Tor Browser 7.0.1 is released

Tor Browser 7.0.1 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This is the first minor release in the 7.0 series, updating Firefox to 52.2.0esr, Tor to 0.3.0.8, and HTTPS-Everywhere to 5.2.18. Additionally, we worked around an annoying freezing of Tor Browser which is due to a NoScript bug and made the security slider window slightly larger.

Here is the full changelog since 7.0:

  • All Platforms
    • Update Firefox to 52.2.0esr
    • Update Tor to 0.3.0.8
    • Update Torbutton to 1.9.7.4
      • Bug 22542: Security Settings window too small on macOS 10.12
    • Update HTTPS-Everywhere to 5.2.18
    • Bug 22362: NoScript's XSS filter freezes the browser
  • OS X
    • Bug 22558: Don't update OS X 10.7.x and 10.8.x users to Tor Browser 7.0
Anonymous

June 13, 2017

Permalink

tenks

Anonymous

June 15, 2017

In reply to by portugal (not verified)

Permalink

TOR is by far one of the best internet tools i have ever come across, thank you guys, keep up the good work.

Tor Browser looks and feels just like Firefox, because it is modification of Firefox. So why use Tor Browser instead of "plain vanilla" Firefox? There are many reasons, but two of the most important reasons why "TB is for everyone" are that:

o TB offers strong (but by no means perfect or perfectly assured) anonymity, preventing your ISP and other actors--- or rather the behavioral predictive analysis software run by their corporate clients which are continually analyzing the "data exhaust" constantly emitted by unprotected citizens--- from learning every detail of our private lives, and using the information to manipulate us into acting in their interest rather than the interests of our friends and families,

o TB offers strong (but by no means perfect) protections against various other kinds of internet nastiness which is often associated with criminal activity or--- increasingly--- with state sponsored cyberwar actions targeting the entire populations of "combatant" nations in some secretive undeclared cyberwar.

Explaining why such protections are increasingly required urgently even by "ordinary citizens"--- even by the most modest grocer in some open air market using a cell phone to carry out financial transactions in order to operate a fruit stall, or a housewife doing the family shopping--- would require more space than the moderators will allow us, but you might look for any of these books:

Cathy O'Neil, Weapons of Math Destruction

Bruce Schneier, Data and Goliath

Julia Angwin, Dragnet Nation

Brian Krebs, Spam Nation

(to mention just a few of the best of many on related topics which I've read in the past few years).

Anonymous

June 15, 2017

In reply to by portugal (not verified)

Permalink

es una mierda mi antivirus lo detecta como un virus con troyanos tr/atraps.gen2 mejor pongan una opcion para bloquear actualizaciones automaticas

Anonymous

June 13, 2017

Permalink

using torbrowser 7.0.1 at ipcheck.info,, authentication shows in red [bad]
why is this? is cause for concern?

But I think there is real problem when I closed all tabs, cleaned cache web content, changed tor circuit and if I reloaded ipcheck.info it shows me the same unique ID number of authentication until I quit torbroser.

Let's assume you have domain A in your URL bar which embedds an iframe C doing the tracking trick ip-check.info deploys. In Tor Browser < 7 we did not allow A reading authentication credentials C tried to set which is why the ip-check test showed a green result. Think about forbidding 3rd party cookies which is basically the same. Now while this is blocking tracking across domains (e.g. if C were embedded in a different URL bar domain B as well) the downside is that it may break some sites, e.g. if A tries to access that information which is usually available.

In Tor Browser 7 we changed that by allowing A to access the HTTP auth saved by C which is all the ip-check test checks (and hence is showing you the scary warning now) BUT we prevented at the same time B from reading that value saved by C formerly while the user has been on A. Thus, tracking across domains (across A and B) is prevented, but the ip-check needs an update to take that into account. If you want to have a test, take the one Arthur has written in https://trac.torproject.org/projects/tor/ticket/21756#comment:2. It's not so fancy, yes, but it tests what is actually happening.

Anonymous

June 13, 2017

Permalink

thanks for another great release! tracking mozilla's release cycle so closely is exciting and much appreciated

Anonymous

June 13, 2017

Permalink

For some reason I cannot get the Mac version of TOR 7.0.1 to download. Tried it multiple times with no success. The file directory page shows the file links are broken. I've been using the the 7.0.1a RC version for some time now without issue.

Anonymous

June 13, 2017

Permalink

has anybody had experience with protonmail issues? since version 7.0 there are some performance problems. works still with older versions before 7.0

Yes, you should set the security slider to low to get it to work without issues.

It's because in the Medium settings JS JIT (Just-in-time compilation) is disabled.

I think that since v7 some site don't work as they used to. For example, some images aren't loaded or the layout of some sites looks different.

Also, taking a screenshot using shift+F2 doesn't work the same as before, for example the dpr or the fullscreen switches don't work, and you don't get the option to select the path of the file.

I think that the first part was due to cloudflare messing things up, maybe more aggressively than how it used to.

The second part is easily reproduced, for example Shift+F2, then 'screenshot test.png --fullscreen'

Which operating system is that? FWIW there is no --fullscreen option it seems. I guess you mean --fullpage? Testing on a Linux box I have both options available. But, yes, there is no option to select the path to save the item. But that is not available with a vanilla Firefox as well it seems.

Tested on a Windows 7 machine both with normal Firefox and with Tor Browser 7: the result is the same for me. Both options are there, the fullpage mode is working and in both browsers there is no prompt for the path. What steps to reproduce your problem am I missing?

Anonymous

June 13, 2017

Permalink

v7.0 & v7.0.1 - neither one can I save any image files to disc. v6.5.2 works fine. No modifications or changes to the settings, whatsoever.

Anyone with this same issue?

Maybe, but only with video.

NoScript requires the video to be blocked, you mustn't have allowed a temporary permission for it, in order to successfully download the file. Otherwise, it may ask you where to save it but not actually download it. This is a regression by the way.

I tested downloading an image with high security settings and it worked. Have you changed any settings to TorBrowser or NoScript?

Yes.

1. Go to: https://gemmei.ftp.acc.umu.se/pub/debian-meetings/2016/miniconf_cambrid…, NoScript will display the video as a blocked object.
2. Click on the object and allow the video to play.
3. Right click "Save Video As...", choose a location, and accept.
4. Open "about:downloads" to verify the video isn't downloading.
5. Now, right click anywhere and under the NoScript menu click "Revoke Temporary Permissions".
6. Repeat step 1, you will presented with the blocked object. Right click on that object and choose "Save Link As...", accept.
7. Open "about:downloads" and verity the video is now downloading.

linux64, it would blow my mind if this was linux specific, though.

And if I may, I'll sneak another minor bug report in, when running tor-browser with "./start-tor-browser.desktop --detach --log" two "tor-browser.log" files are created, one inside "tor-browser_en-US/", the current working directory, which is where it should be, and an empty one in the users home dir. That one shouldn't be there.

Thanks!

Hm, interesting. I just checked but I only get the first, intended one. Do I need to do something in particular to trigger the creation of the other log file starting with a clean, new Tor Browser?

I just did some testing, the problem is somewhere in "start-tor-browser.desktop".

This is what I did: extracted the tor-browser tarball into the home dir, changed the working directory to ~/tor-browser_en-US, ran "./start-tor-browser.desktop --log --detach". The extra empty log file was there. I also tried swapping '--log' and '--detach', and not changing the working directory from home, it still happened.

If I run "~/tor-browser_en-US/Browser/start-tor-browser --log --detach" directly, then only one log file is created.

I don't use *.desktop files so I may be way off, but isn't '--detach' implied? I don't know how options are being passed to 'start-tor-browser', if at all, but maybe it's running '--detach' twice?

Same here.

TorBrowser 7.0.x is garbage, everything is broken. Cannot save images, cannot save pages, cannot delete cookies, cannot nothing
TBB 6.5.x worked correctly.

I made bug reports about those issues:
https://trac.torproject.org/projects/tor/ticket/22714#ticket
https://trac.torproject.org/projects/tor/ticket/22715#ticket
https://trac.torproject.org/projects/tor/ticket/22711#ticket

Anonymous

June 28, 2017

In reply to by jewish (not verified)

Permalink

I don't think "garbage" is warranted, but FWIW I also experienced problems with TB 7.0.1 under Debian 9 (Stretch):

When I try to download files from links seen in TB, trying to save them in Browser/Downloads directory, no files are downloaded (according to "Downloads") and no files appear in any directory I looked in. Perhaps some security measure gone afoul?

I verified the TBB 7.0.1 tarball before unpacking it. Did I miss new instructions for where to try to put files one is trying to download via TB?

(Tails has long restricted where users can try to stash downloaded files, for security reasons, which explains my guess above for the cause of the issue.)