Tor Browser 7.5.1 is released

Tor Browser 7.5.1 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

In addition to security updates to Firefox (52.7.0esr) this release includes newer versions of Tor (0.3.2.10), NoScript (5.1.8.4), and obfs4proxy (0.0.7).

Moreover, we fixed sandbox incompatibilities for 64bit Windows Vista users and amended the NoScript whitelist, which unbreaks extension panels on higher security levels.

Note: We did not include the latest HTTPS Everywhere release in Tor Browser 7.5.1 as we need to first test some changes in its new build system in an alpha release to make sure we still can build everything reproducibly. We expect to have this fixed in the next stable release, though. Sorry for any inconvenience.

The full changelog since Tor Browser 7.5 is:

  • All platforms
    • Update Firefox to 52.7.0esr
    • Update Tor to 0.3.2.10
    • Update Torbutton to 1.9.8.6
      • Bug 24159: Version check does not deal with platform specific checks
      • Bug 25016: Remove 2017 donation banner
      • Translations update
    • Update Tor Launcher to 0.2.14.4
      • Bug 25089: Special characters are not escaped in proxy password
      • Translations update
    • Update NoScript to 5.1.8.4
    • Bug 25356: Update obfs4proxy to v0.0.7
    • Bug 25000: Add [System+Principal] to the NoScript whitelist
  • Windows
    • Bug 25112: Disable sandboxing on 64-bit Windows <= Vista

Tails uses a standard Tor client (currently Tor 0.3.2.10 in Tails 3.6).

Tails uses Tor Browser with some enhancements. I believe the main one is this:

"Tor Browser in Tails is confined with AppArmor to protect the system and your data from some types of attack against Tor Browser. "

See

https://tails.boum.org/doc/anonymous_internet/Tor_Browser/index.en.html

Someone please correct me if I got anything wrong!

Anonymous

March 19, 2018

In reply to by MAKENZA (not verified)

Permalink

It seems appropriate that "Cambridge Analytica" can be sung to the tune of The Reapers Chorus (from Eugene Onegin).

But I interrupted you. Sorry. You were saying?

If it's a link to a new domain, it will automatically build a new circuit, and if it's a domain you've already visited, the site will know it's still you, regardless of what circuit you're using. What's the point?

> If it's a link to a new domain, it will automatically build a new circuit, and if it's a domain you've already visited, the site will know it's still you, regardless of what circuit you're using. What's the point?

I think you are referring to the fact (yes?) that "new identity" should wipe any cookies stored in Tor Browser data directories, but "new circuit" will not, potentially enabling bad actors to track you to a new domain. But unless you did something foolish (like logging into a social media account registered under your real name or mixing Tor Browser surfing with another browser), that's still a long way from "knowing it's you" in the sense of knowing your exact real life identity.

If I missed your point, please explain.

Anonymous

March 13, 2018

Permalink

what i don't understand is what good is this script? every page,video, download,etc. always have to click on "temp.allow page" every time. never works on "ban scripts globally".unless i'm doing something wrong here,it gets to be a real pain in the /// to have to do it every time i want to do anything.anybody have any ideas on this? thanks for any help on this!!!

Are you talking about Noscript as included in Tor Browser?

> every page,video, download,etc. always have to click on "temp.allow page" every time

That does not sound right. Did you try adjusting the security slider?

Anonymous

March 13, 2018

Permalink

what i don't understand is what good is this script? every page,video, download,etc. always have to click on "temp.allow page" every time. never works on "ban scripts globally".unless i'm doing something wrong here,it gets to be a real pain in the /// to have to do it every time i want to do anything.anybody have any ideas on this? thanks for any help on this!!!

> script

Noscript?

> every page,video, download,etc. always have to click on "temp.allow page" every time.

Hmm... that doesn't sound right. Did you try adjusting the security slider? Try downloading documents from a few different commonly visited sites. I bet the problem is with a few misconfigured websites you happened to be using.

Anonymous

March 14, 2018

Permalink

this blog is not often updated and the discussions are often broken ( reply censored?) :
something is wrong since a long time with tor-blog ...
- or you run it correctly
- or you close it definitely
fed up !!

> this blog is not often updated

Eh? There have been three new posts in the past few days!

> or you close it definitely

Nooooo!

Tor Project needs some way to get feedback from the user base, and currently this blog is the only way which anyone can use.

There are some problems with the blog (e.g. if you set the slider to "High" and try to comment, the notification that your comment has been sent to the modification queue does not work), but in the overall scheme of things, this must count as a minor annoyance.

Tor is under constant assault (technical, political, legal) from numerous lavishly-resourced enemies. Consequently, TP must set priorities, and clearly must dealing with emergencies and keeping well maintained the most important/used products (Tor client/server, Tor Browser) has to come well ahead of revamping the website.

That said, it was just announced that the website has been under redesign for some time, and changes are coming.

Here's my guess:

If for some reason your system clock was set very incorrectly, it might take that long to adjust. One way this might happen is if the watch battery has died and when your computer boots, it thinks the date is midnight 1 Jan 1970.

The tor client also needs to download from the Directory Authorities information about what nodes are available for passing tor traffic. This usually takes several minutes (limited I assume by the fact that the DA's are busy, not by your internet connection speed).

The tor client running under the hood of your Tor Browser needs several minutes to download information about currently available Tor nodes from the Directory Authorities. That usually takes about two minutes (limited by the speed of the DAs not your own internet connection, I think).

Anonymous

March 16, 2018

In reply to by pisoi21 (not verified)

Permalink

Second that.

TBB 7.5.1 seems to be working fine for me, BTW!

Anonymous

March 14, 2018

Permalink

TOR GOOOOOOOOOOOO

THANKS FOR UPDATE ...
i hope THERE'S TOR PROGRAM WITHOUT BROWSER LIKE PROTON VPN

Anonymous

March 14, 2018

Permalink

My computers' setup is to not accept any update at any program even for Tor.
Just I got a message which inform me:
"a security and stability update for tor browser has been downloaded and is ready to be installed".
The down loaded update is for tor browser 7.5.1
I didn't asked, and its downloaded even if my system setup is to not accept exceptions (I double checked it again after the received message).
I asked only at the message end to accept a restart tor browser later or immediately.
So, my point is: why the Tor team acting like the others (well known) who are working for braking our freedoms and violate our choices?
Does Tor team bought from those rapers ?
If it does, they will not announce it, we will understand it from small things like that.
They will not announce it because their will is to control every one and for us (the Tor users) they will do it very uneventfully.

Anonymous

March 14, 2018

Permalink

For last 6 weeks, TOR ALWAYS & ONLY goes through Slovakia as its last IP causing slowness and security risks. TOR used to jumble the IPs and go through different ones and different countries.

> TOR ALWAYS & ONLY goes through Slovakia as its last IP

You mean all your Tor circuits always use an exit node in Slovakia?

Do you only surf to websites in Slovakia? Tor client tries to build circuits with an exit node "close" in internet terms to your destination site, but it would be a bit odd, I think, if your circuits *always* use an exit node in Slovakia.

If you are not using the most recent stable release of Tor Browser, i.e., if you didn't install a version from www.torproject.org download page, there is no telling what you actually installed. It's a very good idea to verify the tarballs from torproject.org using the detached key, with PGP or GPG software.

It's possible to modify the Tor configuration so that it will choose only exit nodes in a particular country. If you were playing with the config file in your installed version of Tor Browser, could you have done that accidently?

Anonymous

March 14, 2018

Permalink

Tor updated itself when I opened it. Now it will not connect. Your download page says it is unstable. What do I do?

Anonymous

March 15, 2018

Permalink

"NoScript whitelist, which unbreaks extension panels on higher security levels"

Great, but without JavaScript i don't see options in HTTPS-Everywhere, the WebExtension-version -thank you mozilla for this eehm ...innovation.*sadlol*

With new ESR all users will be forced to this ....innovation.
You can admire the hard retrograde step with the webextensionversion -the future- of
NoScript and all other webextensions here:
https://hackademix.net/

Anonymous

March 15, 2018

Permalink

The Android Tobrowser can chooses the country to begin network through. Can the Mac or windows version get this capability?

Anonymous

March 16, 2018

Permalink

TorProject needs cash. fact.

maybe it sounds crazy but have you ever thought about cryptomining inside TBB,
on relays or about a TorDonationBundle?

every user could be encouraged to run a separate donating app some minutes (hours) a day
to support TorProject.

safe offline mining would enable those users to donate who have no money left or
aren't able to donate in the ways you offer.

poor english, sorry.

> TorProject needs cash. fact.

Indubitably.

> maybe it sounds crazy but have you ever thought about cryptomining inside TBB,
on relays or about a TorDonationBundle?

Not crazy, and I wouldn't dismiss the idea out of hand, but I can think of at least three reasons why this might be a bad idea.

First, certain of our enemies have had it in for cryptocurrencies for some time, and appear to have done quite a bit of work to identify individual users of cryptocurrencies and to monitor blockchains. Literally mining Bitcoin (or another such) inside Tor Browser would likely only increase their fury toward the Tor community.

Second, mining cryptocurrency uses a lot of computing power, and relays are not likely to have any to spare (they need to use power to build new circuits and more generally, to do cryptography correctly). So relays should probably not be used to mine cryptocurrency.

Third, mining cryptocurrency inside your own computer, whether this is associated with Tor Browser use or not, is increasingly likely to be noticed by intelligence agencies which monitor in near real time the energy demand from individual households, via the "smart grids" which have been installed in many cities across the world, including Europe, the Americas, and Asia. So I would fear that if Tor users are allowed (or compelled) to mine cryptocurrency while using Tor, the tax authorities might turn up demanding a cut of the e-minted coinage, or the utility might retaliate against people whose Tor use or cryptocurrency mining is inferred from "suspicious patterns" of high demand from the CPUs in their computers.

Join the discussion...

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

13 + 5 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.