Tor Browser 7.0.11 is released
Tor Browser 7.0.11 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox and fixes vulnerabilities in Tor. All users are encouraged to update as soon as possible.
This release updates Firefox to version 52.5.2esr and Tor to version 0.3.1.9. In addition to that we updated the HTTPS Everywhere and NoScript extensions we ship.
The full changelog since Tor Browser 7.0.10 is:
Comments
Please note that the comment area below has been archived.
Regarding this website: …
Regarding this website: https://www.ncbi.nlm.nih.gov/pubmed/advanced
I am getting blocked despite using either custom bridges or obsf4. Any suggestions?
Всё открывается. Проблем нет.
Всё открывается. Проблем нет.
Нифига неоткрываетса для Win…
Нифига неоткрываетса для Win XP
Seems like they are blocking…
Seems like they are blocking the Exit-Servers. A Bridge won't help here. You could use a web-proxy (but keep in mind that the web proxy can see what you are doing!) or look at a snapshot of a given site in the internet Archive (https://web.archive.org)
using custom bridge or obsf4…
using custom bridge or obsf4 has no effect on this since it affects different part of the connection
Bridges won't help you if…
Bridges won't help you if the exit node is being blocked. Just trigger a new Tor circuit for that site and hope for the best. Either that or explicitly set a known exit node (although that's not very secure).
Попробуйте вот так: зайдите…
Попробуйте вот так: зайдите на http://cameleo.xyz/ (или любой другой анонимайзер) и вставьте вашу ссылку https://www.ncbi.nlm.nih.gov/pubmed/advanced
Всё работает без проблем. Видимо сайт блокирует подключение именно TOR
I was interrupted the…
I was interrupted the website due to my personal reasons. Now I am interested to begin again to make my self safe.
Regards,
Abebe
connecting to this site…
connecting to this site using obfs4 works well, and I don't get blocked.
Using a bridge/obsf4 only…
Using a bridge/obsf4 only changes how you connect to the Tor network, not how the websites you visit see you. All they see is a request from an exit relay. The website you linked to appears to block all exit relay ip addresses. This is not something that you can get around without the website in question unblocking exit node ip addresses.
Usa un nuevo circuito y ya
Usa un nuevo circuito y ya
helo
helo
Hello
Hello
i like this software
i like this software
Any luck with fixing thath…
Any luck with fixing thath NoScript button jumping to the right?
This issue should already be…
This issue should already be fixed. Did you have the NoScript button on the left before updating?
TOR updated this morning…
TOR updated this morning even though I always uncheck automatic updates to avoid losing all of my bookmarks. TOR worked for 5 minutes and crashed and now will not restart. I've lost all my bookmarks AGAIN!!!
copy them to a text document
copy them to a text document
export your bookmarks to a…
export your bookmarks to a file and save it on a flashdrive so you can import them if it updates again
Backup - CSC101 - B4 changes…
Backup - CSC101 - B4 changes are executed.
my noscript was on the left…
my noscript was on the left up until a few updates ago. It's been on the right ever since, even now.
1. Update to the latest…
1. Update to the latest version and Close TorBrowser.
2. Delete the "TorBrowser-Data" folder and reopen TorBrowser, that should fix the bug.
Hey, That works. Deleting &…
Hey, That works. Deleting & reopening. Great !
Giorgio fixed some of the…
Giorgio fixed some of the issues, yes, but it seems not all, see https://trac.torproject.org/projects/tor/ticket/23968. What we are missing right now are steps to reproduce the remaining issues. Without those it is tricky to solve them... So, if you have any, please add them to the ticket, thanks!
All Platforms
All Platforms
It would be really nice if…
It would be really nice if you were to fix bug #24136. I had a useful page that made life easier, but it requires opening another local file. The workaround defeats the purpose. We've had a few updates since this started, but it's looking like this one might be here to stay.
https://trac.torproject.org/projects/tor/ticket/24136
I actually hope Mozilla is…
I actually hope Mozilla is doing the fix for us as it seems non-trivial. I think they plan to do so but I heard no ETA yet.
This website cannot provide…
This website cannot provide a secure connection warning in ms edge and slimjet browsers, ISP is Talktalk, are they blocking??? I have downloaded and installed successfully through filehippo :-)
is it safe to use Evolution…
is it safe to use Evolution email-client (with 7.0.11 TB) for an onion_webmail imap/pop settings ?
(thunderbird is not maintained & not included as add-on. )
Thanks for your software ..
Thanks for your software ..
Der Browser wird immer…
Der Browser wird immer besser Ihr seid einfach Perfekt. Herzlichen Dank für Alles
is javascript enabled so…
is javascript enabled so dangerous? I mean, I can not do a lot of things with javascript disabled. I would also like to know if I can put a kind of proxy after the final node of the tor, because ip ip is identified in several sites and they define this ip as very aggressive. These things limit me a lot ....
Thanks for the great software.
The risk of JavaScript comes…
The risk of JavaScript comes from the fact that it's a complicated language that can contain bugs. It does not innately put you at risk (e.g. it cannot simply bypass the proxy settings and phone home), but it can contain bugs that could be exploitable. It's a good idea to set the security slider higher if possible, but it is not a strict requirement.
For your second question, I'd like to mention that putting a proxy after Tor is rarely a good idea. It centralizes all your traffic and defeats the purpose of having rotating exit nodes. If you really have to connect to an individual website that is blocking Tor, try using a web proxy like kproxy.com or something, in Tor browser of course.
> The risk of JavaScript…
> The risk of JavaScript comes from the fact that it's a complicated language that can contain bugs
Also, if you allow JavaScript (for example by using TB with security slider set at "medium") you will probably see warnings about canvas fingerprinting, which you should answer "Never for this site".
Depends on who your…
Depends on who your adversaries are, and how dangerous it would be to you if they were able to compromise your brower.
We can assume that the FBI, for example, has knowledge of Firefox bugs that nobody else knows about. They've had such knowledge in the past and used it to attack Tor users. And the vast majority of exploitable bugs rely on JavaScript.
If you don't have such powerful adversaries then perhaps you don't need to worry about that. Or there are other steps you can take, such as using Whonix or sandboxed-tor-browser, to reduce the risks if your browser is compromised.
As far as proxies go, I think you'll find any free proxy service will look just as "suspicious", to server operators, as Tor. Paid services may appear more "reputable" because they're both less popular in general, and less appealing to spammers.
Great reply, but I think…
Great reply, but I think more needs to be said about this:
> If you don't have such powerful adversaries then perhaps you don't need to worry about that.
I think that almost everyone is seriously underestimating their chances of being victimized by a "serious" attack by a well-funded attacker. For at least two reasons:
o because some attacks are easily converted into dragnet attacks (e.g. targeting all Tor users) and because some well-funded attackers (e.g. cyberespionage-as-a-service companies) are clearly happy to perform dragnet attacks on entire classes of internet users,
o more and more cyberespionage-as-a-service companies, often founded by former FBI, USSS, NSA/TAO agents with experience in creating malware, keep appearing, because more and more large corporations and nasty governments are demanding their services; among the most popular is "active defense" which means using social media to suss out potential adversaries, finding their IPs, and attacking their personal devices; increasingly, almost anyone who engages in political activity in a dozens of countries including "Western democracies" is likely to be surveilled by these companies acting on behalf of government or corporate clients; known victims include dozens of
+ fracking protest groups
+ oil pipeline protest groups
+ Black Lives Matter, Occupy, and other social justice movements
+ human righst groups (including the best known such as Amnesty and HRW)
+ foreclosure and mega-bank protest groups
+ net-neutrality supporters
For more information, please see
https://www.theguardian.com/world/2017/dec/12/surveillance-firms-spied-…
https://www.theguardian.com/world/2017/dec/12/inside-the-secret-world-o…
https://theintercept.com/series/oil-and-water/
USPERs please note that at least one of the UK-based companies mentioned in The Guardian, TASK International, appears to have an active US branch (in FL).
There are many cyberespionage-as-a-service companies based in such places as USA, EU, India, South Asia, and Russia, but the best known are Gamma International (London and Munich), maker of FinFisher, Hacking Team (Italy), NSO Group (Israel) and Cyberbit (Israel, formed by merging NICE Ltd and portions of Elbit Systems, the Israeli spy/kill-drone maker; see the books on NSA by James Bamford for more background on NICE's business relations with the biggest US telecoms) .
My feeling is that pretty much anyone who is politically active needs to use Tor, strong end-to-end encryption, and other privacy/security-enhancing tools.
i noticed few mistakes : …
i noticed few mistakes :
1° * dragnet : more relays, more users, the next generation of onions could help.
2° * as service = Contract manufacturer
it is like that most of secret service work afaik.
- cyber-espionage : related at police/deviance/free lance.
- Western democracies : do you mean an occupied area with a fake label ? It is an E.U. plan not an US one.
- caterpilar does not obeys to u.k orders but to fr/israeli joint-venture (organized crime)
- the business relations with the telecom are a part of counter-terrorism & anti-mafia ops.
Tor can't do nothing against Professional Parabolic Microphone & harassment/racket/missing person/fake news/fake uspers.
The roses grow up on the dung-heap , almost everyone is seriously over estimating their chances to not be a victim after a "serious" attack by a well-funded attacker.
My feeling is that if you can't beat it , they can be stopped by their allies.
Using Tor, strong end-to-end encryption, and other privacy/security-enhancing tools ; it can be reported, denounced, and their criminal plot will fail.
When will Tor Browser get…
When will Tor Browser get Firefox 59? It is much faster than the current version, and it looks better!
And as a betterment the…
And as a ...betterment the addons GUI api gets ...impractical.
How can I have a personal…
How can I have a personal email using Tor?
Look here:https://www…
Look here:
https://www.hushmail.com
Oh FFS, the stupidity and…
Oh FFS, the stupidity and misinformation on this blog is really unbearable sometimes.
No, rather not.
https://www.wired.com/2007/11/encrypted-e-mai/
Check the reddit sidebar for a suitable privacy respecting email provider.
https://www.reddit.com/r/emailprivacy/
You realize hushmail is the…
You realize hushmail is the one that gave their logs to the FBI with no resistance a while back, right? Their reputation is almost as bad as HMA is now days. I thought we were over recommending those scammers.
That's one of the long…
That's one of the long-standing unsolved problems for Tor users, and I believe it is fair to say that most experts think it is unsolvable.
One point here is that most email services require you to log in as a unique user (and to use some payment method), and sending any unique identifier over Tor would appear to be inconsistent with anonymity, which is the purpose of Tor.
I would urge you to explore using end-to-end encrypted messaging instead. I have great hopes for Tor Messenger (a still experimential project of Tor Project which may eventually be incorporated into Tails; see tails.boum.org), but you can try Signal. In a recent tweet, Edward Snowden recommends using Signal with Tor.
Careful. "Anonymity" is a…
Careful. "Anonymity" is a tricky concept. What Tor provides you could be called location privacy: whatever site you visit/wherever you log in those folks providing the services don't see where you are from doing so. And in that way doing email over Tor is working perfectly fine.
I'd love to hear your…
I'd love to hear your thoughts on "Onions Everywhere" (analogous to "HTTPS Everywhere").
Hi,…
Hi,
I am seeing the update in green on tor's menu. So I clicked on it. Then my antivirus software then requests to block the firefox.exe and tor.exe files from opening. These files are legit, right? What should I do? Tech dummy here. Please help, anyone?
I'm sure someone else has a…
I'm sure someone else has a better answer, but you should make sure that you downloaded from the real Tor Project website, using HTTPS. You can be additionally sure by using GnuPG to verify the downloads. The website provides explanations on how to do this.
Antivirus software is never…
Antivirus software is never perfect and can generate false alarms. Executable files (.exe's) could easily carry nasty stuff, so it's not surprising your AV software would be worried about them. But since you know these two files are coming from the Tor project, just go ahead and install them.
my avg does not like the new…
my avg does not like the new version of firefox.exe too. I did add it to the exeption list.
Is there Going to be updates…
Is there Going to be updates for orfox? The reason why I ask this is when I open the application on my Samsung tab 4 atleast 7 or so times it will say constantly 'orfox not responding' and the browser will close. I tried clearing browser data, and even moved it out of the SD card. I'm stuck with tunneling Tor through Google Chrome for now with orbots vpn mode feature.
Thumbs Up for the great job…
Thumbs Up for the great job by the Tor Project. But having a little regret about some "buttons" not displaying in some websites.
For e.g. "Download" or "Play" buttons in the page -
https://songs.pk/mere-rashke-qamar-2017-baadshaho-mp3-app12.html
Thanks, I opened https:/…
Thanks, I opened https://trac.torproject.org/projects/tor/ticket/24579 to investigate this further.
Is there a way to get an RSS…
Is there a way to get an RSS feed for updates of yawning's sandboxed Tor Browser? (https://www.torproject.org/projects/torbrowser.html.en) Esp. because it's not featured on the tor blog, it's quite likely that users may miss an update of the sandbox.
New versions of the…
New versions of the sandboxed Tor Browser are usually mentioned in the alpha blog posts.
You can also follow the RSS from the sandboxed-tor-browser.git commits:
https://gitweb.torproject.org/tor-browser/sandboxed-tor-browser.git/ato…
cool, thank you very much…
cool, thank you very much for the info.
Unfortunately, Yawning is no…
Unfortunately, Yawning is no longer working on the sandbox other than some very basic bugfixes. It's half-unmaintained and he is very pessimistic about it. It's probably not featured prominently because of that reason.
First off, thanks for all…
First off, thanks for all your work on this important piece of software. I really appreciate it.
And yet…
The update procedure is below par, to say the least. Not only is it more than irritating that all files get the same date, including those inside the “Downloads” folder, moreover, should you have downloaded something the day of the update, those downloads are gone, and unrecoverably so. That is plain bad.
It happened twice at least in the past two months, regarding different updates.
I am sure you don’t have…
I am sure you don’t have much time at hand, but I’d really like to know if this is recognised as a bug, or just considered an inconvenience, or even expected behaviour.
You know, sometimes it can be important to remember when exactly you downloaded something. And the thing about same-day downloads just being deleted through the update can not possibly be expected behaviour, can it?
All the things you mentioned…
All the things you mentioned are considered bugs. For the timestamp we have https://trac.torproject.org/projects/tor/ticket/11506 and for the issue with downloads/new bookmark items getting erased see: https://trac.torproject.org/projects/tor/ticket/18367 (for Windows) and https://trac.torproject.org/projects/tor/ticket/18369 for Linux. On macOS this is already fixed (in case you installed Tor Browser into /Applications).
So, what is "just" missing is the dev capacity to fix those issues.
This may be a dumb question,…
This may be a dumb question, but is there a portable version of tor browser? Thank you
What do you mean with …
What do you mean with "portable"? Tor Browser is already portable in the sense that you don't need to install it in order to run it.
No, it's not fully portable…
No, it's not fully portable. See what you are missing https://portableapps.com/about/what_is_a_portable_app
yandex.com almost always…
yandex.com almost always redirects to yandex.ua, any idea? 8)
That's pretty simple. Thanks…
That's pretty simple. Thanks to Google, Ukrainian language is now world-wide recognized as the default language of anonymous users. Rojer also approves it. Furthermore, Tor Project has a ticket about it.
Speaking of UA and RU, I'd…
Speaking of UA and RU, I'd love to see projects to help people there use Tor more easily. In order to difficulty:
1. leverage the language skills of NYC people to provide more up-to-date documentation/hints in Ukrainian and Russian, especially how to obtain and use bridges.
2. leverage said skills to provide outreach to "clearnet" publications which people and UA and RU might see, perhaps suggesting a TP editorial in Ukrainian or Russian which explains what the Tor network is and why people need it, if they can reach it.
3. provide more fast entry nodes inside or near those countries; could hard because the RU government hates both Tor and Western UA.
Speaking of which, does anyone know why there are a few Tor nodes in the Russia Today domain? Isn't that a government run operation? Same question for IR nodes.
Hello and thank you for the…
Hello and thank you for the update. I still have the C.R. IP address stuck in the circuit prior to me right now after updating. Is there any danger with this? Thank you in advance.
Hello again. I left a…
Hello again. I left a message the other day regarding this in the comment section of Tor 7 0 10 and also today in comment section of Tor 7.0.11. Just concerned that I seem to have found myself locked together with IP address 31.31.73.222 and cannot change it.when dialing in a new Tor circuit. This has gone on for approximately one week now. What, if anything, should I do?
https://trac.torproject.org…
https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/S…
Yes, thanks for your answer…
Yes, thanks for your answer! I watched these changes whenever I dialed in a new circuit and it was only recently that I noticed the first one is staying the same. Whereas previously it was not. It is now good to know that it doing this, is safe. Totally appreciate this and thank you once again!
very good
very good
hi
hi
Nevermind, I figured out…
Nevermind, I figured out that if you have an issue with the Orfox browser responding on your phone or tablet Just use Application VPN mode to get through that if you seem to continue to have the issue it might be resolved hopefully sooner than later.
For the last couple of weeks…
For the last couple of weeks, Tor has been much SLOWER as ALL connections ultimately go through Ukraine. Something seems wrong. Never has all connections gone through the same country.
That's not the case. Read…
That's not the case. Read this post.
FWIW, as the cyberwar…
FWIW, as the cyberwar between (Western) Ukraine and Russia continues to heat up, I have seen more and more Ukraine nodes coming on line (good) and thus more of my circuits go through Ukraine, but by no means all.
Did you use GPG to verify the version of Tor Browser Bundle (I assume) you installed? You can also try Tails from Tails Project (tails.boum.org), a sister project to Tor Project for more security/anonymity.
Thank you so much.
Thank you so much.
For about a month going to…
For about a month going to many Tumblr websites I get the error "The page isn’t redirecting properly". This appears to be some incompatibility with Tor's HTTPS Everywhere, where the page is going back and forth between HTTP and HTTPS. Something glitches in that transition.
I tried turning off HTTPS Everywhere by disabling the "Enable HTTPS Everywhere" checkbox from the toolbar. That did not fix it.
Does anyone know how to work around this? I cannot access most of Tumblr.
Do you have an example for a…
Do you have an example for a link that is not working for you?
thx for your product :) tor
thx for your product :) tor
I am unable to cut and paste…
I am unable to cut and paste in Google Docs using the Tor browser. I am able to cut and paste using other browsers, but Tor is my primary browser.
Please add this to the next upgrade.
Thank you,
Emerald
Which operating system are…
Which operating system are you using? I tested this on my Linux machine and I was able to copy and paste things in a spreadsheet using Google Docs.
Why there is so much…
Why there is so much Cyrillics in the posts? I guess our Russian friends know English pretty well since they are on this page. Are they just kidding?
Several reputable news…
Several reputable news organizations including The Guardian and (as I recall) NYT have published profiles of the "trolls from Olgino", based on extensive interviews with former professional trolls. One point which is consistently mentioned is that many of the trolls tasked with acting as commentards in EN lang blogs do not really have strong EN lang skills.
That said, I haven't attempted to translate the cyrillic comments--- for all I know they come from RU citizens worried about SORM, or from Ukraine citizens (note that modern OCR softwares such as Tesseract can tell the difference between Ukrainian, Bulgarian, and Russian cyrillic, if you have a scanner).
Professional trollers write …
Professional trollers write & speak several languages fluently and they are payed for that : the others like spoil "the intellectual or technical" element_argument ; it is a hateful attitude from fake resident and they have too a strong EN lang skills (a lot of site provide a perfect translation).
That 's the net , it is worst on a mailing-list (whatever the topic), pedagogy & tolerance are the way i follow but maybe i am wrong.
Sometimes, so am i, i post some trolls without realizing it : sorry for the inconvenience.
All the languages are welcome & everybody can participate.
thank for reading.
What is happening with the…
What is happening with the Squirrel mail, i´m not allowed to recieve mails from twitter.
can somebody help me please?
When I updated to this…
When I updated to this version of TOR, I got a warning message from my Firewall/Anti-virus saying that the Certificate was not valid.
Tor in Tails is not picking…
Tor in Tails is not picking up the update. Am I doing something wrong? Or should I care?
I guess asking the Tails…
I guess asking the Tails folks directly might be a good idea. I know they looked at the fixed bugs and decided that they don't warrant a security release on their end.
> Tor in Tails is not…
> Tor in Tails is not picking up the update. Am I doing something wrong?
No, this appears to be a decision by Tails Project to wait for the next regularly scheduled edition of Tails.
A few years ago, it was a big advance when Tor Browser team and Mozilla firefox-esr correlated their releases, but for various (good) reasons Tails still has a different release schedule.
> Or should I care?
Definitely, everything which allows our increasingly numerous and ferocious enemies to attempt to exploit potential vulnerabilities is a concern.
That said, I think the Tails team is very smart and dedicated. Note that Tails incorporates many protections beyond what is provided by Tor Browswer, so it is possible that these factored into their decision not to release an emergency bug fix.
"Tails incorporates many…
"Tails incorporates many protections beyond what is provided by Tor"
Is Tails team working on providing basic Tor security, static Entry Guards, yet?
As a tool or an full basic instruction to do this on the bash would be enough.
Short answer: yes, I belive…
Disclaimer: I am a Tails user but not affiliated with Tails Project, and I'd love to know more myself about future plans. Corrections (especially from TP) to anything I say below would be welcome.
Tails Project provides a good deal of information about their present/future work, but it is not always easy to find. It helps to know that Tails Project uses the wonderful Riseup Labs to host much of their development.
2018 agenda:
https://tails.boum.org/news/our_plans_for_2018/index.en.html
Over the past few years, Tails P made a lot of progress getting Tails closer to Debian stable and addressing other issues. Unsolved critical issues include:
Ensuring good entropy:
https://tails.boum.org/blueprint/randomness_seeding/
Ameliorating persistence issues:
https://tails.boum.org/blueprint/persistent_Tor_state/
Getting Tails audited:
https://labs.riseup.net/code/issues/14508
TP has said they will consider incorporating Tor Messenger (once it gets out of beta), and they have been working on incorporating access controls and I think repeatable builds (obviously very important).
Further, much effort has been going into providing something many will find very desirable:
Developing Tails server edition:
https://tails.boum.org/blueprint/tails_server/
Some more pages useful for getting a sense of where Tails is now and where it is going next:
Blueprints (apparently not kept up to date or ordered by priority):
https://tails.boum.org/blueprint/
Developer virtual meetups:
https://tails.boum.org/contribute/calendar/
Known issues:
https://tails.boum.org/support/known_issues/index.en.html
Bugfixes in the next upcoming release:
https://labs.riseup.net/code/projects/tails/issues?query_id=111
Note that Tails Project needs donations! If you cannot easily use the offered payment methods, you may be able to donate to Riseup Networks instead (again, Riseup provides servers for Tails development work, so donating to Riseup means you are indirectly donating to Tails).
Since Windows 10 Update …
Since Windows 10 Update (version 1703) on December 10th, 2017 the browser doesn't start anymore. I updated to version 7.0.11 and the problem continues. I also renamed the old folder on the desktop in order to be able to install a complete new and fresh version and the problem seems to be the same.
immediately after running…
immediately after running tor browser, look in EventVwr.msc for errors. (It may be easiest to run EventVwr.msc from a shortcut)
i couldn't open vk.com site…
i couldn't open vk.com site with help of tor
noscript 5.1.8.3 icon still…
noscript icon still jumping next to burger menu (update to 5.1.8.3)
Где стартовая страница с…
Где стартовая страница с ссылками на самые важные сайты от тора?
Keep getting 'Image not…
Keep getting 'Image not recognized' when trying to open downloaded 7.0.11image for mac. currently running OSX 10.13.1 same when trying to download experimental Tor version as well
How are you trying to open…
How are you trying to open it? Can you drag it to the desktop first and then open it?
Does tor browser make that…
Does tor browser make that internet companies cant see how long you are spending time on the net. And what you are searching
You loosers still haven't…
You loosers still haven't fuxed this yet??? #sad
Tor Browser 7.0.11 ships with addons.mozilla.com and testpilot.firefox.com allowed to install add-ons!!!
Worse, this is hidden in Preferences>Security>Exceptions which is not accessible unless user knows how to activate menu bar.
After disallowing those sites, they are re-enabled on restart!!
Tor Browser Bundle is SPYWARE!!!!
Thank you, I just checked…
Thank you, I just checked and you are correct. This is a serious security issue. Always these problems with browsers built by companies allied to or working with the security agencies. People have said before TOR should be built from scratch not using anything from those in the pocket of the security agencies. Now developers how about an answer of how to get rid of this testpilot as it is not in about:config and you have to remove it every time the browser is started.
Could you elaborate a bit…
Could you elaborate a bit about what you mean? What exactly is the issue? How can I reproduce it?
>What exactly is the issue?…
>What exactly is the issue?
See the post above by Donald T. Rump… (not verified)
Go to the options settings- privacy-exceptions and you will see that the sites if deleted regenerate when the browser is restarted. This version seems so buggy it should not have been release without more trials.
Load about:preferences…
Load
about:preferences#security
and click on the "Exceptions" button next to the line "Warn me when sites try to install add-ons". A window with title "Allowed Sites - Add-ons Installation" pops up, with<a href="https://addons.mozilla.org>[/geshifilter-code" rel="nofollow">https://addons.mozilla.org>[/geshifilter-code</a>] and [geshifilter-code]<a href="https://testpilot.firefox.com[/geshifilter-code" rel="nofollow">https://testpilot.firefox.com[/geshifilter-code</a>] listed as sites that are allowed to install add-ons. Clicking "Remove all Sites" and "Save Changes" removes the entries only for the current session - the sites are whitelisted again after the next browser start! Apparently, there is no [geshifilter-code]
about:config preference controlling the whitelist.Thanks. That behavior might…
Thanks. That behavior might be due to Tor Browser being in Private Browsing Mode (PBM) and your choice is not saved to disk. Does that change if you get out of PBM on
about:preferences#privacy
?That said I guess there is no reason to allow testpilot.firefox.com to be on the whitelist in the first place? I've opened https://trac.torproject.org/projects/tor/ticket/24655. However, we do get NoScript updates via
addons.mozilla.org
, thus it seems to me we can't remove this by default.The deleted exception list…
The deleted exception list does not return if PBM is disabled.
More and more of the places…
More and more of the places I connect to use the Fortinet Firewall and webfiltering services. Some even block getting to the Tor Project website, but most prevent the Tor Browser from connecting to the Internet. I have tried the various bridges and still getting blocked.
any tricks?
old problem back again…
old problem back again. Since installing the update to 7.0.10 I am getting an error on some sites 'cannot establish a secure connection as your computer clock is incorrect'. I remember a year or so ago that I was getting that error message. My computer clock is correct so what is it that TOR wants?
I noticed that the first…
I noticed that the first jump node is static. No matter how many times I request new tor circuits the IP address for the first jump does not change. What gives? Seems to me that this is a security issue since that node can easily be compromised if it predictably stays the same for a given user.
https://trac.torproject.org…
https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/S…
Just updated Tor browser and…
Just updated Tor browser and now the first jump IP address is static. It will not change no matter how many times I request new identity or request new tor circuits. This seems to be a serious security flaw that allows predictability to occur. If my connections always go through the same node, that node can be compromised and information obtained.
Is it correct that the Tor…
Is it correct that the Tor Browser bundle 7.0.11 for Windows x32 is signed with the key
RSA 0xC3C07136?
If so why is it not signed with the more trusted Tor Browser Developers signing key 0x93298290?
The first is the subkey of…
The first is the subkey of the second one. They are bound together and therefore there should not be "more" trust in the latter.
What ever you changed, it is…
What ever you changed, it is not working properly. Tor starts up and states it is not properly configured on your own website more then half the time it starts up. The tor relays on first jump are now fixed and stay the same no matter how many times you request a change in circuits. It seems to me this is unsafe in it's current form. It is not just my computer. I've tried 7.0.10 on various computers with no issues. Of course you force update your newest version despite me not wanting to update to the new version. You guys are not making TBB user friendly or safe by default. Starting to wonder if you are truly interested in safety/security for your users.
The guard nodes are indeed…
The guard nodes are indeed fixed and this is a security feature. You might want to read up on that: https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/S…. And, no, we are not force-updating anyone. You can disable the auto-update. Could you explain what you mean with "Tor starts up and states it is not properly configured"? What are you doing and what is happening?
Since version 7.07, I have…
Since version 7.07, I have complained that my Zonealarm firewall reports that Tor Browser is trying to access explorer.exe. This suspicious behavior continues in version 7.11.
This is a behavior I did not notice before version 7.07.
When Tor Browser starts up, I get one warning from ZoneAlarm, and deny permission. Then it immediately does it again, and I deny it permission again. I select the check box for the denial of permission to be remembered, but ZoneAlarm never remembers the denial.
I have downloaded and re-installed multiple times, and have verified the downloads with both sha256checksum and gpg.
Will there ever be any explanation of this suspicious behavior?
I don't know what is causing…
I don't know what is causing this. A first step in understanding it would be to pinpoint the exact Tor Browser version that started this behavior. Could you do that and come back with a definite answer to this question? All Tor Browser releases can be found on https://archive.torproject.org/tor-package-archive/torbrowser/.
As stated, I believe it…
As stated, I believe it started in version 7.07
I know it has continued in every version since, even with multiple clean installs.
I am running it in Windows 7 Pro, 64-bit with the ZoneAlarm firewall.
Seems like, aside from the two access attempts at startup that always occur, it also does it when I begin to type something into the address bar. Make me wonder if there is some kind of key logging activity going on.
Should Tor Browser be accessing explorer.exe at all?
Could you find out the exact…
Could you find out the exact version following the link I gave you above? Otherwise it is hard for us to work on a fix for your issue (assuming it's possible for us at all).
Not sure about accessing explorer.exe. I'd say Tor Browser has not business accessing it but without understanding what is going on it's hard to tell.
What OS and Zone version?
What OS and Zone version?
Isn't ZA discontinued and…
Isn't ZA discontinued and useless on modern OS?
HELLO, BEEN A WHILE, GLAD TO…
HELLO, BEEN A WHILE, GLAD TO SEE THERE ARE STILL SOME CHALLENGES , like my caps lock getting stuck, thank you all for putting tor together, I'm to much a novice to accomplish such a thing, Merry Christmas everyone.
Whle using the web site…
Whle using the web site https://ipleak.net/ I noticed that torbrowser fails to connect to the web site quite a lot. the web site is rarely able to identify the Torbrowser DNS servers does this sound normal?
TorBrowser\Browser…
TorBrowser\Browser\AccessibleMarshall.dll gets auto blocked and flagged as potentially harmful file by F-Secure SAFE anti virus. This is the first version it has flagged it.
Updated and it's working…
Updated and it's working fine. Keep on this exceptional project!
Using linux, my browser…
Using linux, my browser updated automatically to 7.0.11
Problems:
1: I had turned automatic updates off but the update happened anyway
2: All browser preferences and plugin preferences were reset without any warning, which is highly problematic especially if you are browsing the web falsely thinking scripts are disabled
Also, as mentioned by others here, the NoScript icon jumped to the right side of the window.
When did you turn automatic…
When did you turn automatic updates off? And how did you do that? As to the preferences reset: Tor Browser is not doing that. It does not touch your profile directory where those preferences are stored (with the exception of extension updates). How did you install Tor Browser on your computer?
I installed Tor Browser by…
I installed Tor Browser by downloading and extracting the tarball from the tor project site. The signature was valid. I turned off automatic updates weeks ago via the update tab in about:preferences (and if I then go to about:config I can see that app.update.auto is set to false).
I dug around and found the file "last-update.log" which tells me a replace request was performed. The entire "Browser" directory appears to have been replaced. Is this normal?
new to this any tips
new to this any tips
Yes, we have a FAQ which you…
Yes, we have a FAQ which you might find useful to read: https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/S…
why is windows aksing me…
why is windows aksing me privacy questions
what does it ask for
what does it ask for
how i can find need work in…
how i can find need work in deep
Worst version for years,…
Worst version for years, full of glitches which admin are either not giving complete replies to or they are not even posting some peoples replies. I have nearly all the problems reported in this list and 103+ messages shows there are real problems.
Got a friend who also says he posted and it did not show up. Which department of the NSA wrote the code for this version?.
hello im on Firefox tor says…
hello im on Firefox tor says everything is safe now ,so can brows like hidden wiki with my id info and location safely,newbee
what is hidden wiki
what is hidden wiki
Win XP No :(
Win XP No :(
And that because Mozilla…
And that because Mozilla sucks from Google, unfortunately :(
More specifics?
More specifics?
Duck duck go is giving me no…
Duck duck go is giving me no results. What to do!?
Does the page load at all?
Does the page load at all?
Fantastic browser, regular…
Fantastic browser, regular user now, thanks.
Torbutton showed one relay…
Torbutton showed one relay in the circuit as "Unknown country (IP unknown)".
Is it possible to block these in torrc?
For what it's worth, TB 7.0…
For what it's worth, TB 7.0.11 is working fine for me on a laptop and a PC. (I downloaded and verified the tarball, so I didn't experience an auto-update, which may partially explain my happier experience that some users report.)
update works fine for me...:p
update works fine for me...:p
Tor Browser 7.0.11, windows…
Tor Browser 7.0.11, windows
any time using Twitter, after loading the page, it reloads the page in the mobile version.
Does one need to be logged…
Does one need to be logged in to Twitter in order to reproduce that? Or is it already enough just loading any Twitter page?
You don't need to be logged…
You don't need to be logged in to twitter. It reloads mobile version.
when you un script block…
when you un script block this site, it says it is offline. Never seen this behavior before in any browser.
What do you mean? Could you…
What do you mean? Could you give steps to reproduce your problem?
браузер отличный спасибо что…
браузер отличный спасибо что он
есть
this page keep reloading it…
this page keep reloading it self forever in tor browser can't scroll down to read messages
You have to enabled…
You have to enable JavaScript at the moment to work with the blog which you have disabled I assume.
Everyone, please let us…
Everyone, please let us abandon java and flash.
an other track you, if you…
Can another track you, if you visit an adult site? What do they used this information for? Can anyone help/. I'm not going to lie, I have visit a site or 2. I have looked in. lollll, I don't want it to mess up my career.
Yes
Yes
No, tor will block it
No, tor will block it
https://bugzilla.mozilla.org…
https://bugzilla.mozilla.org/show_bug.cgi?id=1427111
[meta] crash autosubmission cleanup tracker
TBB 7.0.11 is affected with browser.tabs.crashReporting.sendReport:false ?
No, we don't compile the…
No, we don't compile the crash reporter in in the first place. Thus, we are fine.
I can't use twitter at all…
I can't use twitter at all. I've got "allow scripts globally" enabled and all objects unblocked, but none of the buttons work: Tweet, Retweet, Like, Edit Profile, arrows for drop-down menus etc etc. I click and they get highlighted but nothing happens.
The tor just went to my…
The tor just went to my files how do I open it
متصفح موزيلا سيئ جدا وبطيئ…
متصفح موزيلا سيئ جدا وبطيئ والكثير من الاضافات لاتعمل به او غير متوفرة يرجى التغيير الى متصفح اخر يكون اسرع
The website https:/…
The website https://peelregion.ca/ reports a error "Your connection is not secure" . this is city website which should be secure.
Yes, but it seems Tor…
Yes, but it seems Tor Browser does not know the authority that signed the certificate and is throwing the error for that reason. I hope Mozilla fixes this in one of the upcoming Firefox versions as a regular Firefox 52 is affected, too.
Firefox 57 also reports the…
Firefox 57 also reports the same error and SSL labs, https://www.ssllabs.com grades the site as "F" I do not think this is a Firefox issue.
have trouble configure Tor…
have trouble configure Tor browser. can’t verify keys
What exactly are you doing…
What exactly are you doing and what errors are you encountering?
Tried to donate but kept…
Tried to donate but kept getting error stating my card (mastercard) was declined and this should not be so as the card is in completely good standing...must be on your side...please fix and i will try again. Let me know. Thanks
Meltdown and Spectre…
Meltdown and Spectre
i would like to read an official announcement.
is tbb affected? any security advisories? javascript?
We think we are not in a bad…
We think we are not in a bad shape (as in: we don't need to do an urgent security release) as we are a) on Firefox 52 ESR which does not have SharedArrayBuffers available and b) as we have reduced various timing sources to 100ms in the past to make it harder for any timing side-channel attack to succeed. Work remains to be done, though.
Mozilla has an official announcement which is worth reading: https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-cl…
I am new to the tor network…
I am new to the tor network can someone help or run me through the ins and outs of tor? Thanks
When you use a new identity,…
When you use a new identity, noscript continues to allow scripts that were temporarily enabled using the old identity (but the user interface incorrectly shows that these scripts are blocked)!
I conclude that there is some information retained across identities and the profile is not properly reset though I don't know if this is specific only to noscript or also extends to other areas of the browser.
This is https://trac…
This is https://trac.torproject.org/projects/tor/ticket/24421. We are still investigating what exactly is going on. Feel free to help. It would be greatly appreciated.
Why isn't my entry relay in…
Why isn't my entry relay in a country nearby anymore? This seems to slow down my connection.
The web site https://www…
The web site https://www.carid.com is not accessible using the Tor browser.
What's with Firefox 52.6…
What's with Firefox 52.6.0esr ?
https://blog.torproject.org…
https://blog.torproject.org/tor-browser-75-released
I can not attach photos. …
I can not attach photos. Just highlights them. help me please