Tor Browser 5.5.1 is released

Tor Browser 5.5.1 is now available from the Tor Browser Project page and also from our distribution directory.

Most notably, this release features fixes for regressions caused by our font fingerprinting defense: chinese users should have a functional Tor Browser again and emoji support is restored on OS X and Linux systems (we are still working on a fix for Windows).

Moreover, we fixed an oversight in one of our patches which broke some websites depending heavily on iframes.

The full changelog since 5.5 is:

Tor Browser 5.5.1 -- February 5 2016

  • All Platforms
    • Bug 18168: Don't clear an iframe's window.name (fix of #16620)
    • Bug 18137: Add two new obfs4 default bridges
  • Windows
  • OS X
  • Linux

If you read the advice on the Tor home page you will note one is STRONGLY advised not to install any ad ons (for example Adblock Plus) as it may create a security vulnerability

We do have help in No Script ad on which has been included with Tor Browser and configured for safety

Don't add anything else. You may adjust the configurations however

In Tor Project We Trust

khled.8@hotmai.com

February 10, 2016

In reply to by Anonymous (not verified)

Permalink

noscript is standard in tbb. rarely do any ads survive disabled javascript.
if need javascript on a site, be sure to also go through noscript's "untrusted" menu and set as many domains to untrusted.

I'm not sure what exactly you're talking about with setting "as many domains to untrusted" but it sounds like something that could be used for fingerprinting. If security is a concern you're best off simply setting the security slider to High.

Doing so will increase attack surface.

It will also piss off advertisers even more and they can make the use of tor more difficult; see Cloudflare.

khled.8@hotmai.com

February 07, 2016

Permalink

nice

khled.8@hotmai.com

February 07, 2016

Permalink

Can't see my saved usernames and passwords.

Thanks for all your hard works guys! =)

khled.8@hotmai.com

February 07, 2016

Permalink

Flash player has not worked the past 2 new upgrades I continue to have to reinstall every day 5.0.4

Flash is VERY INSECURE and cannot be used with Tor. It disclosure your IP.

Flash player has not worked the past 2 new upgrades I continue to have to reinstall every day 5.0.4

The US government will reward you with 1 million US dollars cash if you can persuade 1 million TBB users to use Flash every time they use the software. Proof that it is your persuasion that works must be provided before you claim your reward.

Remember that is must be 1 million TBB users, not 200,000 or part thereof.

"I continue to have to reinstall every day 5.0.4"

Well turn the automatic update off from the options if you want to keep using the (unsecure) old version dumbass. O_o

The emoji in Linux works again after this update, but they're terrible. Most of the faces at http://apps.timwhitlock.info/emoji/tables/unicode#emoji-modal look like PacMan ghosts and their facial expressions aren't identifiable at typical font sizes on the web.

Oooops!

I see I'm almost at the head of the comments queue! Does this reveal me as being too reliant on tor?

"Take it easy hoss, coincidences do occur. Check it out next time 'round"

I've been chatting to some chicoms over the past few days - they've been trying, hard, to re-assure me that everyone in China can access the global internet. LOL

Now I'm gonna hafta refer 'em to this 5.5.1 thread so that they can cobble up reasons as to why such a wonderful ideology needs tor...

Oooops! I don't need to - they're here already...

good

Thank You Very Much for Your Excellent Service!!

why is there so much shitposting in the comments here.

We are new to Tor.

Yesterday, using a 4 exit router, I wanted to plug the laptop (using TOR) into one outlet and the wife wanted the desktop (non-TOR) plugged into another one. On the laptop I got a message about the same IP being used on both.

Could this situation compromise my security via TOR?

Please advise?
Thanks.
Keep up the good work.

khled.8@hotmai.com

February 08, 2016

In reply to by Anonymous (not verified)

Permalink

Just another Tor user here.

Your problem description is a little vague between whether the message meany the two computers were sharing the same external IP (that's the one assigned by your ISP to your router), or the (supposedly) unique internal IPs assigned via DHCP by the router to each computer. In either case, it's irrelevant to Tor, as that conceals the external IP, which is what websites typically log to track you.

The internal IPs (typically of the form 192.168.x.y) should be hidden from the internet by the router's Network Address Translation (NAT) table, though this can be circumvented by naughty javascript blabbing that back to a website. It should be impossible for DHCP to assign the same IP to two different computers, so I assume that the 'message' was not that but just one confirming the same external IP that each computer has to share via the router's NAT table.

Does that match what you saw?

Thanks for getting back to us and for your thoughts.

I have just tried to reproduce the situation, so as to be able to note down the actual message and transcribe it here, but it hasn't shown itself again.

I do remember though that the message advised us to contact (someone like) the system administrator to resolve the issue.

We have the McAfee firewall and under the section "My network connections" the IP addresses shown on both the laptop and the desktop are exactly the same.(or rather the same range: e.g. 192.168.A. B to 192.168.A.C.

I'm sorry if I am not being very clear. As I said previously we are new to all this.

As for Javascript, on the laptop where we run TOR I have scripts globally forbidden and Javacript disabled in about:config.

Your further thoughts would be appreciated.

Thanks

"contact (someone like) the system administrator to resolve the issue"
Those grey messages can be copied. Be sure the message "window" is the active window, by clicking the title bar or anywhere but the "ok" button. Then use the usual copy keyboard command Ctrl+C, which is:
(hold) Ctrl, tap C (then release Ctrl key)
Then you can paste into a text file, or directly into... here.

From what you wrote, I'm guessing that mcafee firewall probably is allowing your local network to access among itself. i doubt mcaffee is causing that windows error message. that range is router's range, which most often is:
192.168.0.0 through 192.168.0.255
or
192.168.1.0 through 192.168.1.255

suspect the message was a windows message about local IP (192.168.0.x or nearly that on home routers) conflict. The conflict shouldn't stop internet access, but will erratically break local network connections.
You may not need local connections.

if you do,
Run eventvwr.msc. look for errors near the time the messages popup. you might see master browser errors.
Then, search the web for the event number and some of the error text.

setting each pc and laptop to a static IP might fix the problem. Might need to turn off master browser in services.msc, and maybe create lmhosts file.

or maybe easier is to let only one pc run its master browser. It is best if that PC is running more often than the other pcs.
the other pcs should obey that master browser pc.

I am really satisfied with TOR in IRAN . I thing TOR is the best one . some time it happens slow connection . but it is not so important.
h.hayati

very good

i still cant surf the net with mtn nigeria modem. it seems the network provider has blocked tor. pls provide guide to surf with mtn modem

very good

Ha mejorado mucho, muy bueno.

very good

ok

How can i use my tor broswer i have the app on my galaxy s6 someone please help me

I'm not exactly familiar with mobile, but I don't think Tor Browser will run. Maybe you should try Orbot?

In the past few weeks I have experienced several times an "secure connection failed" error while connecting to a https page.
The TOR Browser gives me an option to report the incident.
I have three questions:
1. To whom exactly is this report sent? TOR? Mozilla? (If it is sent to Mozilla, do they share this information with you afterwards?)
2. Is it being sent by the same TOR circuit as the previously failed connection?
3. When this error happens, the TOR button does not display the information about the nodes of the current circuit. Is there a way to get this information from within the TOR browser?

Thank you for answering in advance.

i think this one of many firefox certificate errors?

but, when a page doesn't connect, i use torbutton "new tor circiut for this site". then tbb usually connects.

Thanks. I'm suspecting this may be a result of a relay tampering with the connection. I'm asking because I would like to report such things, so that relays get banned if they are really up to no good.

why bother with "relay tampering" it is simple isp tampering/nsa tampering/cloudflare tampering etc. please report somewhere...

gk, could you answer all the questions? (new item for FAQ or even a ticket, maybe)

I can ad hoc answer the third one which is https://bugs.torproject.org/15897. For the first I'd say "Mozilla" and with respect to the sharing "no, they don't". For the second I'd say "not the same circuit". But I'd have to double-check.

This is a noob question. How can you access the "Dark Web" on TOR
Thanks in advance

i think "dark web" is casual name for .onion urls, which look like http://nnnnnn.onion/

I want a safe browser. I sure hope developers do not give in to requests for emoji and other nonsense that prove to have vulnerabilities for backdoor hacking. Keep it safe and flush those requests with the brains that ask for them.

Could you back up your claim that ties emojis to "vulnerabilities for backdoor hacking"?

some1 pls explain to me, was inalot of forums, wasnt able to find answerr why fullscreen,s is unsecure? i mean a fella has 1400x700 res so as millionz of them in the world, what does that unveils?

First of all, I don't think 1400x700 is that standard a resolution.
The resolution that can be determined via javascript, css, or whatever else isn't your screen resolution, it's the resolution of the internal window. If you do anything that alters that resolution you're changing the reported resolution.
Also, if you use fullscreen in your normal browser you're reducing the size of the haystack that needs to be searched through. It isn't just an issue of the fingerprint of Tor Browser, it's also an issue of the fingerprint of any other browser you use.

i don't see 1400x700 here
http://www.w3schools.com/browsers/browsers_display.asp
in 2016, 35% is the largest percentage of any resolution. many resolutions are single digit percentages.

1400x700 is not here http://www.w3schools.com/browsers/browsers_resolution_higher.asp

no 1400x700 on https://www.w3counter.com/globalstats.php
most common resolution 1366x768 is only 16.67%

Im having problem with my tor browser, can anyone help?? I have to restart my computer every time i wanna start my tor, once i restart it will start but if i close it will not start till i restart again. Please help

Thanks TOR Servers. Your work is excellent.

User - Elizabeth

can't update on tails any suggestions says I do not have permission [+1]

Tor was working fine a week ago . but after the update it doesnt even load pages. not even what i type into the search box. am tired and it sucks

mine too :(

Works just fine for me. Maybe you need to explain your situation better.

hello