Tor Browser 7.0a1-hardened is released
Posted January 24th, 2017 by boklm
A new hardened Tor Browser release is available. It can be found in the 7.0a1-hardened distribution directory and on the download page for hardened builds.
This release features important security updates to Firefox.
Tor Browser 7.0a1-hardened is the first hardened alpha in the 7.0 series. Apart from the usual Firefox update (to 45.7.0 ESR) it contains the first alpha in the tor 0.3.0 series (0.3.0.1-alpha) and an updated HTTPS-Everywhere (5.2.9) + NoScript (2.9.5.3).
Tor Browser 7.0a1-hardened is the first hardened alpha allowing Linux users to test Snowflake, a new WebRTC-based pluggable transport.
The full changelog since 6.5a6-hardened is:
- All Platforms
- Update Firefox to 45.7.0esr
- Tor to 0.3.0.2-alpha
- Update Torbutton to 1.9.7
- Update HTTPS-Everywhere to 5.2.9
- Update NoScript to 2.9.5.3
- Bug 20471: Allow javascript: links from HTTPS first party pages
- Bug 20651: DuckDuckGo does not work with JavaScript disabled
- Bug 20589: Add new MAR signing key
- Bug 20735: Add snowflake pluggable transport to alpha Linux builds
- Build system
- All platforms
- Bug 20927: Upgrade Go to 1.7.4
- All platforms
Tor hardened and alpha do not allow Tor Birdy to connect using defaults like it used to, how do we fix this?
Sounds like you might be encountering
https://trac.torproject.org/projects/tor/ticket/20761
in which case, the simplest fix is to wait for the fix to get written and to get into an upcoming alpha. :)
I can wait just fine, but I am thinking this is disabling many, many clients running Tor Birdy who may not be able to suffer extended downtime.
On their behalf, is there any estimation on how long we will be waiting? It seems this has been on the radar for 2 months already with no fix, according to the trac link you provided:
https://trac.torproject.org/projects/tor/ticket/20761
The problem is it needs a fix on the tor side as well. That one got merged to master yesterday. I am not sure about backporting/new alpha releases with that fix yet but I'd say we should be able to have this fixed in the next regular alpha/hardened releases.
=) Thanks for the reply! We will be looking forward to the next release for a fix. Cheers!
If you just need a tor that listens on TCP port 9150 for SOCKS (which is probably all TorBirdy requires), you can disable the new Unix domain sockets feature and get back your TCP SOCKS port by using about:config inside Tor Browser to set the following preferences to false:
extensions.torlauncher.control_port_use_ipc
extensions.torlauncher.socks_port_use_ipc
You will need to restart Tor Browser after making these changes,
What's different in this Snowflake pluggable transport compared to others?
Have a look at https://trac.torproject.org/projects/tor/wiki/doc/Snowflake and https://lists.torproject.org/pipermail/tor-dev/2016-January/010310.html.
Thanks a lot! :)
Is there a 32bit version for download?
No. And none is planned.
https://blog.torproject.org/archive
403 Forbidden
You don't have permission to access /archive on this server.
Apache Server at blog.torproject.org Port 443
This is expected behavior. You should wait until they migrate to a new blogging platform. Alternatively you can always use https://web.archive.org/web/*/https://blog.torproject.org/
Could it be that the signature .asc files for the tor browser bundle 6.5 miss the public key of the developers?
I have just downloaded and tried to verify the 64 bit version of the en-US and de language file. And on both gnupg throws me out, that the public key is missing. And I definitely have saved the tor browser developers signing key on my computer.
The key from the Tor Browser developers involves a long-term identity, and a set of shorter-term signing subkeys. These subkeys last for a year or so, and they make new ones periodically, because "key rotation" is a good way to limit the scope of damage if something goes wrong sometime.
So, you likely have the old subkeys since you "saved the tor browser developers signing key on your computer", but if you fetch a new copy of the key, you'll get the new subkey too. Hopefully everything will work smoothly from there.
Thank you for that hint.
After refreshing the the signing keys via the keyservers, the check of the downloaded bundles now runs fine with gpg.
It was a little confusing, because I couldn't see any information about that shot-term subkeys on the explaining page on how to check the integrity of that bundles with gpg.
But now it makes sense to me.
Bit offtopic but ...funny:
https://www.burojansen.nl/bvd-aivd/dutch-secret-service-tries-to-recruit-tor-admin/
"[...] He said they were mostly interested in building a community of techies around the developers of Tor and Tails and that it would be an international effort. This was an option that wouldn’t require me to work with the Dutch secret service AIVD officially but voluntarily and I could state the expenses and determine my own salary. He said: “this is a possibility too, if you’re not asking 5.000 euros a month but we cover travels too.”"
Hello! Tails 2.10Rc1 and the 2.10 can't start for me. After the login procedure nothing happeming, just a new login screen and procedure. This is an Acer Aspire, my older Acer laptop can't boot totally.
We are not providing support for Tails. I think the best way to reach them is picking an option from https://tails.boum.org/support/index.en.html.
I dont't get the automatic updates.
I want to get the latest version from my distro's repo
Not being pushed with a new version.
Any improvements on RAM usage?
There is a margin at the bottom of the screen after updating.
I'm using Windows 10.
Would like to see the ability to choose which countries Tor chooses for proxies or at least be able to have a block country list.
One issue I have with browsing is I prefer to use Eastern block / less developed countries for relays as they are less sophisticated and therefore less likely to be able to intercept and decrypt Tor communications, where as more developed countries such as the USA, UK, Germany etc, have more developed systems.
It also worries me when my country is the last hop before my ISP as this potentially make surveillance much easier as they can trace the IP of my ISP much more easily as it's the next hop.
Hi, I'm trying to run Tor Browser, but there's kind of three days it just returns a downloading error 404, and even if I change the server, it doesn't work anyways. Apparently the server is offline, or, 6.5 TOR version 64 bits for Debian is not working anymore, could you guys help? Thanks.
Do you have an example link that is not working?
Firefox Version 53.0a2, first offered to Firefox Developer Edition channel users on January 27, 2017
Windows XP and Vista are no longer supported.
Ended Firefox Linux support for SSE processors
32-bit Mac OS X is no longer supported.
R.I.P. Firefox. Now it is worse than Adobe with it's Flash Player...
Compile it with LibreSSL or this so called "hardened" is a joke.
Youtube "LibreSSL: The first 30 days, and what the Future Holds" to see what a pos OpenSSL is.
Deep web?
:-) OK !
HOW DO YOU ADD DNSCRYPT INTO TOR BROWSER?
https://www.dnscrypt.org/#dnscrypt-windows
CAN YOU IMPLEMENT THIS SYSTEM INTO TOR BROWSER TO AUTO ENABLE DNSCRYPT UPON BROWSING?
Why is DuckDuckGoOnion not used on tor:about?
One reason for currently not using DDG's .onion is that we are not sure how well it scales if all Tor Browser users start to using it. And it's even slower than the non-onion search.
Thank you
the key fails on torbrowser-launcher in debian and ubuntu
This is a bug in the program called torbrowser-launcher, which is a separate thing from Tor Browser.
Here's the bug ticket:
https://github.com/micahflee/torbrowser-launcher/issues/263
You can use the workarounds at that page, or you can stop using torbrowser-launcher and install Tor Browser directly.
Post new comment