Tor 0.3.0.3-alpha fixes a few significant bugs introduced over the 0.3.0.x development series, including some that could cause authorities to behave badly. There is also a fix for a longstanding bug that could prevent IPv6 exits from working. Tor 0.3.0.3-alpha also includes some smaller features and bugfixes.

The Tor 0.3.0.x release series is now in patch-freeze: no additional features will be considered for inclusion in 0.3.0.x. We suspect that some bugs will probably remain, however, and we encourage people to test this release.

You can download the source code from the usual place on the website, but most users should wait for packages to become available over the upcoming weeks.

Please note: This is an alpha release. Please expect more bugs than usual. If you want a stable experience, please stick to the stable releases.

Below are the changes since 0.3.0.2-alpha:

Changes in version 0.3.0.3-alpha - 2017-02-03

• Major bugfixes (directory authority):
  • During voting, when marking a relay as a probable sybil, do not clear its BadExit flag: sybils can still be bad in other ways too. (We still clear the other flags.) Fixes bug 21108; bugfix on 0.2.0.13-alpha.
  • When deciding whether we have just found a router to be reachable, do not penalize it for not having performed an Ed25519 link handshake if it does not claim to support an Ed25519 handshake. Previously, we would treat such relays as non-running. Fixes bug 21107; bugfix on 0.3.0.1-alpha.
• Major bugfixes (entry guards):
  • Stop trying to build circuits through entry guards for which we have no descriptor. Also, stop crashing in the case that we *do* accidentally try to build a circuit in such a state. Fixes bug 21242; bugfix on 0.3.0.1-alpha.

  read more »

Tor Browser is the secure and anonymous way to browse the web and access onion services. Tor Metrics' new visualization of Tor Browser downloads and updates shows that Tor Browser is downloaded 100,000 times from the Tor website every day! These could be new Tor users or existing users who are downloading it again.

The Signature downloads subgraph shows that between 5,000 and 15,000 users per day tried to verify that Tor Browser was signed by our developers after downloading it. Verifying the signature is the surest way to know that that executable is the legitimate version from Tor and not a benign or malicious third-party one. It is important to increase the number of users that verify their downloads in the future through education and assistance, and knowing the numbers is the first step.

The Update pings subgraph shows ~2,000,000 checks for a new Tor Browser version being made every day. Each running instance of Tor Browser makes a minimum of two such requests per day, and another request at the start of each session. As of now, we don't have any data on how long a typical Tor Browser session lasts or how often users restart their browser. But the update number is still useful to observe trends. For instance, look at the sharp drop of update pings at the end of January. We don't yet know what happened there, though it coincides with the Tor Browser 6.5 release, and the pattern looks similar to what happened when the first version of the 6.0 series was released. We use these graphs to recognize such anomalies, investigate them, and track our explanations here.

Lastly, the Update requests subgraph shows spikes every few weeks with peaks between 750,000 and 1,000,000 requests. This happens when a new Tor Browser version is released, which tells us that automated updates are working!

We sourced the data used above from Tor Project web server logs. Don't worry—we don't record what we do not need (your IP addresses or time of day of requests) and remove potentially identifying information (such as request parameters and the user agent string) before processing. We also delete the original logs afterwards and only keep a sanitized version.

Come back to Tor Metrics often! All of our graphs and tables are updated daily, and we are working to add additional ones in the future. We also encourage you to dig through the data we use and tell us if you find something interesting.

We would like to thank the generous community donations for funding our work. Donations to Tor Project not only help fund new work, but lessen our dependencies on institutions for funding. Keep us independent by donating today!

This is one of a series of periodic blog posts where we highlight other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Please support the Tor Project! We're at the heart of Internet freedom.
Donate today!

Security in-a-Box

More than ten years ago, Tactical Tech and Front Line Defenders started providing digital security trainings for human rights defenders at risk around the world. Soon thereafter, they created Security in-a-Box to supplement those trainings and to support self-learning and peer-education among those defenders.

Security in-a-Box offers general advice and practical walkthroughs designed to help its users secure their digital information and communication by choosing the right software and integrating it into their daily lives.

Hands-on guides

Security in-a-Box offers a number of Tool Guides that explain step-by-step how to download, install, and use digital security tools on Linux, Windows, Mac OS X, and Android. Some of these guides that were recently updated in 11 languages include:

• Tor Browser for anonymity and censorship circumvention (on Windows & Linux)
• Signal for encrypted messaging and Voice-over-IP calls on Android
• VeraCrypt for file encryption (on Windows & Linux)
• Thunderbird and OpenPGP for email encryption (on Windows & Linux)
• KeePassX for secure password management (on Windows & Linux)
• Firefox with add-ons for more secure web browsing (on Windows & Linux)
• Jitsi and OTR for encrypted instant messaging (on Windows & Linux)

Other Tool Guides cover setting up a Riseup email account, securing the Windows operating system, and protecting data when using social networking platforms (like Facebook and Twitter).

Security in-a-Box also includes a few community-specific toolkits that are tailored for LGBTI communities in The Middle-East and North Africa and Sub-Saharan Africa, for Environmental rights defenders and for Women human rights defenders.

Tips and Tactics

As digital security is a process that extends well beyond the adoption of specific tools, Security in-a-Box also offers Tactics Guides that propose new ways of thinking about security and recommend practices that might strengthen it. Some of these include:

• Protecting yourself from malware
• Creating and maintaining secure passwords
• Protecting sensitive files on your computer
• Securing your online communications
• Online anonymity and censorship circumvention

Community

Over the years, a community of digital security trainers, editors, translators, and privacy advocates has sprung up around Security in-a-Box. Many digital security trainers from Africa, Latin America, Central and Southeast Asia, Europe and North America rely on Security in-a-Box for their trainings and contribute to its development.

Thanks to the project’s community translators, Security in-a-Box is published in 17 different languages. Recently updated translations include: Arabic, Spanish, Farsi, French, Indonesian, Portuguese, Russian, Thai, Turkish, Vietnamese and Chinese. As a result, Security in-a-Box reaches well over a million people each year with advice on digital security, online privacy and censorship circumvention.

None of this would have been possible without the work of the software developers who create these tools in the first place, and to whom we are extremely grateful. Donate to the Tor Project today!

Written by Maria Xynou (Tactical Tech) and Wojtek Bogusz (Front Line Defenders)

A new hardened Tor Browser release is available. It can be found in the 7.0a1-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox.

Tor Browser 7.0a1-hardened is the first hardened alpha in the 7.0 series. Apart from the usual Firefox update (to 45.7.0 ESR) it contains the first alpha in the tor 0.3.0 series (0.3.0.1-alpha) and an updated HTTPS-Everywhere (5.2.9) + NoScript (2.9.5.3).

Tor Browser 7.0a1-hardened is the first hardened alpha allowing Linux users to test Snowflake, a new WebRTC-based pluggable transport.

The full changelog since 6.5a6-hardened is:

• All Platforms
  • Update Firefox to 45.7.0esr
  • Tor to 0.3.0.2-alpha
  • Update Torbutton to 1.9.7
    • Bug 19898: Use DuckDuckGo on about:tor
    • Bug 21091: Hide the update check menu entry when running under the sandbox
    • Bug 21243: Add links to es, fr, and pt Tor Browser manual
    • Bug 21194: Show snowflake in the circuit display
    • Bug 21131: Remove 2016 donation banner
    • Translation updates
  • Update HTTPS-Everywhere to 5.2.9
  • Update NoScript to 2.9.5.3
  • Bug 20471: Allow javascript: links from HTTPS first party pages
  • Bug 20651: DuckDuckGo does not work with JavaScript disabled
  • Bug 20589: Add new MAR signing key
  • Bug 20735: Add snowflake pluggable transport to alpha Linux builds
• Build system
  • All platforms
    • Bug 20927: Upgrade Go to 1.7.4

Tor Browser 7.0a1 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Tor Browser 7.0a1 is the first alpha in the 7.0 series. Apart from the usual Firefox update (to 45.7.0 ESR) it contains the first alpha in the tor 0.3.0 series (0.3.0.1-alpha) and an updated HTTPS-Everywhere (5.2.9) + NoScript (2.9.5.3).

Tor Browser 7.0a1 is the first alpha allowing Linux users to test Snowflake, a new WebRTC-based pluggable transport. Additionally, we include bug fixes both to our sandboxing solutions for Linux (sandboxed-tor-browser 0.0.3) and macOS. For Windows users we plugged a timezone leak that got introduced by enabling ICU in Firefox when switching to ESR 45.

The full changelog since 6.5a6 is:

• All Platforms
  • Update Firefox to 45.7.0esr
  • Tor to 0.3.0.2-alpha
  • Update Torbutton to 1.9.7
    • Bug 19898: Use DuckDuckGo on about:tor
    • Bug 21091: Hide the update check menu entry when running under the sandbox
    • Bug 21243: Add links to es, fr, and pt Tor Browser manual
    • Bug 21194: Show snowflake in the circuit display
    • Bug 21131: Remove 2016 donation banner
    • Translation updates
  • Update HTTPS-Everywhere to 5.2.9
  • Update NoScript to 2.9.5.3
  • Bug 20471: Allow javascript: links from HTTPS first party pages
  • Bug 20651: DuckDuckGo does not work with JavaScript disabled
  • Bug 20589: Add new MAR signing key
• Windows
  • Bug 20981: On Windows, check TZ for timezone first
• OS X
  • Bug 20989: Browser sandbox profile is too restrictive on OSX 10.12.2
• Linux
  • Update sandboxed-tor-browser to 0.0.3
  • Bug 20735: Add snowflake pluggable transport to alpha Linux builds
• Build system
  • All platforms
    • Bug 20927: Upgrade Go to 1.7.4
  • Linux
    • Bug 21103: Update descriptors for sandboxed-tor-browser 0.0.3

Tor Browser 6.5 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This is a major release and the first one in the 6.5 series. First of all it fixes the usual critical bugs in Firefox by updating to ESR 45.7.0. It contains version updates to other bundle components as well: Tor to 0.2.9.9, OpenSSL to 1.0.2j, HTTPS-Everywhere to 5.2.9, and NoScript to 2.9.5.3.

Besides those updates Tor Browser 6.5 ships with a lot of the improvements we have been working on in the past couple of months.

On the security side we always block remote JAR files now and remove the support for SHA-1 HPKP pins. Additionally we backported from an other firefox branch patches to mark JIT pages as non-writable and other crash fixes that could disrupt a Tor Browser session quite reliably.

With respect to user tracking and fingerprinting we now isolate SharedWorker script requests to the first party domain. We improved our timer resolution spoofing and reduced the timing precision for AudioContext, HTMLMediaElement, and Mediastream elements. We stopped user fingerprinting via internal resource:// URLs, and for Windows users we fixed a regression introduced in Tor Browser 6.0 which could leak the local timezone if JavaScript were enabled.

A great deal of our time was spent on improving the usability of Tor Browser. We redesigned the security slider and improved its labels. We moved a lot of Torbutton's privacy settings directly into the respective Firefox menu making it cleaner and more straightforward to use. Finally, we moved as many Torbutton features as possible into Firefox to make it easier for upstreaming them. This allowed us to resolve a couple of window resizing bugs that piled on over the course of the past years.

The features mentioned above are only some of the highlights in Tor Browser 6.5. The full changelog since 6.0.8 is:

• All Platforms
• Update Firefox to 45.7.0esr
• Tor to 0.2.9.9
• OpenSSL to 1.0.2j
• Update Torbutton to 1.9.6.12
  • Bug 16622: Timezone spoofing moved to tor-browser.git
  • Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
  • Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
  • Bug 20701: Allow the directory listing stylesheet in the content policy
  • Bug 19837: Whitelist internal URLs that Firefox requires for media
  • Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
  • Bug 19273: Improve external app launch handling and associated warnings
  • Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
  • Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
  • Bug 17767: Make "JavaScript disabled" more visible in Security Slider
  • Bug 20556: Use pt-BR strings from now on
  • Bug 20614: Add links to Tor Browser User Manual
  • Bug 20414: Fix non-rendering arrow on OS X
  • Bug 20728: Fix bad preferences.xul dimensions
  • Bug 19898: Use DuckDuckGo on about:tor
  • Bug 21091: Hide the update check menu entry when running under the sandbox
  • Bug 19459: Move resizing code to tor-browser.git
  • Bug 20264: Change security slider to 3 options
  • Bug 20347: Enhance security slider's custom mode
  • Bug 20123: Disable remote jar on all security levels
  • Bug 20244: Move privacy checkboxes to about:preferences#privacy
  • Bug 17546: Add tooltips to explain our privacy checkboxes
  • Bug 17904: Allow security settings dialog to resize
  • Bug 18093: Remove 'Restore Defaults' button
  • Bug 20373: Prevent redundant dialogs opening
  • Bug 20318: Remove helpdesk link from about:tor
  • Bug 21243: Add links for pt, es, and fr Tor Browser manuals
  • Bug 20753: Remove obsolete StartPage locale strings
  • Bug 21131: Remove 2016 donation banner
  • Bug 18980: Remove obsolete toolbar button code
  • Bug 18238: Remove unused Torbutton code and strings
  • Bug 20388+20399+20394: Code clean-up
  • Translation updates
• Update Tor Launcher to 0.2.10.3
  • Bug 19568: Set CurProcD for Thunderbird/Instantbird
  • Bug 19432: Remove special handling for Instantbird/Thunderbird
  • Translation updates
• Update HTTPS-Everywhere to 5.2.9
• Update NoScript to 2.9.5.3
• Bug 16622: Spoof timezone with Firefox patch
• Bug 17334: Spoof referrer when leaving a .onion domain
• Bug 19273: Write C++ patch for external app launch handling
• Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)
• Bug 12523: Mark JIT pages as non-writable
• Bug 20123: Always block remote jar files
• Bug 19193: Reduce timing precision for AudioContext, HTMLMediaElement, and MediaStream
• Bug 19164: Remove support for SHA-1 HPKP pins
• Bug 19186: KeyboardEvents are only rounding to 100ms
• Bug 16998: Isolate preconnect requests to URL bar domain
• Bug 19478: Prevent millisecond resolution leaks in File API
• Bug 20471: Allow javascript: links from HTTPS first party pages
• Bug 20244: Move privacy checkboxes to about:preferences#privacy
• Bug 20707: Fix broken preferences tab in non-en-US alpha bundles
• Bug 20709: Fix wrong update URL in alpha bundles
• Bug 19481: Point the update URL to aus1.torproject.org
• Bug 20556: Start using pt-BR instead of pt-PT for Portuguese
• Bug 20442: Backport fix for local path disclosure after drag and drop
• Bug 20160: Backport fix for broken MP3-playback
• Bug 20043: Isolate SharedWorker script requests to first party
• Bug 18923: Add script to run all Tor Browser regression tests
• Bug 20651: DuckDuckGo does not work with JavaScript disabled
• Bug 19336+19835: Enhance about:tbupdate page
• Bug 20399+15852: Code clean-up
• Windows
  • Bug 20981: On Windows, check TZ for timezone first
  • Bug 18175: Maximizing window and restarting leads to non-rounded window size
  • Bug 13437: Rounded inner window accidentally grows to non-rounded size
• OS X
  • Bug 20590: Badly resized window due to security slider notification bar on OS X
  • Bug 20439: Make the build PIE on OSX
• Linux
  • Bug 20691: Updater breaks if unix domain sockets are used
  • Bug 15953: Weird resizing dance on Tor Browser startup
• Build system
  • All platforms
    • Bug 20927: Upgrade Go to 1.7.4
    • Bug 20583: Make the downloads.json file reproducible
    • Bug 20133: Don't apply OpenSSL patch anymore
    • Bug 19528: Set MOZ_BUILD_DATE based on Firefox version
    • Bug 18291: Remove some uses of libfaketime
    • Bug 18845: Make zip and tar helpers generate reproducible archives
  • OS X
    • Bug 20258: Make OS X Tor archive reproducible again
    • Bug 20184: Make OS X builds reproducible (use clang for compiling tor)
    • Bug 19856: Make OS X builds reproducible (getting libfaketime back)
    • Bug 19410: Fix incremental updates by taking signatures into account
    • Bug 20210: In dmg2mar, extract old mar file to copy permissions to the new one

This release fixes many security issues and users should upgrade as soon as possible.

New features

• We installed OnionShare, a tool for anonymous file sharing.

• We enabled the circuit view in Tor Browser.

Upgrades and changes

• Upgrade Tor to 0.2.9.9.

• Upgrade Tor Browser to 6.5.

• Upgrade Linux to 4.8. This should improve the support for newer hardware (graphics, Wi-Fi, etc.)

• Upgrade Icedove to 45.6.0.

• Replace AdBlock Plus with uBlock Origin.

• Configure the APT package manage to use Debian's Onion services.

• Install the AMDGPU display driver. This should improve the support for newer AMD graphics adapters.

• Renamed the Boot Loader Menu entries from "Live" to "Tails", and replaced the confusing "failsafe" wording with "Troubleshooting Mode".

• Add support for exFAT.

• Remove Nyx (previously called arm).

• Rewrite Tor control port filter entirely. Now Tails can safely support OnionShare, the circuit view of Tor Browser, and similar. This also enabled Whonix to replace their own similar piece of software with this one.

Fixed problems

• Made OnionCircuits compatible with the Orca screen reader.

For more details, read our changelog.

Known issues

None specific to this release.

See the list of long-standing issues.

Get Tails 2.10

• To install, follow our installation instructions.

• To upgrade, an automatic upgrade is available from 2.7 and 2.9.1 to 2.10.

  If you cannot do an automatic upgrade or if you fail to start after an automatic upgrade, please try to do a manual upgrade.

• Download Tails 2.10.

What's coming up?

Tails 2.11 is scheduled for March 3rd.

Have a look at our roadmap to see where we are heading to.

We need your help and there are many ways to contribute to Tails (donating is only one of them). Come talk to us!

Support and feedback

For support and feedback, visit the Support section on the Tails website.

Tor 0.3.0.2-alpha fixes a denial-of-service bug where an attacker could cause relays and clients to crash, even if they were not built with the --enable-expensive-hardening option. This bug affects all 0.2.9.x versions, and also affects 0.3.0.1-alpha: all relays running an affected version should upgrade.

Tor 0.3.0.2-alpha also improves how exit relays and clients handle DNS time-to-live values, makes directory authorities enforce the 1-to-1 mapping of relay RSA identity keys to ED25519 identity keys, fixes a client-side onion service reachability bug, does better at selecting the set of fallback directories, and more.

You can download the source code from https://dist.torproject.org/ but most users should wait for the upcoming 7.0a Tor Browser alpha release, or for their upcoming system package updates.

Changes in version 0.3.0.2-alpha - 2017-01-23

• Major bugfixes (security, also in 0.2.9.9):
  • Downgrade the "-ftrapv" option from "always on" to "only on when --enable-expensive-hardening is provided." This hardening option, like others, can turn survivable bugs into crashes--and having it on by default made a (relatively harmless) integer overflow bug into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on 0.2.9.1-alpha.
• Major features (security):
  • Change the algorithm used to decide DNS TTLs on client and server side, to better resist DNS-based correlation attacks like the DefecTor attack of Greschbach, Pulls, Roberts, Winter, and Feamster. Now relays only return one of two possible DNS TTL values, and clients are willing to believe DNS TTL values up to 3 hours long. Closes ticket 19769.

  read more »