Tor Browser 4.5.2 is released

A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.

Tor Browser 4.5.2 provides a fix for the Logjam attack (https://weakdh.org/) and updates a number of Tor Browser components: Tor to version 0.2.6.9, Torbutton to version 1.9.2.6, NoScript to version 2.6.9.26 and HTTPS-Everywhere to version 5.0.5. Moreover, it fixes a possible crash on Linux and avoids breaking the Add-ons page if Torbutton is disabled.

Here is the complete changelog since 4.5.1:

All Platforms
- Update Tor to 0.2.6.9
- Update OpenSSL to 1.0.1n
- Update HTTPS-Everywhere to 5.0.5
- Update NoScript to 2.6.9.26
- Update Torbutton to 1.9.2.6
  - Bug 15984: Disabling Torbutton breaks the Add-ons Manager
  - Bug 14429: Make sure the automatic resizing is disabled
  - Translation updates
- Bug 16130: Defend against logjam attack
- Bug 15984: Disabling Torbutton breaks the Add-ons Manager
Linux
- Bug 16026: Fix crash in GStreamer
- Bug 16083: Update comment in start-tor-browser

Cloudflare has changed his

Cloudflare has changed his ugly behaviour blocking normal surfing with tor and is
working with most(?) exit relays?
That would be nice.

Have you changed the way the

Have you changed the way the scrolling through pages with the arrow down key works? Ever since this update it seems using the arrow up and down keys to move up and down a webpage results in different behaviour. Whereas before it would scroll down evenly and smoothly, now it makes sudden jumps and seems to act more like a tab key! I dont think it is performing tab function though. It will work well when scrolling through text for example, but then will suddenly change.

It seems like the arrow keys might be causing the cursor to jump to sections of text as if you are in a word processing program rather than on a webpage! It is very annoying whatever it is and I think it should be changed back. It also caused trouble when trying to select a body of text using the shift key + the up or down arrow, suddenly deselecting a section of text that had already been selected and jumping to another section. Is this a bug or was this deliberate to try and achieve something?

I am trying to download the

I am trying to download the Tor browser and verify that the download is secure. Tor instructions read:
-----------------------------------------------------------------------
To verify the signature of the package you downloaded, you will need to download the ".asc" file as well. Assuming you downloaded the package and its signature to your Desktop, run:

For Mac OS X users:
gpg --verify ~/Desktop/TorBrowser-4.5.3-osx64_en-US.dmg{.asc*,}
---------------------------------------------------------------------------
The download does not include the .asc file and I cannot find it to download. Anyone know where it is?

Upcoming Events

January 25, 2019

Tor Meetup (Athens)

February 02, 2019

Tor Meetup (Berlin)

February 02, 2019 - February 03, 2019

FOSDEM (Brussels)

February 06, 2019 - February 08, 2019

IT Defense (Stuttgart)

March 23, 2019 - March 24, 2019

LibrePlanet (Boston)

See All Upcoming Events

Recent Updates

New Release: Tor 0.4.0.1-alpha

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.0.1-alpha from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely by the end of the month.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Tor 0.4.0.1-alpha is the first release in the new 0.4.0.x series. It introduces improved features for power and bandwidth conservation, more accurate reporting of bootstrap progress for user interfaces, and an experimental backend for an exciting new adaptive padding feature. There is also the usual assortment of bugfixes and minor features, all described below.

Changes in version 0.4.0.1-alpha - 2019-01-18

Major features (battery management, client, dormant mode):
- When Tor is running as a client, and it is unused for a long time, it can now enter a "dormant" state. When Tor is dormant, it avoids network and CPU activity until it is reawoken either by a user request or by a controller command. For more information, see the configuration options starting with "Dormant". Implements tickets 2149 and 28335.
- The client's memory of whether it is "dormant", and how long it has spent idle, persists across invocations. Implements ticket 28624.
- There is a DormantOnFirstStartup option that integrators can use if they expect that in many cases, Tor will be installed but not used.
Major features (bootstrap reporting):
- When reporting bootstrap progress, report the first connection uniformly, regardless of whether it's a connection for building application circuits. This allows finer-grained reporting of early progress than previously possible, with the improvements of ticket 27169. Closes tickets 27167 and 27103. Addresses ticket 27308.
- When reporting bootstrap progress, treat connecting to a proxy or pluggable transport as separate from having successfully used that proxy or pluggable transport to connect to a relay. Closes tickets 27100 and 28884.

Strength in Numbers: The Final Count Is In

One of the Tor Project’s ongoing goals has been to diversify our funding sources.

New Releases: Tor 0.3.5.7, 0.3.4.10, and 0.3.3.11

Tor 0.3.5.7 is the first stable release in its series; it includes compilation and portability fixes, and a fix for a severe problem affecting directory caches. Tor 0.3.4.10 and 0.3.3.11 are also released today; please see the official announcements for those releases if you are tracking older stable versions.

The Tor 0.3.5 series includes several new features and performance improvements, including client authorization for v3 onion services, cleanups to bootstrap reporting, support for improved bandwidth- measurement tools, experimental support for NSS in place of OpenSSL, and much more. It also begins a full reorganization of Tor's code layout, for improved modularity and maintainability in the future. Finally, there is the usual set of performance improvements and bugfixes that we try to do in every release series.

There are a couple of changes in the 0.3.5 that may affect compatibility. First, the default version for newly created onion services is now v3. Use the HiddenServiceVersion option if you want to override this. Second, some log messages related to bootstrapping have changed; if you use stem, you may need to update to the latest version so it will recognize them.

We have designated 0.3.5 as a "long-term support" (LTS) series: we will continue to patch major bugs in typical configurations of 0.3.5 until at least 1 Feb 2022. (We do not plan to provide long-term support for embedding, Rust support, NSS support, running a directory authority, or unsupported platforms. For these, you will need to stick with the latest stable release.)

Below are the changes since 0.3.5.6-rc. For a complete list of changes since 0.3.4.9, see the ReleaseNotes file.

Changes in version 0.3.5.7 - 2019-01-07

Major bugfixes (relay, directory):
- Always reactivate linked connections in the main loop so long as any linked connection has been active. Previously, connections serving directory information wouldn't get reactivated after the first chunk of data was sent (usually 32KB), which would prevent clients from bootstrapping. Fixes bug 28912; bugfix on 0.3.4.1-alpha. Patch by "cypherpunks3".
Minor features (compilation):
- When possible, place our warning flags in a separate file, to avoid flooding verbose build logs. Closes ticket 28924.

Strength in Numbers: Library Freedom Is Intellectual Freedom

Photo by Janko Ferlič on