Tor Browser 7.0.4 is released

Tor Browser 7.0.4 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

A lot of Tor Browser components have been updated in this release. Apart from the usual Firefox update (to 52.3.0esr) we include a new Tor stable release (0.3.0.10) + an updated HTTPS-Everywhere (5.2.21) and NoScript (5.0.8.1).

In this new release we continue to fix regressions that happened due to the transition to Firefox 52. Most notably, we avoid the scary warnings popping up when entering passwords on .onion sites without a TLS certificate (bug 21321). Handling of our default start page (about:tor) has improved, too, so that using the searchbox on it is working again and it does no longer need enhanced privileges in order to function.

The full changelog since Tor Browser 7.0.2 (for Linux since Tor Browser 7.0.3) is:

  • All Platforms
    • Update Firefox to 52.3.0esr
    • Update Tor to 0.3.0.10
    • Update Torbutton to 1.9.7.5
      • Bug 21999: Fix display of language prompt in non-en-US locales
      • Bug 18913: Don't let about:tor have chrome privileges
      • Bug 22535: Search on about:tor discards search query
      • Bug 21948: Going back to about:tor page gives "Address isn't valid" error
      • Code clean-up
      • Translations update
    • Update Tor Launcher to 0.2.12.3
      • Bug 22592: Default bridge settings are not removed
      • Translations update
    • Update HTTPS-Everywhere to 5.2.21
    • Update NoScript to 5.0.8.1
      • Bug 22362: Remove workaround for XSS related browser freezing
      • Bug 22067: NoScript Click-to-Play bypass with embedded videos and audio
    • Bug 21321: Exempt .onions from HTTP related security warnings
    • Bug 22073: Disable GetAddons option on addons page
    • Bug 22884: Fix broken about:tor page on higher security levels
  • Windows
    • Bug 22829: Remove default obfs4 bridge riemann.
    • Bug 21617: Fix single RWX page on Windows (included in 52.3.0esr)
  • OS X
    • Bug 22829: Remove default obfs4 bridge riemann.
khled.8@hotmai.com

August 12, 2017

Permalink

Please fix:
- start standalone tor;
- start torbrowser;
- all ok;
- close standalone tor;
- start standalone tor;
- all ok, but tor circuit become hidden in torbutton

and add onion version of blog.torproject.org (missing in https://onion.torproject.org)

khled.8@hotmai.com

August 12, 2017

Permalink

Hi, is it normal that the tor circuit network to be so slow ? Can't even watch a video on youtube correctly since some days :/
Takes me up to 30 mn to find a circuit able to load the videos :/

Do I have to check something in the settings ? Any suggestion ?

khled.8@hotmai.com

August 12, 2017

Permalink

How can I enable the function which re-establishes tabs of last session? I see it is grayed out. TY.

khled.8@hotmai.com

August 12, 2017

Permalink

When turn on Tor Browser 7.0.4 and previous versions, in Noscript recently blocked sites it says "aliexpress.com". Only Tor Browser does this not Firefox.

khled.8@hotmai.com

August 13, 2017

Permalink

about:config -> browser.chrome:

favicons and site icons should be disabled (toggled FALSE) for various reasons.

khled.8@hotmai.com

August 13, 2017

Permalink

The function for reestablishing tabs from a previous session is disabled (grayed). How can I enable it? TY

Is the AdBlock Plus bug being looked into at all?.. (My filter subscriptions disappear after a Tor Browser restart.)

I posted about it here ( https://blog.torproject.org/blog/tor-browser-701-released?page=2 ), a fresh install of Tor Browser 7.0.2 did NOT help ( https://blog.torproject.org/comment/269931#comment-269931 ).

AdBlock Plus doesn't come with Tor Browser. You probably shouldn't expect it to work or be supported.

Well, we talked about this in the original thread.

https://blog.torproject.org/users/gk had requested further data, I provided it, then he/she stopped responding...

I'd suggest making sure there's a trac.torproject.org ticket about the topic, else it's likely to get lost. Keeping track of blog threads is not easy, and definitely not the right place for keeping track of potential bugs. :)

Ok, but then why did you guys ask me substantive questions in the original thread instead of directing me to create a ticket straight away?.. This gave the impression that this (the blog) was also a valid avenue to discuss bugs.

Often things can get solved without creating tickets in our bug tracker which is why I tried to get information that would help me reproducing your bug. But so far I don't see this behavior on any of my machines and you are the only one reporting it. I've opened https://trac.torproject.org/projects/tor/ticket/23342 for this issue with another question for you.

Well, that's what I thought! And that's why I kept commenting (and was surprised when my last comment had been left unanswered). And here I am being told that comments are not a proper venue for bug reporting... "Sad!" :)

(1) I tried re-installing Tor Browser 7.0.4 on my system again (as I had done here https://blog.torproject.org/comment/269931#comment-269931 with version 7.0.2), same result, AdBlock loses its settings.

BTW, how do I get rid of the annoying warning not to maximize my window?.. I tried pressing the "Ok" button, I tried pressing the cross next to the "Ok" button, same result - warning reappears. I know with previous reinstalls the warning would disappear after a while. But how do I get the browser to understand I am serious about keeping my window maximized? :) I mean, how many presses on those buttons does it take?

(2) I see the ticket, thank you. So you want me to install Firefox ESR, right? I already have regular Firefox (with uBlock Origin, not AdBlock Plus) and Tor Browser. How do I proceed to ensure installing Firefox ESR does not mess up my main Firefox profile, settings, etc?

Re (1) It takes 3. You can disable this early if you want by flipping the extensions.torbutton.resize_new_windows preference. (Thanks for testing again)

Re (2) if you run the installer you choose the custom installation where you can specify a path for the ESR to be installed. If you are starting with your old profile (not sure if you have more than one) then you can create a new one on about:profiles. After a restart you should get the option to choose between your main profile and the newly created testing one.

Yay!!! The last update (7.0.5) has fixed things! The filter lists no longer disappear after a restart!

Aha, interesting! Thanks for reporting back. I'll close #23342 as a duplicate of #21270 because that one describes the most likely underlying issue.

Hm, interesting!

I do have the Security slider on Medium.

Also, surely, I CANNOT be the only one relying on a combination of Tor Browser + AdBlock Plus to protect my privacy and security!.. One simply HAS to use an adblocker (if not to block ads, then to block trackers) if one were to attempt to browse safely and privately. So this issue HAS to affect a lot of other people. Or am I the only one??? I don't think I have some unique configuration, pretty run-of-the-mill stuff...

Tor Browser standalone without any adblocker is designed to give you privacy by design. There is no need for adding some filterlist-based extension. You might enjoy reading section 5. No filters of https://www.torproject.org/projects/torbrowser/design/#philosophy.

Ok, then why does the Tor Browser in Tails come with a pre-installed uBlock Origin? :)

And even if you think adblockers and their ilk don't enhance one's privacy, how about security? Using adblockers is almost universally recommended by computer / IT security experts. Bruce Schneier, to name just one.

https://mailman.boum.org/pipermail/tails-dev/2014-November/007299.html ff. and the discussion on tails-dev in October 2014 has some more information about their stance. IIRC it was seen as a political statement.

Regarding security: I guess those blockers are recommended to "normal" browser users not having a specially crafted browser available. For the security part we have the security slider included into Tor Browser.

Ok, I guess you are mostly :) right on privacy and security. (However, suppose someone keeps the security slider on Low, for more convenient browsing. Wouldn't an adblocker still offer protection against, I don't know, stuff like malware being served in 1x1 transparent pixel ads?)

But, I mean, come on, I think you gotta concede on the sheer horrendousness of adblock-free browsing!.. I don't think I can add much to this:

>> Why give shitty ads to our users when it's easy to avoid them? I
>> think a good number of them are going to manually install and
>> persist adblock, which will be worse than having it by default
>> for everybody (I assure you, nobody ever complained that ads
>> are blocked).

Another thought, which hadn't occured to me earlier for some reason. :)

Browsing with adblockers is known to be significantly FASTER. I think it's a pretty important consideration for Tor Browser, which is, after all, known for being slow! (Not the browser itself, obviously, but the Tor network itself.)

Also, as you perfectly well know, browsing without adblockers is simply a horrible experience! :) I mean, from the visual point of view, from the point of view of usability, etc.

thanks very much

https://trac.torproject.org/projects/tor/ticket/22981
JS in Medium over https: trusted key not key holder, minimize surface.

https://trac.torproject.org/projects/tor/ticket/23151
https://trac.torproject.org/projects/tor/ticket/22985
https://trac.torproject.org/projects/tor/ticket/22982
https://trac.torproject.org/projects/tor/ticket/22980
+others

Maintain largest user pool, diverge from default High only per component per tab.

Current High/Medium/Low option ensures each user signals a divide between themselves, splitting the largest pool based on subjective "feels" creating three separate identifiable pools. Implement as default "Your Tor Browser is at highest.." with option to "reduce security level for minimal *"
Per basic component: *Video, Audio, in browser Email Encryption etc per tab via click to play menu?

On Ubuntu LTS 16.04 Tor browser is tied to Firefox 54. Is anyone else experiencing this issue?

https-everywhere 2017.08.15 stable release doesn't work properly.
the small option window in toolbar is blank and there is no option menu in about:addons.

What's with all of the France and Germany nodes? Often I'll see:

France
France
France

Germany
Germany
France

Germany
France
Germany

Germany
Germany
Germany

and so on.

There are a lot of relays at a couple of VPS hosting companies. That's somewhat unfortunate.

If you don't like it, help Tor by running a relay at an underrepresented provider :)

New HTTPS Everywhere add-on (v.2017.8.15) is broken in current Linux, 64-bit, TBB version.

Manually/auto update(s) install the add-on, but when you click on the blue box it opens up a white box with no text and one check mark for some invisible option. Removed and reinstalled previous version (v.5.2.21).

I have the same problem. Did anyone even bother to test the updated addon before releasing it?

See, this is what concerns me. They say to update the included addons which ship with TBB but when something like this happens, couldn't it have other ripple effects including but not limited to potential security/privacy issues?

> See, this is what concerns me. They say to update the included addons which ship with TBB but when something like this happens, couldn't it have other ripple effects including but not limited to potential security/privacy issues?

Yes. The plan moving forward is to disable auto-updates for all built in addons.

See:
https://trac.torproject.org/projects/tor/ticket/22974
https://trac.torproject.org/projects/tor/ticket/10394

Thanks for the details, links, and for bumping one of the tickets with recent info.

I seem to not be able to run Tor v7 on my windows 7 enterprise laptop. Has anyone else had this problem? I have had to reload earlier versions of Tor (V6) in place of the upgraded Tor version.

You're going to have to be way more specific about the problem.

7.0.4 : bug /attack
noscript : removed 5 lines set on https tab vs https forced of course (cookies checked !)
noscript : permissions = no set vs proxy/tor
https everywhere : set unblocked vs https block all unencrypted requests of course (red)

x3 install until a clean install
sandbox not affected

interference of the user behavior using terminal or usual task ? i do not think so.
suspicion of a sophisticated attack/a very bad relay/a big bug lol

Much appreciation for your continued work and commitment.

'HTTPS EVERYWHERE" sort of corrupts itself after every few days of using "TB 7.0.4". All items/options from the drop down menu which appears after pressing the 'https everywhere' icon disappear. Only two checkboxes & the word "version" remain. Anyone with similar experience or info about the cause and its solution ? OS:- WIN 7

Thanks for the quick response. Question:- Can't we just remove 'https everywhere' from addons and then reinstall it from mozilla's addons in tor browser itself only ? FYI:- I did this once it seemed to work well enough as far as all the items/options, etc got back into there former (active & being there) state.Is doing this allright ? Although one thing seems obvious, that this will be a shortlasting solution.Untill there is a sure fix. (Wanted to keep 'noscript' enabled globally) If i am making a mistake by acting on the procedure mentioned above, please 'warn' me ! Please reply !

This may break incremental updating. Since this issue is a browser bug at the core, I don't expect fetching the addon from a different source to give different results, assuming the versions are the same.

As an alternative, you can selectively disable automatic updates for addons under `about:addons`, which should prevent

Got auto-updated to a new release (of 'https everywhere') of 17.08.2017 .

Is the maximize-window-warning handling a bad joke??

Site is loading, WRONG click, browserwindow pops maximizing, site seeing
monitor size, THEN maximize-warning pops up.
What? Are you kidding me?

Warning must popup/asking before browser maximize.

tem versão em Português?

Yes. You can select it by clicking on the "English" field below the big purple download button on https://www.torproject.org/download/download-easy.html.en.

Join the discussion...

We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the post moderator. Please do not comment as a way to receive support or report bugs on a post unrelated to a release. If you are looking for support, please see our ​support portal or ways to get in touch with us.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

13 + 1 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.