have a high historical vulnerability count in the iSec Partners hardening study are progressively disabled. This feature is available from the Tor onion menu's "Privacy and Security Settings" choice.


Figure 2: The new Security Slider

Our Windows packages are now signed with a hardware signing token graciously donated by DigiCert. This means that Windows users should no longer be prompted about Tor Browser coming from an unknown source. Additionally, our automatic updates are now individually signed with an offline signing key. In both cases, these signatures can be reproducibly removed, so that builders can continue to verify that the packages they produce match the official build binaries.

The 4.5 series also features a rewrite of the obfs2, obfs3, and ScrambleSuit transports in GoLang, as well as the introduction of the new obfs4 transport. The obfs4 transport provides additional DPI and probing resistance features which prevent automated scanning for Tor bridges. As long as they are not discovered via other mechanisms, fresh obfs4 bridge addresses will work in China today. Additionally, barring new attacks, private obfs4 addresses should continue to work indefinitely.


Privacy Improvements


On the privacy front, the 4.5 series improves on our pre-existing first party isolation implementation to prevent third party tracking. First party isolation provides the property that third party advertisements, like buttons, and "mashup" content that is included on one site will only know about your activity on that site, and will not be able to match it to your activity while you are on any other site. In other words, with first party isolation, Facebook, Twitter, and Google+ can't track you around the entire web using their infamous like buttons.

Specifically, in the 4.5 release, we now ensure that blob: URIs are scoped to the URL bar domain that created them, and the SharedWorker API has been disabled to prevent cross-site and third party communication. We also now make full use of Tor's circuit isolation to ensure that all requests for any third party content included by a site travel down the same Tor Circuit. This isolation also ensures that requests to the same third party site actually use separate Tor Circuits when the URL bar domain is different. This request isolation is enforced even when long-lived "HTTP Keep-Alive" connections are used.

We have also improved our resolution and locale fingerprinting defenses, and we now disable the device sensor and video statistics APIs.

New Search Provider


Our default search provider has also been changed to Disconnect. Disconnect provides private Google search results to Tor users without Captchas or bans.

Full Changelogs


Here is the complete list of changes in the 4.5 series since 4.0:

  • All Platforms
    • Update Tor to 0.2.6.7 with additional patches:
      • Bug 15482: Reset timestamp_dirty each time a SOCKSAuth circuit is used
    • Update NoScript to 2.6.9.22
    • Update HTTPS-Everywhere to 5.0.3
      • Bug 15689: Resume building HTTPS-Everywhere from git tags
    • Update meek to 0.17
    • Include obfs4proxy 0.0.5
      • Use obfs4proxy for obfs2, obfs3, obfs4, and ScrambleSuit bridges
    • Pluggable Transport Dependency Updates:
      • Bug 15265: Switch go.net repo to golang.org/x/net
      • Bug 15448: Use golang 1.4.2 for meek and obs4proxy
    • Update Tor Launcher to 0.2.7.4. Changes since 0.2.7.0.2 in 4.0.8:
      • Bug 11879: Stop bootstrap if Cancel or Open Settings is clicked
      • Bug 13271: Display Bridge Configuration wizard pane before Proxy pane
      • Bug 13576: Don't strip "bridge" from the middle of bridge lines
      • Bug 13983: Directory search path fix for Tor Messanger+TorBirdy
      • Bug 14122: Hide logo if TOR_HIDE_BROWSER_LOGO set
      • Bug 14336: Fix navigation button display issues on some wizard panes
      • Bug 15657: Display the host:port of any connection faiures in bootstrap
      • Bug 15704: Do not enable network if wizard is opened
    • Update Torbutton to 1.9.2.2. Changes since 1.7.0.2 in 4.0.8:
      • Bug 3455: Use SOCKS user+pass to isolate all requests from the same url domain
      • Bug 5698: Use "Tor Browser" branding in "About Tor Browser" dialog
      • Bug 7255: Warn users about maximizing windows
      • Bug 8400: Prompt for restart if disk records are enabled/disabled.
      • Bug 8641: Create browser UI to indicate current tab's Tor circuit IPs
        • (Many Circuit UI issues were fixed during 4.5; see release changelogs for those).
        • Bug 13651: Prevent circuit-status related UI hang.
        • Bug 13666: Various circuit status UI fixes
        • Bug 13671: Make bridges visible on circuit display
        • Bug 13672: Make circuit display optional
        • Bug 13881: Localize strings for tor circuit display
        • Bug 13882: Fix display of bridges after bridge settings have been changed
        • Bugs 13891+15207: Fix exceptions/errors in circuit display with bridges
        • Bug 14324: Show HS circuit in Tor circuit display
        • Bug 14866: Show correct circuit when more than one exists for a given domain
        • Bug 14937: Show meek and flashproxy bridges in tor circuit display
        • Bug 15086: Handle RTL text in Tor circuit display
        • Bug 15472: Make node text black in circuit status UI
        • Bug 15510: Close Tor Circuit UI control port connections on New Identity

        -->

    • Bug 9387: Security Slider 1.0
      • Include descriptions and tooltip hints for security levels
      • Notify users that the security slider exists
      • Make use of new SVG, jar, and MathML prefs
    • Bug 9442: Add New Circuit button to Torbutton menu
    • Bug 9906: Warn users before closing all windows and performing new identity.
    • Bug 10216: Add a pref to disable the local tor control port test
    • Bug 10280: Strings and pref for preventing plugin initialization.
    • Bug 11175: Remove "About Torbutton" from onion menu.
    • Bug 11236: Don't set omnibox order in Torbutton (to prevent translation)
    • Bug 11449: Fix new identity error if NoScript is not enabled
    • Bug 13019: Change locale spoofing pref to boolean
    • Bug 13079: Option to skip control port verification
    • Bug 13406: Stop directing users to download-easy.html.en on update
    • Bug 13650: Clip initial window height to 1000px
    • Bugs 13751+13900: Remove SafeCache cache isolation code in favor of C++ patch
    • Bug 13766: Set a 10 minute circuit lifespan for non-content requests
    • Bug 13835: Option to change default Tor Browser homepage
    • Bug 13998: Handle changes in NoScript 2.6.9.8+
    • Bug 14100: Option to hide NetworkSettings menuitem
    • Bug 14392: Don't steal input focus in about:tor search box
    • Bug 14429: Provide automatic window resizing, but disable for now
    • Bug 14448: Restore Torbutton menu operation on non-English localizations
    • Bug 14490: Use Disconnect search in about:tor search box
    • Bug 14630: Hide Torbutton's proxy settings tab.
    • Bug 14631: Improve profile access error msgs (strings for translation).
    • Bugs 14632+15334: Display Cookie Protections only if disk records are enabled
    • Bug 15085: Fix about:tor RTL text alignment problems
    • Bug 15460: Ensure FTP urls use content-window circuit isolation
    • Bug 15502: Wipe blob: URIs on New Identity
    • Bug 15533: Restore default security level when restoring defaults
    • Bug 15562: Bind SharedWorkers to thirdparty pref
  • Bug 3455: Patch Firefox SOCKS and proxy filters to allow user+pass isolation
  • Bug 4100: Raise HTTP Keep-Alive back to 115 second default
  • Bug 5698: Fix branding in "About Torbrowser" window
  • Bug 10280: Don't load any plugins into the address space by default
  • Bug 11236: Fix omnibox order for non-English builds
    • Also remove Amazon, eBay and bing; add Youtube and Twitter
  • Bug 11955: Backport HTTPS Certificate Pinning patches from Firefox 32
  • Bug 12430: Provide a preference to disable remote jar: urls
  • Bugs 12827+15794: Create preference to disable SVG images (for security slider)
  • Bug 13019: Prevent Javascript from leaking system locale
  • Bug 13379: Sign our MAR update files
  • Bug 13439: No canvas prompt for content callers
  • Bug 13548: Create preference to disable MathML (for security slider)
  • Bug 13586: Make meek use TLS session tickets (to look like stock Firefox).
  • Bug 13684: Backport Mozilla bug #1066190 (pinning issue fixed in Firefox 33)
  • Bug 13788: Fix broken meek in 4.5-alpha series
  • Bug 13875: Spoof window.devicePixelRatio to avoid DPI fingerprinting
  • Bug 13900: Remove 3rd party HTTP auth tokens via Firefox patch
  • Bug 14392: Make about:tor hide itself from the URL bar
  • Bug 14490: Make Disconnect the default omnibox search engine
  • Bug 14631: Improve startup error messages for filesystem permissions issues
  • Bugs 14716+13254: Fix issues with HTTP Auth usage and TLS connection info display
  • Bug 14937: Hard-code meek and flashproxy node fingerprints
  • Bug 15029: Don't prompt to include missing plugins
  • Bug 15406: Only include addons in incremental updates if they actually update
  • Bug 15411: Remove old (and unused) cacheDomain cache isolation mechanism
  • Bug 15502: Isolate blob: URI scope to URL domain; block WebWorker access
  • Bug 15562: Disable Javascript SharedWorkers due to third party tracking
  • Bug 15757: Disable Mozilla video statistics API extensions
  • Bug 15758: Disable Device Sensor APIs

  • Linux

    • Bug 12468: Only print/write log messages if launched with --debug
    • Bug 13375: Create a hybrid GUI/desktop/shell launcher wrapper
    • Bug 13717: Make sure we use the bash shell on Linux
    • Bug 15672: Provide desktop app registration+unregistration for Linux
    • Bug 15747: Improve start-tor-browser argument handling

  • Windows

    • Bug 3861: Begin signing Tor Browser for Windows the Windows way
    • Bug 10761: Fix instances of shutdown crashes
    • Bug 13169: Don't use /dev/random on Windows for SSP
    • Bug 14688: Create shortcuts to desktop and start menu by default (optional)
    • Bug 15201: Disable 'runas Administrator' codepaths in updater
    • Bug 15539: Make installer exe signatures reproducibly removable

  • Mac

    • Bug 10138: Switch to 64bit builds for MacOS

    Here is the list of changes since the last 4.5 alpha (4.5a5):

    • All Platforms
      • Update Tor to 0.2.6.7 with additional patches:
        • Bug 15482: Reset timestamp_dirty each time a SOCKSAuth circuit is used
      • Update NoScript to 2.6.9.22
      • Update HTTPS-Everywhere to 5.0.3
        • Bug 15689: Resume building HTTPS-Everywhere from git tags
      • Update meek to 0.17
      • Update obfs4proxy to 0.0.5
      • Update Tor Launcher to 0.2.7.4
        • Bug 15704: Do not enable network if wizard is opened
        • Bug 11879: Stop bootstrap if Cancel or Open Settings is clicked
        • Bug 13576: Don't strip "bridge" from the middle of bridge lines
        • Bug 15657: Display the host:port of any connection faiures in bootstrap
      • Update Torbutton to 1.9.2.2
        • Bug 15562: Bind SharedWorkers to thirdparty pref
        • Bug 15533: Restore default security level when restoring defaults
        • Bug 15510: Close Tor Circuit UI control port connections on New Identity
        • Bug 15472: Make node text black in circuit status UI
        • Bug 15502: Wipe blob URIs on New Identity
        • Bug 15795: Some security slider prefs do not trigger custom checkbox
        • Bug 14429: Disable automatic window resizing for now
      • Bug 4100: Raise HTTP Keep-Alive back to 115 second default
      • Bug 13875: Spoof window.devicePixelRatio to avoid DPI fingerprinting
      • Bug 15411: Remove old (and unused) cacheDomain cache isolation mechanism
      • Bugs 14716+13254: Fix issues with HTTP Auth usage and TLS connection info display
      • Bug 15502: Isolate blob URI scope to URL domain; block WebWorker access
      • Bug 15794: Crash on some pages with SVG images if SVG is disabled
      • Bug 15562: Disable Javascript SharedWorkers due to third party tracking
      • Bug 15757: Disable Mozilla video statistics API extensions
      • Bug 15758: Disable Device Sensor APIs
    • Linux
      • Bug 15747: Improve start-tor-browser argument handling
      • Bug 15672: Provide desktop app registration+unregistration for Linux
    • Windows
      • Bug 15539: Make installer exe signatures reproducibly removable
      • Bug 10761: Fix instances of shutdown crashes

    Post update 4/28/2015: Provide screenshots of the Tor Onion menu and Security Slider.
    Post update 4/28/2015: Add section headers.

  • Mercer

    April 30, 2015

    Permalink

    Sometimes Tor Browser 4.5 doesn't show circuit in the Onion menu.

    I see all menu, but no circuit related information.

    That might be the case because you are loading an internal page which does obviously not involve a Tor circuit. But hard to say without having an example which fails.

    Same problem here. Whether or not the Tor circuit is shown is hit and miss. I can find no pattern to it. Very frustrating. To me it's important to look at the circuit. One time all three servers showed being in the same country. BUT I CAN'T ALWAYS FIND OUT.

    Mercer

    April 30, 2015

    Permalink

    Flash proxy doesn't work.

    30.04.2015 22:14:15.493 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
    30.04.2015 22:14:15.493 [NOTICE] Opening Socks listener on 127.0.0.1:9150
    30.04.2015 22:14:17.430 [NOTICE] Bootstrapped 5%: Connecting to directory server
    30.04.2015 22:14:17.431 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server
    30.04.2015 22:19:17.430 [WARN] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 1; recommendation warn; host 4D6C0DF6DEC9398A4DEF07084F3CD395A96DD2AD at 0.0.1.0:1)
    30.04.2015 22:19:17.430 [WARN] 1 connections have failed:
    30.04.2015 22:19:17.430 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv2/v3 read server hello A in HANDSHAKE

    Mercer

    April 30, 2015

    Permalink

    Wait, you're giving people the option to activate Flash???

    I think even listing the "privacy settings" is a mistake. Just a chance for uninformed or unfocused or tired people to accidentally turn Tor Browser into Internet Explorer.

    Human error exists, why do you encourage it??

    Mercer

    April 30, 2015

    Permalink

    Thx for big update! You are the best!

    There is a problem with the new search engine disconnect. You click on the search result, target site see your https-referer (http not). The exact result is not in plain text, still a problem?!

    Example:

    Use disconnect and search for https://referer.rustybrick.com/

    Then click on it. See the result.

    Test done with Tor 4.0.8. (Win)

    Mercer

    April 30, 2015

    Permalink

    One of the best improvements is the isolation of different tabs. However I would like to know if there is anything else to be further isolated for the tabs to look like from different browser windows, for example are cookies isolated between tabs, whether as first party or third-party? What happens to the connections of addons, does the downloads of DownThemAll get isolated as well or could such addons even get correlated with the connections from browser tabs?

    First, there is no tab isolation. What is happening is that different things (like circuits, caches, DOM storage etc.) are isolated to the URL bar domain. (Eventually this will happen for cookies as well but we are not there yet.) This means having google.com open in two tabs would send all requests over the same circuit using the same parts of the cache, the same parts of the DOM storage etc.

    Then there are things like update checks of extensions or downloading extensions via the add-on manager in the browser that don't have a URL bar domain: they get put onto an own, different circuit currently.

    We are currently reworking our Tor Browser design document (https://www.torproject.org/projects/torbrowser/design/) which should have all the details shortly.

    If you open a new second window, are the cookies and more separate to the first window?

    Does this mean that it's more private if you use two windows over two tabs in one window? thank you.

    Mercer

    May 01, 2015

    Permalink

    Got a tor browser warning of someone hack attempting to make me click a link. I never saw this feature before. I closed tor immediately

    Mercer

    May 01, 2015

    Permalink

    Your tremendous efforts with this latest TB v4.5 are fantastic and deeply appreciated!

    There are however, two issues that seem troublesome but may or may not be intended temporary or permanent design features ...

    1) The NoScript Whitelist does not seem to be working properly because Whitelisted items seem to disappear randomly for unknown reasons and must be constantly re-added.

    2) As a few others have noted in the comments above, some of the provided bridge transport types don't seem to be working. For example, "meek-azure" worked in v4.0.8 and v4.5a5 but, hangs in v4.5.

    3) In the TB v4.5a5 options, there was a "TEXT" Applications "Content Type" that allowed the selection of a preferred Action. This was very useful but, seems to be missing in v4.5.

    THANKS Again for your dedication!

    Mercer

    May 01, 2015

    Permalink

    Problem with downloading from cloudflare

    V. 4.5:

    doesn't work. error message from cloudflare:

    "ERROR: Wrong IP. If you are using proxy, please turn it off / Or buy premium key to remove the limitation"

    Tried with different IP, same problem. Tried with different security slider (second lowest), same problem. Tried with temporary allow all scripts on this site, same problem.

    V. 4.0.8 with temporary allow all scripts on this site: no problem on same file, downloaded it two times on different IP.

    So:

    - There is a problem with the new security things on 4.5. Or Cloudflare only blocks some tor-exit-nodes. I think it's problem with the new setting things..

    Thanks for help

    gk, it's me again. Just reproduced it with another file, same problem with 4.5.

    Try the link I gave you.

    Then click on "Download from nitroflare.com"

    Now temporary allow all scripts on this site cause of easier captcha, enter it.

    Next site: On the left (free download) at the botton click on "slow download". Then it appears a beautiful page with real cloudes. Click on close on the right.

    New popup appears, close it. Now you see the name of the file and MB.

    Click on free download. it should start a timer from 60s to 0. If this doesn't appear and something like "you can download only in xx minutes) you have to do the same thing again with a new identity. Cause someone had already used this IP for downloading in the last 2 hours.

    If you come to the timer 60 to 0 at 0 there is a captcha. Do it. Then "slow download", then "click here for download". And now the problem with 4.5: "ERROR: Wrong IP. If you are using proxy, please turn it off / Or buy premium key to remove the limitation"

    With 4.0.8 it it starts the download.

    .

    Mercer

    May 01, 2015

    Permalink

    How about making 256 bit encryption the default setting when the Security Slider is set to 'high'? I've read 128 bit encryption is Tor Browser's default setting but 256 is available if a client goes into 'about:config' and modifies some settings.

    Mercer

    May 02, 2015

    Permalink

    The new update is just Fantastic. Thanks Tor project for your hard work into Tor browser 4.5. Keep up the good work.

    Mercer

    May 02, 2015

    Permalink

    Who has ever heard of Disconnect before ? What reason is there to trust it ?

    Mercer

    May 02, 2015

    Permalink

    hello, when i am downloading a file (for instance a picture) from the net using firefox or the tor browser, it happens quite often that it already exists a file with the exact same filename as the file i'm downloading in the folder where i want to put it. then i have to say "no, i don't want to overwrite the file" and change the filename of the file i'm downloading. my question is if it is possible to make firefox or the tor browser automatically rename files if their filename already exists? (also this specifically to tor browser cause of the "don't add add-ons to tor browser issue" any methods besides installing downthemall or the like) and someone might pass this issue to mozilla and debian i think. would save me a lot of time:) thanks!

    Mercer

    May 03, 2015

    Permalink

    FINALLY we can see our circuit. Orbot would tell you what relays your traffic went through but not Tor Browser (unless I missed it in some obscure place). Well done.

    Mercer

    May 03, 2015

    Permalink

    Can we expect a complete vidalia replacement for tor browser so we can see all relays and all circuits? What about android tor browser? Its pretty poor atm.

    Mercer

    May 03, 2015

    Permalink

    A very important security update that I hope will be implemented is the following:

    Tor Browser could make sure that the relay pair(Entry, Middle, Exit) aren't from the same country(such as: USA->USA->USA(worst case), USA->Russia->USA(just as bad), USA->USA->Russia(bad)).

    Another would be making sure relays aren't from same region. Such as Europe->Europe->Europe. It would be best like: Europe -> Anything -> Asia.

    Another thing would be checking from which jurisdiction you're at and from that choose which would be best entry.

    For example, if you're from Europe or USA then you choose Entry as Asia or Russia.

    I agree. Especially since the "Show Circuit" feature doesn't work consistently. The user should have SOME choice about countries to avoid or not to double up on. Using the same country for all three servers never seemed like a good idea to me. You do not know who runs the servers. There's no guarantee that three servers in three different countries aren't jointly "coordinated", but allowing the user to force servers from different jurisdictions seems like a good idea to me.

    Mercer

    May 03, 2015

    Permalink

    There are a serious issues with recaptcha from google.

    Google has changed the recaptcha system from text to images, but with tor browser we cant see the images to solve the captcha.

    I tried disable Noscript and HTTPS and nothing

    I can't believe I can only find one complaint about this.

    GUYS I ALSO HAVE THIS ISSUE.
    THIS IS MAJOR ISSUE

    I cannot login to websites using Google Recaptch ever since they changed it. I am just stuck. HELP!! Damn how can I display this damn Google Recaptcha. The old ones from Google worked fine, but this new one with Image selection doesn't work with TOR!!!!!

    Major issue, non-workable

    Mercer

    May 04, 2015

    Permalink

    I am a newbie to TOR, I started with 4.0.7 and Vidalia which I still use with 4.5 as it gives me more information than the new "Tor circuit information...".

    I know that you do not maintain Vidalia but I would appreciate your comments on the following warning message I just got: "Potentially Dangerous Connection! - One of your applications established a connection through Tor to "127.0.0.1:443" using a protocol that may leak information about your destination. Please ensure you configure your applications to use only SOCKS4a or SOCKS5 with remote hostname resolution."

    I am rather confused since I have not specifically configured and application.

    Any informastion would be welcome.

    Thanks

    I too, still use Vidalia and have gotten that warning. And I've seen a few queries elsewhere on the net. But no actual answers. I know the Tor project doesn't support the continued use of Vidalia, but the thing is, I don't the problem is Vidalia-related. That makes it even more curious that no one has even addressed your query, going on nearly 2 months.

    Mercer

    May 04, 2015

    Permalink

    whilst viewing a forum I accessed through Hidden Wiki via TOR, a window popped out from the no-script feature of TOR and advised me to press the image in the pop-up window to avert a skipjack play!

    I did but nothing happened so I pressed the URL in the pop up window and the original forum window became accessible again but slightly different with the same info!

    I had set the TOR 4.5 setting to the max in security so i was a bit surprised about this!

    prior to accessing the forum I had set the "about;config" to kill any java access by the program

    is there anything to concern about this - I am a bit bemused as to what the whole thing was about !!

    Mercer

    May 04, 2015

    Permalink

    Great stuff, loving the constant and cosistent updates/patches!

    I really upgraded from 4.08 to 4.5 TBB but when I go to the addons menu, it gives me an error:

    XML Parsing Error: undefined entity
    Location: about:addons
    Line Number 359, Column 15:

    Yep, it seems when installing over a older version, tor doesn't even get updated (even though installation is successful) and causes problems like this. Completely New installation doesn't have this problem