Tor Browser 6.0.4 is released

Tor Browser 6.0.4 is now available from the Tor Browser Project page and also from our distribution directory.

This release finally brings Tor Browser users the latest Tor stable, 0.2.8.6, and avoids pinging Mozilla's servers for system extensions.

Pinging Mozilla's servers was responsible for users getting an extension into their Tor Browser that resulted in annoying and confusing "Your Firefox is out of date" notifications on start-up (bug 19890). Thanks to Mozilla engineers, who fixed that issue as quickly as possible on their side, the extension is not shipped to Tor Browser users anymore since August 11 13:00 UTC. This takes care of getting the add-on removed as well in case it got installed into Tor Browser (as does the fix we ship in Tor Browser 6.0.4) which should have happened/is happening during the next extension update ping. For further information see the discussion in our bug tracker.

Users that are on the alpha channel or are using the hardened Tor Browser were not affected. The same goes for Tails users as far as we know.

The full changelog since Tor Browser 6.0.3 is:

Tor Browser 6.0.4 -- August 16

  • All Platforms
    • Update Tor to 0.2.8.6
    • Update NoScript to 2.9.0.14
    • Bug 19890: Disable installation of system addons
Anonymous

August 19, 2016

Permalink

hmmm what to say......... well im pretty much brand new to tor ive read and read as much as i can but tbh im simply not a computer wiz and im getting tired of reading one thing and then i find another that seems to be completely different and it doesnt bloody help that i dont even know for sure what TBB stands for basically im as n00b as they come lol but i want to check if anyone has some valuable information they would like to share with me maybe links to great websites to start learning i just need a secure foundation to start research ive just spent too long getting lost in the maze of the world wide web

i love tor btw i was gonna list all the things i love but i dont have time need sleep
anyway thank you so much for all the hard work and thanks in advance to anyone that helps me ;)

Anonymous

August 20, 2016

Permalink

Sweden government and swedish police are acting very similar to Stasi and old DDR... Its terrifying, I am greatful for TBB. Thank you.

Anonymous

August 20, 2016

Permalink

Had this experience with the new Tor Browser.

The page https://check.torproject.org/ showed
"Sorry. You are not using Tor. Your IP address appears to be: 177.154.145.102"

Tor button showed me my exit node "Ukraine (185.61.138.124)".

There are two exit nodes on this IP:
$BAD729D970BB21759E9A8BA655416C23CFF9535C
$2F270CA7AC30F4C3F243E785822A519C9793F4AE

I am neither in Brazil nor do I use a VPN.

I see a difference. One user on the linked page pointed out that the IP in question there appears to be a Tor relay - just not showing up on the default check.torproject.org query.
Whereas in this instance I could not find the IP 177.154.145.102 being related to the Tor network.

Anonymous

August 20, 2016

Permalink

CHASE
USING TOR BROWSER

You need to upgrade your browser to access your accounts and statements.

A newer browser will help make your chase.com experience even better, and
help keep your accounts and personal information secure.

Download a new version of your favorite browser here:

Internet Explorer > (download the latest version.) (Opens Overlay)

Firefox > (download the latest version) (Opens Overlay)

Chrome > (download the lastest version) (Opens Overlay)

Safari > (download the lastest version) (Opens Overlay)

You can also access your accounts and statements from your tablet, mobile device or the Chase Mobile® App Footnote 1 (Opens Overlay). If you have questions, contact us.

Some sites always say this simply because Javascript is disabled. Check if that was the case for you, and use NoScript's options to whitelist the relevant sites.

OK, but I thought since TBB sets the user agent to the very generic "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" those sites would even see that.

Anonymous

August 21, 2016

Permalink

ADD LAST SOME GUYS WHO ARE DOING SOMETHING USEFULL ON THE NET OTHER THEN SEND SPAM Thanks boys and girls GREAT work !!

Anonymous

August 21, 2016

Permalink

This update removed the ability for users to manage cookies, probably because you went to Mozilla 44.

Since you can no longer select "Ask me every time" regarding cookie policy you now have to chose between accepting no cookies at all, meaning logging in to any site is broken, or letting every tracking cookie on the net (except third party) crawl all over you browser.

You really shouldn't have done this without vetting a cookie manager and bundling it with the browser. It's not acceptable that a privacy suite should be broken in such a fundamental area without the user first of all noticing the problem and then also managing to find a manager that is safe to use.

TB has to update to newer versions of Firefox on occasion because unsupported older versions don't get bug fixes for anything, including serious security vulnerabilities. It would be great if the Tor Project could fork Firefox and go its own way; even better might be a new browser designed from the ground up to work with Tor. However, The Tor Project doesn't have anywhere near the resources required support every part of a browser. It's a (relatively) small organization with a small number of staff, compared to the hundreds of people Mozilla/Google/Microsoft have dedicated to browser development.

NOTE: I accidentally deleted a blog post containing a criticism about me just pointing to the design document instead of mentioning the things I wanted to mention directly. I am sorry about that. Furthermore it noted that managing cookies should work nevertheless.

I agree with the latter. And it might indeed be the case that cookies managing broke for some reason while moving to ESR45. In that case filing a bug in our bug tracker (https://trac.torproject.org) mentioning steps to reproduce the problem would be a good thing.

I gave the pointer to the design document as Tor Browser is currently only concerned with cross-origin tracking. Which means we don't rely on managing first party cookies for achieving privacy goals and third party cookies are at the moment disabled (until we get them keyed to the URL bar domain). Hope this helps.

Anonymous

August 21, 2016

Permalink

It has been many days perhaps coinciding with this release of TBB v6.0.4? since torproject ceased offering bridges for pluggable transports. Maybe admin can't speak directly to why that is (I have found no mention, and discussions are either being deleted or are failing to be approved for comment) but if one is needing to be circumspect about it, is there any acknowledgement possible, of the fact that it can't be addressed right now? If the project were in receipt of (another) FISA letter, it could not by law be revealed but, lacking any discussion it ought to be noted that speculation about such a letter will persist. Or, is there a simple technical reason why pluggable transports aren't being supported? This contradicts release notes.

what are torproject's plans with later versions of firefox in future torbrowser updates given e10s/move to web extensions and the plethora of new attack surfaces (features), trackable by default config options mozilla seem to be adding to their future browser releases?

Our plan has not changed: we follow Mozilla, trying to get as many patches upstreamed as possible while making sure the new features/default config options are no harm for our users. If so, we patch them to our needs.

Anonymous

August 22, 2016

Permalink

Considering Disconnect.me search is not working with google and just redirects to duckduckgo, is there a reason why TB is using disconnect.me instead of duckduckgo as the main search engine?

Well, we hoped they got back access to Google search results but that does not seem to be the case. We have made the switch to DuckDuckGo in the alphas to test it and assuming it sticks the next major stable update will have it, too.

Instead of Disconnect.me or DDGo,
* why not include Searx?
Is it because Searx has many instances, and we can’t all use the same instance (same server)?
* why not include Lite Qwant?
DDGo doesn’t seem very trustworthy in terms of privacy — what they say may not be the whole truth.
As for Disconnect, their extension for FF is totally lame IMHO, so why should we trust them with a search engine safe from Google’s spying.

Anonymous

August 22, 2016

Permalink

On windows, 6.0.3 connects fine, however 6.0.4 doesn't. Installed 6.0.4 in a fresh directory, still "could not connect to control port". Shut down, open 6.0.3, connects fine. No firewall. Weird. Disabling automatic updates for now.

No other tor instance running when opening another. I close 6.0.3 to open 6.0.4. Running anti-virus, but no logs or notices about tor. Would the AV like 6.0.3 and not 6.0.4?

Anonymous

August 22, 2016

Permalink

If it updates from 5.0.4 , Bangla font is not showing. That's why I had to reinstall 5.0.4 frequently. Is there any solution ?

Anonymous

August 23, 2016

Permalink

Runnig the TOR browser on a Mac OS Yosemite. If I reinstall TOR after a connection is established and TOR browser is closed I get the message "A newer item named “TorBrowser.app” already exists in this location. Do you want to replace it with the older one you’re moving?" Even though the version is the latest 6.04 Aug-23-2016.

Whether I launch the TOR browser or not the latestest version of TOR reports a newer version exists when reinstalled even though 6.04 is the latest version. It appears the version value has been changed so when I try to install the same TOR version again the installer sees it as a newer version.

Anonymous

August 23, 2016

Permalink

Is the tor software built with some sort of protection that will stop data from being transmitted when the internet connection suddenly breaks? Or when Tor browser suddenly needs to close sue to error?

Anonymous

August 24, 2016

Permalink

Is there anywhere we can find an accurate list of who runs a particular node?

According to https://www.browserleaks.com/whois 163.172.29.81 is run by the British Customs and Excise authorities!!!

According to http://torstatus.blutmagie.de/ it is run by tomhek.net.

It seems highly unlikely that a government which delights in spying on its people would support TOR.

I have also found a TOR node, which according to the same web-site, is run by the British Employment authorities!

Is there ANY site with accurate, VERIFIED information?

Any information gratefully received.

Thanks