Tor Browser 7.5a2 is released

Tor Browser 7.5a2 is now available from the Tor Browser Project page and also from our distribution directory.

This release features an important security update to Tor.

We are updating Tor to version 0.3.1.4-alpha, fixing a path selection bug that would allow a client to use a guard that was in the same network family as a chosen exit relay. This release also updates HTTPS-Everywhere to 5.2.19 and sandboxed-tor-browser to 0.0.9.

Note: While building the Linux bundles we hit a possible issue in our reproducible builds setup affecting the snowflake part. In order to avoid it it is necessary to rebuild WebRTC and snowflake even though no related source code changes were made for this release.

Here is the full changelog since 7.5a1:

  • All Platforms
    • Update Tor to 0.3.1.4-alpha, fixing bug #22753
    • Update HTTPS-Everywhere to 5.2.19
  • Linux
    • Update sandboxed-tor-browser to 0.0.9
khled.8@hotmai.com

July 07, 2017

Permalink

Hello gk!

I had sandboxed-tor-browser 0.0.8 with the alpha channel. I got a notification that TB 7.5a2 was released. I went to the side and downloaded sandboxed-tor-browser 0.0.9 to replace s-t-b 0.0.8, so I launched it and the update went well. But then TB didn't appear. I looked up the processes and I saw that Firefox was sitting there at 108 Kb or so with about 50% CPU usage.

I did ./sandboxed-tor-browser install to re-install everything again, but I was hit with the same problem.

So I guess there's some problem with sandboxed-tor-browser 0.0.9?

System: Ubuntu 17.04

Thanks in advance!

khled.8@hotmai.com

July 07, 2017

Permalink

Hi, sent a message before but it seems it didn't go (probably because I used the high security setting)

sandboxed-tor-browser can no longer launch the Tor Browser (looking at the processes I see a firefox.exe with 104Kb only and around 50% cpu usage) after upgrading it to 0.0.9, even when I do ./sandboxed-tor-browser install to reinstall the Tor Browser.

https://blog.torproject.org/comment/269749#comment-269749

You can do one of:
1) Wait for the sandboxed-tor-browser-0.0.10, that will (probably) happen with the next Tor Browser alpha.
2) Wait for the next Tor Browser alpha that will (probably) have a fixed version of SelfRando.
3) Build sandboxed-tor-browser from source, as there is a workaround for the SelfRando bug.
4) Switch to the stable series, which avoids the problem since it doesn't use SelfRando.

khled.8@hotmai.com

July 08, 2017

Permalink

i do not understand the reason why sandbox 9 has kept my setting done on sandbox 7 (the sandbox files were moved to the trash before).
what does it mean ?

khled.8@hotmai.com

July 08, 2017

Permalink

I AM FROM EGYPT AND MY COUNTRY BLOCK YOUR SITE

If torproject.org is blocked for you, you can download Tor from the Github site: https://thetorproject.github.io/gettor/ Or from the official Github repository: https://github.com/thetorproject/gettorbrowser/

Hope this helps!

Could that put GitHub at risk of being blocked?

Places have tried. https://en.wikipedia.org/wiki/Censorship_of_GitHub

Usually adversaries want to limit collateral damage.

Hello. All possible reasons why I "don't really want that" (I do) or "couldn't possibly understand what I'm asking for" (I do, and I compile things regularly) aside, I would like to know how to compile the browser, specifically with ALSA support, not pulseaudio. Thanks.

Hi! You should probably be interested in the following: https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking

That said, I'm sure your audio wont work since Firefox intrinsically no longer works without PulseAudio. If you want to complain do so to Mozilla in their bug tracker issue, or the community forum.

12:07:46.204 NS_ERROR_DOM_BAD_URI: Component returned failure code: 0x805303f4 [nsIWebNavigation.loadURIWithOptions] 1 browser-child.js:333

Browser Console shows events from the future in the past:
[07-11 18:53:39] Torbutton INFO: controlPort << getconf bridge
[07-11 18:52:17] Torbutton INFO: Torbutton debug output ready

sandboxed-tor-browser 0.0.8 it's include in the new alpha version or is a new version of Tor

I installed this new version and it seems to be missing "In Private" browsing. If it does this automatically now I would like to know. If it doesn't, I'm curious as to what I need to do to get it back.

Tor Browser has done something like "In Private" browsing for ... ever? A very long time. If the button has been removed, I would guess it's because having it there caused confusion. "Isn't Tor Browser already private? What does this button do? Shouldn't it always be in private mode?"

about:preferences#privacy should show "Always use private browsing mode" checked.

Hi!! Can a dev pls help? how u use bitcoin core with tor? before you had vidalia... now you only have tor browser... how can you use just tor without open tor browser... so you can activate tor and bitcoin core to run over tor... you have to open ur tor browser at same time?

Easiest way is to keep Tor Browser open yes.

If you're on Linux, you can install tor from your package manager. It runs in the background as a daemon.

im not on linux im on windows... so just open tor browser... then check the "running proxy" in bitcoin core? thats it really?

OK SERIOUSLY there is nobody on the whole internet that can answer this question? How do you use Bitcoin core with Tor?? Years ago you had VIDALIA control bundle... now, how the heck do you activate tor without starting the tor browser bundle? You have to run the browser every time you run bitcoin core???? Step by step help would be verry helpful

I've copy/pasted a reply to you twice now. You might also want to consider looking at bitcoin documentation instead of posting in the comments of a alpha Tor Browser update blog post.

There's a "Tor expert bundle" on Windows you can use. Instead of an open browser you end up with an open console. It's left up to the user (an expert, hopefully) to figure out how to run it in the background.

On Linux you can get Tor from your package manager and it runs in the background as a system service (as I've told you twice now).

For how to point your bitcoin software at Tor, you should probably yell in a different comment section. Perhaps one vaguely related to bitcoin.

https://geti2p.net/en/

can you add option to go through I2P nodes? do not know if it is better tha tor nodes but looks good.

Using i2p nodes to build circuits is not possible.

Possible security issue with Drupal + blog.torproject.org: https://trac.torproject.org/projects/tor/ticket/22947

Since I updated Tor the last time, all of my password sites say that my connection is unsecure. i have HTTPS enabled, and have the highest security settings on, is there anything more I can do to fix this issue?

gk, greatly appreciate the prompt reply and information I learned a great deal, however I was unclear. I am having trouble accessing .onion password sites with a secure connection, is there a similar way to secure those sites?

I am not sure about that. Do you have an example showing the problem for me? I am fine with screenshots if there is no way for me to test the URLs myself.

Error. Page cannot be displayed. Please contact your service provider for more details. (2)

ISP PROVIDERS ARE GETTING VERY SMART BEING ABLE TO BLOCK ANY SITE IF USING TOR BROWSER!

YOUR TOR BROWSER CAN"T BYPASS ISP BLOCKS ALSO CANNOT GOING AROUND CERTAIN ISP BLOCKS FOR CERTAIN SITES.

If your error page is asking you to contact your ISP then this is a bug on the error page. It should not suggest you to contact your ISP if you have your browser configured to use Tor. Your ISP can't see where your traffic is bound to if you are using Tor Browser.

Is already safe to check the "use hardware acceleration when available" option? that option made the Tor browser crash before on Windows 10.

The underlying problem has not been solved yet (see: https://trac.torproject.org/projects/tor/ticket/9145). So, if you have not changed your hardware the issue is likely remaining.

They want browser update giving notification at the onion. I have updated this but still the onion showing to update the browser. BTW, its working very slow now a days!

What does the version say in the right upper corner on the about:tor page?

Hi,
Please add an Ad-blocker to the Tor Browser is very important for browsing speed and security! Not?

Also, recommend an article about fingerprinting or write a new one!

Thank you so much

one thing you can do to help net neutrality, what ever that is, is to give it a better name
also you could have comments available on your net neutrality part of your blog?

When my Tor upgraded automatically to 7 versions, it stopped function. My Win is 10. I had to delete all installed and install the last 6 version (it functions normally).
As it always upgrade to the last version, and keep don´t function, I must always delete it and reinstall version 6.
As version 6 functions, I think it's not date/hour problem, or virus program, or firewall.
Please help me.

Our current theory is that this kind of problems is caused by firewall/antivirus software interfering with Tor Browser. Do you have such software installed? If so, which? Does it work for you if you are uninstalling it (temporarily)? Disabling is often not enough.

If so, why 6.x version do function? My antivirus is Avira (Premium).

Hard to say, as I don't know how Avira works. One reason could be that the version you have takes Tor Browser 6.x into account, it "knows" it and lets it pass. But Tor Browser 7 looks too different and it prevents it from running. Does Tor Browser work if you uninstall Avira, as said disabling might not be enough.

I've unistalled Avira and all remains. I've put at windows firewall all permissions to tor browser.
But all remains the same.
Someone more can help me?

I've found a response at web that functioned to me. There is a kind of incompatibility btw TOR 7.x and IBM Trusteer Endpoint Protection in Win 10. When I disable it, Tor 7.x functions. I don´t know why!
You can go to https://www.ibm.com/support/knowledgecenter/en/SS7MJT_1507/ug/t_Stoppin… where you can find instructions how to desable and enable Trusteer.

Thanks for reporting back. We are still in contact with Trusteer to get the bug fixed on their end. Until that happens there is not much we can do, though, alas.

in osx 10.13 high sierra audio is broken in Youtube site (and others)
Seems the same problem Firefox has fixed about sandbox.

It seems you are talking about: https://bugzilla.mozilla.org/show_bug.cgi?id=1376163. Are you saying this affects Tor Browser 7.5a2? I am asking because Mozilla did not backport this to ESR52 which Tor Browser is based on. I assume that's because the sandboxing level in ESR52 is not high enough that this bug gets actually triggered.

This problem is still happening in Tor Browser 7.5a5. Anytime a site tries to play audio of any sort on a system running 10.13 and Tor Browser 7.0.6 or 7.5a5, the "Gah. Your tab just crashed." message comes up.

It does appear there was a change made in Firefox 56 that addressed this problem:

https://bugzilla.mozilla.org/show_bug.cgi?id=1388655

Join the discussion...

We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the post moderator. Please do not comment as a way to receive support or report bugs on a post unrelated to a release. If you are looking for support, please see our ​support portal or ways to get in touch with us.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

1 + 4 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.