Tor Browser 5.0a1 is released

The first alpha release in the new 5.0 series of the Tor Browser is now available from our extended downloads page as well as the distribution directory.

Tor Browser 5.0a1 is based on Firefox ESR 31.7.0, which features important security updates to Firefox.

In addition to including all of the fixes that were present in the 4.5.1 release, this alpha release also features some additional privacy defenses.

In particular, this release re-enables the automatic window resizing fingerprinting defense that first appeared in 4.5a4. This defense can be disabled by setting the about:config pref extensions.torbutton.resize_windows to false, but please first report any issues you encounter on the feature's trac ticket.

This release also introduces a new defense against various forms of performance fingerprinting and time-based side channel attacks. A handful of new attacks have been published recently that take advantage of Javascript's high-performance timers to determine hardware performance, perform keystroke fingerprinting, extract history information, and even steal sensitive data from memory. Because this defense reduces the resolution of time available to Javascript to 100 milliseconds for all time sources, and to 250 milliseconds for keypress event timestamps, we are especially interested in hearing any reports about issues with HTML5 video, animation, or game sites. Hopefully you will have as much fun testing this defense as we will!

Here is the complete list of changes since Tor Browser 4.5:

  • All Platforms
    • Update Firefox to 31.7.0esr
    • Update meek to 0.18
    • Update Tor Launcher to 0.2.7.5
      • Translation updates only
    • Update Torbutton to 1.9.2.5
      • Bug 15837: Show descriptions if unchecking custom mode
      • Bug 15927: Force update of the NoScript UI when changing security level
      • Bug 15915: Hide circuit display if it is disabled.
      • Bug 14429: Improved automatic window resizing
      • Translation updates
    • Bug 15945: Disable NoScript's ClearClick protection for now
    • Bug 15933: Isolate by base (top-level) domain name instead of FQDN
    • Bug 15857: Fix file descriptor leak in updater that caused update failures
    • Bug 15899: Fix errors with downloading and displaying PDFs
    • Bug 15773: Enable ICU on OS X
    • Bug 1517: Reduce precision of time for Javascript
    • Bug 13670: Ensure OCSP requests respect URL bar domain isolation
    • Bug 13875: Improve the spoofing of window.devicePixelRatio
  • Windows
    • Bug 15872: Fix meek pluggable transport startup issue with Windows 7
  • Build System
    • Bug 15947: Support Ubuntu 14.04 LXC hosts via LXC_EXECUTE=lxc-execute env var
    • Bugs 15921+15922: Fix build errors during Mozilla Tryserver builds
Tags
tor browser bundle
tor browser
tbb
tbb-5.0

Guess this is the wrong way. Within an onion network, there are captchas everywhere (even google search, not that i would use it). This should work properly and imho, its nothing a user has to solve. Guess whats the answer, when a user asks "hey google, your recaptchas dont work with TOR browser. Would you mind to change things up?".
I reckon its a hard thing to handle but its a problem, a user can and will not solve, even if he/she wanted to...

google been jamming tor visitors with the endless ipv4.google.com, for years. the page reloads the same, except with a new captcha. google simply won't accept tor visitors.

Anonymous

Anonymous (not verified) said:

May 27, 2015

Permalink

Spyware.password Malware File c:\Users\xLm\Desktop\Tor Browser 4.5.1\Browser\AccessibleMarshal.dll

Spyware.password Malware File c:\Users\xLm\Desktop\Tor Browser 4.5.1\Browser\libEGL.dll

Spyware.password Malware File c:\Users\xLm\Desktop\Tor Browser 4.5.1\Browser\libGLESv2.dll

Spyware.password Malware File c:\Users\xLm\Desktop\Tor Browser 4.5.1\Browser\mozalloc.dll

Spyware.password Malware File c:\Users\xLm\Desktop\Tor Browser 4.5.1\Browser\mozglue.dll

Spyware.password Malware File c:\Users\xLm\Desktop\Tor Browser 4.5.1\Browser\components\browsercomps.dll

Malwarebytes V 2.1.6.1022

Halp - thx

Anonymous

Anonymous (not verified) said:

June 09, 2015

Permalink

TOR Browser has become totally useless! Recently Google made a change to their Recaptcha to choose images matching an image. Such as to choose all the Coffees or all the Burgers etc.. But Tor doesn't show the matching images.

This is not about the captcha on Google's site. This is about the Recaptcha that many other websites are using but which uses Google recaptcha component.

Making it absolutely impossible to view these websites.

Tor does not work with Google's new recaptcha. I see here many people complain abot it and nothing has been done.

Anonymous

Anonymous (not verified) said:

June 09, 2015

Permalink

Bug with Wordpress 4.2 ?

There seems to be a general problem with the Canvas fingerprinting warning on websites that have implemented the new Wordpress april version 4.2 code.
It seems to trigger the Torbrowser warning on code that seems to have something to do with emoticon functionality using canvas code.

Example website : https://wordpress.org/news/2015/05/wordpress-4-2-2/

Could it be that this is not correct warning behavior?
Or is it? Why?

Anonymous

Anonymous (not verified) said:

June 17, 2015

Permalink

Can't get on many sites because new recaptcha not working.
It doesn't show images i have to match.
I tried enable all script and still not working.

The same problem.

I'm more than a week trying to resolve this problem. ANY SITE containing CAPTCHA is INACCESSIBLE for me.

Even writing correctly, always appears an error Feedback that not me access to the site. In some cases the image does not even appear. TOR installed on various platforms such as Linux Ubuntu 15.04, Windows 10 and TailLinux 1.5.

All had the same problem. I tested several settings, including withdrew all security lock TOR and adiconei the latest updates of Java and Flash. Nothing. I tested three different versions of TOR (4.0.4, 5.0 and the new 5.5) all showed the same result.

The biggest problem is that much of the Deep Web sites (.onion .i2p and .freenet) require this type of security protocol to access them. Mainly e-mail creating websites and forums.

I need to urgently create an account on Tor2mail (yes I know that this FBI spying ¬.¬) But I need.

I know that the TOR of the team is working hard to keep the program away from the NSA, FBI and others. And help us to have anonymity and privacy. And I thank them very much for that! But this error should not be ignored.

If anyone knows how to solve this problem please let me know. If I found something new warning you.

Thank you all!

Anonymous

Anonymous (not verified) said:

August 17, 2015

Permalink

Google recaptcha doesn't work on ANY site when NoScript is enabled. I've tried new OS installs, new TOR Browser installs and get the same problem since May until now. This is what happens to me:

If NoScript is enabled, I will see the recaptcha that has the grainy black and white letters over the black and white background that are nearly impossible to read. The recaptcha is rigged not to work. There's been a few times where I know with 100% certainty I solved the recaptcha right because the letters were very legible and unambiguous. STILL won't work.

If NoScript is disabled, then I get a different kind of recaptcha which is much easier to solve. But I lose the benefit of NoScript blocking the FBI from using an XSS attack on my through a flash object or invisible iframe.

I consider TOR worthless until this is fixed because Actionscript and Flash objects will ALWAYS have leaks that the FBI can use to put de-anonymizing malware onto my machine.

I'm switching to I2P, I have no other choice.

Anonymous

Anonymous (not verified) said:

December 23, 2015

Permalink

CAPTCHA not working for me ether.
No matter what I type in it wont accept it.