Tor Browser 7.0.8 is released

by boklm | October 24, 2017

Tor Browser 7.0.8 is now available from the Tor Browser Project page and also from our distribution directory.

In version 7.0.7 we added a donation banner to point to our end-of-the-year 2017 donation campaign. This new release is fixing a bug which prevented the display of the banner.

The full changelog since Tor Browser 7.0.7 is:

  • All Platforms
    • Update Torbutton to 1.9.7.9
      • Bug 23949: Fix donation banner display
      • Update locale list with translated banner
      • Translations update

Comments

Please note that the comment area below has been archived.

craig (not verified) said:

October 25, 2017

Permalink

lol

Yes, this update does not provide security improvements, so you can safely skip it. It was however important to fix the display of this banner as this donation campaign should be an important part of the funding for new security improvements.

boo (not verified) said:

October 25, 2017

Permalink

mozilla mismatch :
- punycod is set as false (checking if Tor is well configured ?).
- security.enable_tls : false (?).
- security.ssl3.rsa_des_ede3_sha : true (!!!).
- etc.
- still installed with the cookies ON (anonymity ?)
mozilla mismatch :
too many minimal settings : it is configured for windows & unsafe site not for a safe & secure surf.

Anonymous (not verified) said:

October 25, 2017

Permalink

Didn't Paypal interfer with several political organisations, like blocking donations?
Those where unforgivable mistakes.
Why ignoring this political beaviour of Paypal for fill in a name your profile matches name sake?
Why? Why? Why?

PayPal is terrible (censoring wikileaks, and prosecuting anons who ddos'd them in response are just two of many examples) and should be anyone's last choice... but it is also the easiest or only way for some people to pay, so organizations that aren't currently banned would be foolish not to accept it when soliciting donations. If you go to wikileaks.org and click donate you'll see that even they are accepting paypal donations again these days!

Mr.Guido Naumann (not verified) said:

October 25, 2017

Permalink

Hi Everybody,
i am using Tor Browser because of it´s possibility to do Internet-Actions as safe as possible. But sometimes it is nonsense if i can't reach my E-Mail Provider or Onlinebanking Account, even when i allow Scripts. What else can i do ?
(www.t-online.de)(www.santanderbank.de)

Anonymous (not verified) said:

October 25, 2017

Permalink

My donation without using paypall.

Given Torlink
https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/S…

Hey, saving Bandwith saves money too!
"https.png" , 897 kb, could be less than 180kb
"circuit_full.png", 250kb, could be less than 60kb

That would make 0,240 MB instead of 1,147 MB. It would make 4,78 times less bandwith usage.
2.5 million Torbrowser users (we are all reading the blog and the Tor-wiki pages right?) makes a saving of 2.500.000 X 0,907 MB = 2.267.500 MB, is 2.267 Gigabyte data traffic less (at least, Just look for the big image ones in your website hosting collection and make them as small as acceptible, yes you can!)

Now you tell me what the saving in $ could be for Toproject,
or the environment (don't forget, especially nowadays).

:-)

Depending on what kind of hosting they're using, anywhere from $0 ~ $0.25.

Bandwidth is cheap. And 2GB is basically nothing.

Unless they're using a cellular data plan in Canada or something :P

Tor is an anonymity/privacy tool not a harden or a secure version of another browser : in fact, there are so many weakness settings that you can even surf to unsecure sites.
Your email provider works great with Tor but protonmail is a scam, untrust.
protonmail is compromised & works for at least Israeli govt (and another !)so with the nsa : do not have any doubt about that ...
I should have preferred you posted an onion link.
Tor provides (thx mozilla) some secure alerts/warnings.
Their free vpn (protonmail) is reserved only for their users ; it is yet suspicious and they ask javascript & tel , it is not at all an anonymous email provider , so using Tor and protonmail is not a good idea.
avoid

Overall, be patient. If you use a web-based e-mail, e.g. Gmail, TB is not the best option for it. Instead, try a VPN. Any web-based mail tracks your activity, and you will be signing on from New Zealand, Hungary, and Spain in less than 30 minutes, raising unnecessary suspicions. You'll be getting messages from Gmail, Yahoo, or MSN, asking whether someone, somewhere around the globe, is using your account. If you have an e-mail provider, you can use an open-source e-mail client, e.g.,Thunderbird, and still be safely anonymous using TorBirdy.

Many banks don't allow sign-ins from Tor, proxies, or VPNs, but if your VPN has servers in different countries, you can set up your VPN client in the country you're in (I assume you're in the US). IMHO, TB is to be used for anonymizing your interaction with whatever needs to be hidden from prying eyes, i.e. accessing material that can be compromising. Yes, your mailing and banking activities need to be protected; however, TB is the wrong tool for that purpose. You want to use a 12 gauge shotgun to kill a fly, may or may not kill it, but the noise will attract unneeded attention upon yourself.

why not ?
if the banks or another services do not allow Tor , they do not allow vpn too !
they must adapt to their clients & respect privacy & anonymity.

RoyalTigris (not verified) said:

October 25, 2017

Permalink

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

GA (not verified) said:

October 25, 2017

Permalink

You appear to release updates very often now... i feel this is suspicious
Backdoors added?

who audits the source code for tor and tor browser?

You mean apart from those that work on tor and Tor Browser daily? I don't know but I hope many are doing it.

As to more frequent releases: that's expected we want to get newer tor versions and bugfixes earlier to our users. We currently envision to release a new Tor Browser every 4 weeks (instead of 6-8 weeks). The current update was necessary to fix a bug in our donation banner, alas.

If the goal was to add a backdoor, it would take only one extra update, or it could even just wait until the next natural update. Why would frequent updates be needed?

As for who audits the source code, many people read it. I don't know of any professional audits, but it's not like only the developers read it. I am not a core developer and yet I read Tor source code. And many people read the source code commits, which include simply differences between one version and the next, making it a lot easier to keep track of what is changing.

jon (not verified) said:

October 25, 2017

Permalink

In the past two releases, my noscript icon that is usually on the left next to the green onion moves to the right of the browser, but appears to function normally. Why is this happening? Anyone know?

Anonymous (not verified) said:

October 25, 2017

Permalink

I hope more updates will come , especially security.I am paranoid on teh NSA (National Surveillance Agency)

It's not known yet whether the NSA is a global passive adversary or if they just sniff on the Tor relays using the Intel Management Engine and get cryptographic proof unlike probabilistic estimates with correlation attacks.

The NSA is not a GPA, although it tries to be. Saying global passive adversary is like saying computationally-unbounded adversary. It's a useful classification to specify threat model in research papers (as these papers require an insanely specific threat model, as opposed to common OPSEC). For example, the NSA may be able to tap major IXPs and may have compromised routers in many ASes, but do they have access to the connections between two small, arbitrary ISPs? Unlikely.

I am paranoid on…

If it's paranoia then you have nothing to worry about (your fear is irrational).

If you believe you've misused the term 'paranoid' and are being reasonably fearful, that's a different story.

mad printer (not verified) said:

October 25, 2017

Permalink

Hi Tor Team
First: Thx for givin us Tor, its great:)
But i cant print to file anymore, even its written, it should be possible. i see in the about config files, print to file is set to false, i thought thats maybe the bug and tried to put it to right, but it keeps jumping back to false and i cant print to file anymore (with and without restart), which i really like as an option in this fast living net, where a lot of interesting artcles just disappear ...
would be really thankful for an advice. Greets.
ps tried the security settings too, but that doesnt change the print to file possibilitiy too.

mad printer (not verified) said:

October 26, 2017

Permalink

thank you gk, works like a charm:)
what does it make exactly to put the security level from 2 to 1?
Pascutto (https://bugzilla.mozilla.org/show_bug.cgi?id=1309205) writes:
"Disabling it makes Firefox much more vulnerable to exploits. Note that the change is limited to Nightly only and does not ride the trains."

and yes, shure, only linux on my machines:) i think ill put it back to 2 if not needed, but hope you ll find the time to fix this, cause print to file is vital. at least for me.
have a nice day!

Anonymous (not verified) said:

October 25, 2017

Permalink

Just one thing; if you're going to change TBB into nagware, I will stop donating in the future.
I already donated several times and I don't need any nagware('donate us' image banner or something) in the browser.

Why the company doesn't understand that?

Tonja Davis (not verified) said:

October 25, 2017

Permalink

Will we ever be able to watch videos on TOR? Will we ever be able to maximize the screen?

Anonymous (not verified) said:

October 25, 2017

Permalink

More precisely: really small site -others too, no third-party-scripts, no or nearly no css, no like google or google inside. In a modern western country.
I often see lot of re-routing/relaychanging before site opens. Or after site is open, sometimes circuit/exit is long stable, sometimes not -same site each time. When Third-parties, they are,stay the same.
Looks like exits/Entry Guard/(middle?) is filtering? And there seems to be special
behaviour, timing, when exit/exit country is the same one.
.......................................................................................................................
https://vbdvexcmqi.oedi.net/comment/272041#comment-272041
"open a site i see a lot of re-routing/relaychanging [...] site is open and after minutes circits are changing"
Answer:
https://vbdvexcmqi.oedi.net/comment/272048#comment-272048
""complex sites like Google that reroute [...] circuit gets unusable [...] nothing which is unusual."

Anonymous (not verified) said:

October 25, 2017

Permalink

Tor 7.0.8 on Windows crashes for me 100% of the time when opening a new tab. Also, it crashes when accessing Zion by any of its mirrors. Go to the mirror, enter the captcha, and watch the tab crash. After reloading the page or restoring the tab 2-3 times, the entire browser will crash.

WTF did you guys do to this release? 7.0.7 was totally fine.

The only thing we did was changing one line of code in Torbutton which is responsible for showing the donation banner once on startup (and we updated some translations). So, if you download a clean, new 7.0.7 (https://archive.torproject.org/tor-package-archive/torbrowser/7.0.7/) and a clean, new 7.0.8 (https://archive.torproject.org/tor-package-archive/torbrowser/7.0.8/) and you start both are you saying the former works fine and the latter is crashing?

I rather suspect this is related to your firewall/antivirus software on your computer. Do you have any of those (which one) and does it help if you uninstall it (disabling is often not enough)?

Iron Wolf (not verified) said:

October 26, 2017

Permalink

Thanks for TB 7.0.8, a much better release than its predecessor. Smooth and relatively fast, within TB context. Go Tor!!! I encourage everyone to donate now to the "Mozilla-will-match-your-gift" campaign, doubling donations for The Tor Project, one of the few lines of defense we have against BB (Big Brother.)

Anonymous (not verified) said:

October 28, 2017

Permalink

I am not the original poster but I want to point out that I have app.aupdate.auto and app.update.enabled both set to false but eventually, the tor browser always updates automatically anyway (using Windows)

Open menu --> Options --> Advanced --> Update --> "Check for updates, but let me choose whether to install them"

Above activated button proved reliable to not update TOR automatically

TOR team, keep up the good work!

Curious (not verified) said:

October 26, 2017

Permalink

Why doesn't the tor relay, 128.31.0.61 (U.S.A), ever change? Even when I change identities, it remains the same in each case while the other 2 relays below it change.

The first relay ("guard") is not supposed to change. That's to give your computer fewer chances to eventually hit a hostile relay.

BUT THIS IS A PROBLEM FOR SOME USERS ON WINDOWS WHERE THE AUTO-UPDATE DOES NOT WORK. THEY ARE FORCED TO DOWNLOAD THE WHOLE NEW VERSION FOR EACH UPDATE WHICH LOSES TRACK OF WHICH GUARD RELAY THEY WERE USING, PUTTING ANONYMITY IN DANGER.

Anonymous77 (not verified) said:

October 26, 2017

Permalink

1. 'Preview' did not display my reply post any differently than on the 'compose' screen. In particular, the html codes displayed 'as codes.'

2. I also don't see my post. Is there a standard delay?

Anonymous (not verified) said:

October 27, 2017

Permalink

doesn't work, doesn't work, doesn't work. Type in an address and it either does nothing and sits on the welcome page or crashes. I need to go back to an older version do you have repository?

mqthieub (not verified) said:

October 27, 2017

Permalink

unusableon older windows 7 laptop. Crashes, freezez, you can't even shut the window it locksao bad? What happen these last two update? You make Tor useless.

mathieub (not verified) said:

October 27, 2017

Permalink

turn off firewall no difference still freeze on connection not display pages. Can't close.

ad-crusher (not verified) said:

October 27, 2017

Permalink

ad im torbrowser?...widerspricht sich das nicht?...ich werde das nicht testen weil es mir einfach zu blöd ist...

sorry for my bad english...

No it does not contradict each other. Tor Browser is not a browser made to fight ads on the internet. Rather it is one to prevent users from getting tracked and fingerprinted and from leaking IP addresses. That's doable without blocking ads.

certifiable (not verified) said:

November 04, 2017

Permalink

only adding comment:
Disabling javascript (by noscript defaults) tends to "block" ad systems.
A small fraction of sites show "static" ads.

Anonymous (not verified) said:

October 28, 2017

Permalink

Wow so much whining in these comments it's unbelievable. TBB is here to provide privacy and anonimity first. If you want to use webmail and watch YT videos and still have some protection, then use the tor proxy feature from your normal browser. Stop expecting them to cater TBB to your individual needs. Every added feature to accommodate one of you is at least one potential attack surface opened up.

That being said, please do not push simple non-security updates like this. Everyone who uses the older version has updates downloaded when they start TBB up (assuming you start fresh each time), which makes it easier to fingerprint and track people.

bk (not verified) said:

October 28, 2017

Permalink

I have windows 10 home, so I do not have full access to the operating system's full protective scheme as designed. I utilize EMET 5.52, and have learned how to configure it to treat each app, and process in a unique manner. It is a passive defense, and does not interfere with my software firewall or vpn. I utilize all these, and use Tor as my non-Java browser. EMET is set up to run Firefox (64bit) with 'Attack Surface Reduction' enabled. In short,the browser screen presence is reduced in size, like Tor. Anytime one has a glitch with a Tor upgrade, I will confirm that looking at one's anti-virus/firewall configuration will give you insight into what is blocking installation or proper operation.

bk (not verified) said:

October 28, 2017

Permalink

The new release, and every past one has given me no head/heartaches as far as my system is concerned. Windows 10 Home w/ EMET 5.52, Avast Premier and Secure Line VPN. EMET 5.52 allows me to configure Firefox (64bit) with 'Attack Surface Reduction', so its' open window is virtually the same size as Tor, and thus its presence on the web is reduced.

Cj (not verified) said:

October 29, 2017

Permalink

I do not understand why so many people are NOT concerned about firefox apps data mining users full web information, tabs, forms, EVERYTHING. What is up with that shit?
The whole purpose of firefox was supposedly privacy, security, and speed.
Yeah, go to their apps download page and pick one of their apps and the browser warns you that you will be given ALL information to the app dev, basically.

17829 (not verified) said:

October 29, 2017

Permalink

k?

Tor Browser is slower as other browsers, yes. That's due to traffic send over three different hops before it reaches the website you want (the responses take those three hops back as well) and encryption along the path. While the browser speed improved considerably in the past there is still work ongoing to make it better and remove bottlenecks. But you won't be able to reach the speed with Tor Browser you would get without using Tor.

fakeName (not verified) said:

October 30, 2017

Permalink

This update broke "Save image as" under right click. Saving files/photos results in 4kb and its corrupted. Rolling back to older versions doesn't have this issue.

Do you have steps to reproduce that? Which image was not working? On which operating system did that happen? I tested it on a Linux machine and while the download took a bit to get started I got a proper image finally.

Johnny Donny (not verified) said:

October 30, 2017

Permalink

This update is advertised as being "A security and stability update". Apparently, that's a blatent lie. Putting such blanket statements into your software doesn't inspire confidence. It does the opposite.

Anonymous (not verified) said:

October 31, 2017

Permalink

12:19:45.838 Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist. 1 ExtensionCommon.jsm:265
withLastError resource://gre/modules/ExtensionCommon.jsm:265:9
wrapPromise/< resource://gre/modules/ExtensionCommon.jsm:316:11

Anonymous (not verified) said:

October 31, 2017

Permalink

15:43:53.864 A promise chain failed to handle a rejection. Did you forget to '.catch', or did you forget to 'return'?
See https://developer.mozilla.org/Mozilla/JavaScript_code_modules/Promise.j…

Date: Tue Oct 31 2017 15:43:27 GMT+0000 (UTC)
Full Message: TypeError: this._addon is null
Full Stack: gDetailView.fillSettingsRows/finish/<@chrome://mozapps/content/extensions/extensions.js:3493:1
gDetailView.fillSettingsRows/whenViewLoaded@chrome://mozapps/content/extensions/extensions.js:3481:9
gDetailView.fillSettingsRows/finish@chrome://mozapps/content/extensions/extensions.js:3488:7
gDetailView.fillSettingsRows/ resource://gre/modules/Promise-backend.js:932:23
this.PromiseWalker.walkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:813:7
this.PromiseWalker.scheduleWalkerLoop/<@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:747:11
1 extensions.js:3493

Anonymous (not verified) said:

November 01, 2017

Permalink

Please don't wait for mozilla on security

https://www.bleepingcomputer.com/news/security/mozilla-wants-to-distrus…

Parts of this hacking and interception law are already in business from the first of september 2017.
Consider removing this trusted root certificate, because they are undermining the chain of trust in security.

Hopefully they will be forced (again!) by european court to finally follow international law jurisdiction.

yes , yet reported it.
that is a shame !
Netherlands is becoming a jail land where all is reserved for vip.

* European court ? The same who enslaves you telling us that is legal because 2 of them have voted for ? i prefer that mozilla & another net_team take their own decisions defending & promoting user's right than unknown well dressed write that i must live or believe (they should try first that that they give to the others so generously : an impossible freedom & health).

Anonymous (not verified) said:

November 05, 2017

Permalink

Hi,
what are the updates concerning translations?
Thank you

You can click on the "hamburger" menu in the upper right corner of your browser and there on the "?" and then on "About Tor Browser" to start the update check manually. That said Tor Browser should check in the background for new updates periodically and download any that are available. You get a notification to restart the browser once the update got successfully applied.

Mercer (not verified) said:

November 10, 2017

Permalink

I have an idea for you. Can you create a software for windows PC just like "Orbot" for android which will encrypt all the data flowing from that PC. You can also add an option to work it as a relay on the network.

Your name (not verified) said:

November 13, 2017

Permalink

On Tor Browser 7.0.8 windows: If a website pushes audio, is this a security risk, e.g. can that website glean info from my computer due to pushing audio? This happens when submitting a police tip through the tip411 link from the local police website. At the end of the tip submission, there is a double-tone emitted. Thank you, <3 to all Tor people

lena (not verified) said:

November 27, 2017

Permalink

ok

TV (not verified) said:

November 30, 2017

Permalink

LG