Tor Browser 6.0.6 is released

Tor Browser 6.0.6 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release is updating Firefox to 45.5.0esr. Moreover, other components got an update as well: Tor to 0.2.8.9, HTTPS-Everywhere to 5.2.7, and OpenSSL to 1.0.1u.

We fixed a lot of usability bugs, some caused by Apple's macOS Sierra (meek did not work anymore and windows could not be dragged either). We moved directly to DuckDuckGo as our search engine avoiding a roundtrip to Disconnect.me first. Finally, we added a donation banner shown in some localized bundled starting on Nov 23 in order to point to our end-of-the-year 2016 donation campaign.

Here is the full changelog since 6.0.5:

  • All Platforms
    • Update Firefox to 45.5.0esr
    • Update Tor to 0.2.8.9
    • Update OpenSSL to 1.0.1u
    • Update Torbutton to 1.9.5.12
      • Bug 20414: Add donation banner on about:tor for 2016 campaign
      • Translation updates
    • Update Tor Launcher to 0.2.9.4
      • Bug 20429: Do not open progress window if tor doesn't get started
      • Bug 19646: Wrong location for meek browser profile on OS X
    • Update HTTPS-Everywhere to 5.2.7
    • Update meek to 0.25
      • Bug 19646: Wrong location for meek browser profile on OS X
      • Bug 20030: Shut down meek-http-helper cleanly if built with Go > 1.5.4
    • Bug 19838: Add dgoulet's bridge and add another one commented out
    • Bug 20296: Rotate ports again for default obfs4 bridges
    • Bug 19735: Switch default search engine to DuckDuckGo
    • Bug 20118: Don't unpack HTTPS Everywhere anymore
  • Windows
    • Bug 20342: Add tor-gencert.exe to expert bundle
  • OS X
    • Bug 20204: Windows don't drag on macOS Sierra anymore
    • Bug 20250: Meek fails on macOS Sierra if built with Go < 1.7
  • Build system
    • All platforms

just the same here:
Artemis!5DEFB87498BC
Artemis!39E8FB7DB6F9
Artemis!A8B534817E99
Artemis!EB71C6C55A6D

Exact same issue here with McAfee AV detecting those same 4 Artemis Trojans.
I don't just want to assume they are false positives without some confirmation... Any news about this yet?

Thanks

That is very likely a false positive where your antivirus software is trying to outsmart us who are building Tor Browser from source and are making sure that the build result on at least two different machines is exactly the same.

Perfectly, 8 points of 10

I discovered the same result as the poster above. Noticed this yesterday, after upgrading to the latest version. I believe it was 6.0.6.

It was detected as a trojan/trojan-like via McAfee's artemis heuristic engine. This was the detection: artemis!39E8FB7DB6F9

On the Tor Browser home/about page it still says: "Search securely with Disconnect.me".

What exactly?

"tag is not supported!"

Why does searching with DuckDuckGo direct me to their clearnet side instead of their .onion site now?

That did not change. Before you reached the DuckDuckGo clearnet site via Disconnect.me. Now, we save this round-trip and use DuckDuckGo directly. You still can choose the .onion version in your search settings, though.

Hello gk.
What are the downsides to setting DuckDuckGo at https://3g2upl4pq6kufc4m.onion/html/ as default search engine? It says that the certificate is for duckduckgo.com, isn't it safe to ignore that warning? Doesn't this require compromising the certificate authorities AND the hidden service protocol, whereas breaking duckduckgo.com just requires compromised CA?
I know I'm missing something. Any thoughts are welcome.
Have a good day.

The certificate is one issue. Then it is not clear to us whether the onion service would be able to cope with the load of search requests once it is used by default by all Tor Browser users.

same here, McAffe found multiple artemis Trojans during the upgrade

On a Mac OS transport meek-azure does not work and the transport FTE is stil mising.

Yes, FTE is missing as its layout still needs to get reorganized due to code signing requirements. See: https://trac.torproject.org/projects/tor/ticket/18495. However, maeek-azure is working for me on an old OSX 10.6.8. Is it just that particular meek transport that is not working for you or meek in general? Which OS X version are you on?

Problems with https://www.bittrex.com/

It doesn't show the market data: https://www.bittrex.com/home/markets

Hm, thanks. I opened a ticket in our bug tracker for further investigation: https://trac.torproject.org/projects/tor/ticket/20732.

updated TOR and tried to log on but got message "your IP address is blacklisted." Never had this message before and don't know why my IP would be blacklisted. Anyone got the same message and if yes what did they do about it?

Log on where? Some sites block Tor. Try https://archive.org/web/ or https://ixquick.com/ or https://startpage.com/ proxies.
If you're trying to post and not just to read, be aware that any account you made before you started using Tor will not be anonymous, even if you login to it with Tor.

I, too, recently got that message about my IP having been blacklisted, though I have ever and still now use whatever DHCP address my ISP (Vodafon/Kabeldeutschland) allocates.

I did actually nothing (nothing effective, that is) about that. In the meanwhile, though, that message does not get shown and I am able again to browse the internet (apparently) normallly.

My impression has been, that either my email protesting the blacklisting of my ISP provided IP finally brought results or the problem simply got handled anyways after awhile. For awhile (over the weekend) I simply was not able to use the internet from this (LinuxMint17.3 running) desktop and saw myself reduced to only being able to surf using my Lenovo Thinkpad laptop (running Trisquel 7, freshly updated at every session start). I avoided the message there by using Firefox Nightly (also always freshly updated at every session start), which made it possible for me to send off that complaint emaill.

Had the same issue when installing TOR 6.0.6. Got the ARTEMIS trojan warning from McAffee when I was installing the browser and when I scanned the TOR executable for viruses (McAffee).

I read online that this ARTEMIS might be a false positive. It's often triggered by heuristic analysis of files, but still...

Yes, this is very likely a false positive but there is not much we can do, alas. :(

You might want to report it to Mcafee as a false positive if you wish

if tor connect gui starts before wlan0 in linux is connected, connection wont happen even if wifi does subsequently connect
wrote this code to start tor browser on boot only after wifi has connected distro is puppy linux but perhaps you caneven use the code somehow in the gui itself

  1. #!/bin/bash</p>
  2. <p>HIIP=20</p>
  3. <p>until [ $HIIP -lt 0 ]; do<br />
  4. echo -n " : HIone " $HIIP</p>
  5. <p> ifconfig wlan0>>/tmp/Test.txt</p>
  6. <p> RegExStr="addr:[0-9].[0-9].[0-9].[0-9]"<br />
  7. egrep -o $RegExStr "/tmp/Test.txt" > /tmp/Test2.txt<br />
  8. rm /tmp/Test.txt<br />
  9. while read p; do<br />
  10. TEST=${p}<br />
  11. done </tmp/Test2.txt<br />
  12. rm /tmp/Test2.txt</p>
  13. <p>echo -n "test is qnow" $TEST</p>
  14. <p> if [ $TEST ]; then tor-browser & exit<br />
  15. fi<br />
  16. let HIIP-=1<br />
  17. let X=20-$HIIP<br />
  18. echo -n " : HItwo" $HIIP<br />
  19. echo -n " :X is " $X<br />
  20. sleep $X<br />
  21. done</p>
  22. <p>exit 0<br />

it not elegant code but it serves it purpose

I got a virus alert in too TOR 6.0.6. Same anti virus.

Anti viruses use very paranoid heuristics in an attempt to detect polymorphic viruses.
These heuristics are easy to overcome for anyone trying to overcome them, but any legit program that uses a slightly unorthodox build system gets blocked.
If you want to be secure there is no perfect solution, but here's a much better solution than running Windows with an antivirus;

Replace Windows with QubesOS(unlike what you hear about Linux, QubesOS doesn't require command lines, terminals, typing, wizardry, reading, etc. It has a simple, user-friendly GUI with very small learning curve).

If you get a virus in QubesOS, you just close the application and re-open it, and it automatically gets a whole fresh operating in under a second without you having to do anything. It's like running TAILS and restarting it every time you close a program, but it only takes a s-lit second to restart, and most important EASY TO JSE REQUIRING NO TECHNICAL KNOWLEDGE.
https://www.qubes-os.org/downloads/

Well Done,Thanks

Using macOS Sierra 10.12.1, I`ve updated TorBrowser to 6.0.6. Everything works fine.

After that, I`ve updated the alpha version to 6.5a4. Everything works fine too.

But now I can`t open my 6.0.6. any more. When trying it, I get the following message:

"Tor wurde unerwartet beendet. Dies kann die Folge eines Fehlers in ihrer "Torrc"-Datei sein, ein Fehler in Tor, einem anderen Programm in ihrem System oder fehlerfafter Hardware. Bis die Ursache beseitigt wurde und Tor neugestartet wurde, wird der TorBrowser nicht starten."

Any idea? I´m sure that there isn`t a mistake in my hardware.

The problem is that the current alpha is using a feature that is not available in the stable series but both are sharing the same browser profile. Thus, until we fix that problem (e.g. by taking this into account the next time we design such a new alpha feature) you can either install the alpha and the stable into different locations (e.g. one into /Applications and the other on your desktop). Or you need to get rid of your profile in order to get the stable running again. I guess you installed Tor Browser into /Applications. Then your profile directory, TorBrowser-Data, should be at ~/Library/Application Support.

Start TBB is opening 2 TBB windows.
This is conditional on startupCache.4.little file?

Hm. How can I reproduce this? Just having the respective checkbox on the last NSIS installer page checked and finishing the installation is enough?

If I reinstall the same 6.06 version on a Mac OS I get the message a newer one already already exists.

"A newer item named “TorBrowser.app” already exists in this location. Do you want to replace it with the older one you’re moving?"

I suspect this is due to https://trac.torproject.org/projects/tor/ticket/11506 which is about us setting the date of the Tor Browser files to 2001-01-01 00:00 UTC for reproducibility purposes. It is not ideal but should be harmless.

Question.

What does "client-versions" and "server-versions" in consensus
mean?

in consensus:
client-versions 0.2.4.27,0.2.5.12,0.2.7.6,0.2.8.9,0.2.9.4-alpha,0.2.9.5-alpha
server-versions 0.2.4.27,0.2.5.12,0.2.7.6,0.2.8.9,0.2.9.4-alpha,0.2.9.5-alpha

In all Tor Release notes "[...] All Tor users should upgrade to this version [...]". Why older Tor versions like 0.2.4.27, has a Guard
Flag ?

in consensus,too: e.g.
default Tor 0.2.4.19 153.163.177.44
default 0.2.4.19 83.233.76.111
torfoo 0.2.4.23 212.129.42.9
default 0.2.4.23 91.106.139.225
TorExitJejaringOrg Tor0.2.4.20 14:38:22 185.61.149.193

These versions are very old and older as 0.2.4.27 in consensus.
Why you support those?

The newly discovered Trojans in Tor might have something to do with the fact that FBI placed their malware in Tor to identify pedophiles, according to this article:
http://thedailyhaze.com/fbi-hosted-tor-child-pornography/
...and that the police in Norway recently discovered a large pedophile network, that the FBI is said to having been tipped the Norwegian police about.
https://www.flashback.org/t2783686

/Just wondering...

If you are talking about the ones mentioned on this blog post and that were included in freshly downloaded Tor Browser versions or our updates, then very likely "no". We built those directly from the source on different machines and got the exact same output which we shipped. It is much more likely that those issues are false positives due to the firewall/AV software running on the machines.

Agree. The McAfee "artemis" detection is just very broad heurestics prone to errors.
I am curious however, as to what methods the Norwegian police used.

> Add donation banner on about:tor for 2016 campaign
a donation banner appeared a week later , what does it mean ?!

It means our end-of-the-year donation campaign started as was noted on this blog entry.

nice logo nice banner good luck and thank you very much again for your fantastic work.

great