Tor Browser 7.5.3 is released

by boklm | March 26, 2018

Tor Browser 7.5.3 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release updates Firefox to 52.7.3esr. In addition, we are updating HTTPS Everywhere to 2018.3.13.

The full changelog since Tor Browser 7.5.2 is:

  • All platforms
    • Update Firefox to 52.7.3esr
    • Update HTTPS Everywhere to 2018.3.13
      • Bug 25339: Adapt build system for Python 3.6 based build procedure

Comments

Please note that the comment area below has been archived.

> newbie searching clueless however

Tor Browser is a version of firefox browser you can install on any computer which uses Linux, Windows, or Mac OS.

Assuming you are considering installing and using Tor Browser, see this page to help you decide:

https://decvnxytmk.oedi.net/about/overview

Here is where you go to fetch Tor Browser tarball with your existing browser:

https://decvnxytmk.oedi.net/download/download-easy.html.en

(Make sure to fetch the detached signature also and to use GPG or PGP to verify the tarball before you install it. GPG is a separate FOSS software you already have if you use Linux, but you should be able to easily obtain it if you use OS or Windows.)

Here is a good page to read before you do a great deal of web surfing with Tor Browser:

https://decvnxytmk.oedi.net/download/download-easy.html.en#warning

If you decide you need more security/anonymity, you can consider using Tails.

Tails is a complete operating system you can boot on (almost) any 64-bit computer from a DVD or USB. It includes Tor Browser and also text messengers with extra security/anonymity properties. It is also ideal for working "offline" on preparing documents, for example if you are a whistle-blower or political dissident. See:

https://tails.boum.org/about/index.en.html

Here is what Tails says about surfing the web:

https://tails.boum.org/doc/anonymous_internet/Tor_Browser/index.en.html

Hope this helps give you the core of what you need to know about whether you should use Tor Browser or Tails, and if so how to get them and use them wisely.

March 28, 2018

In reply to by ana (not verified)

Permalink

I think it is good to imagine an internet without the need for tor .... anymore

focus towards the goal and we will all meet some day

humanity will

March 31, 2018

In reply to by ana (not verified)

Permalink

Me too

March 27, 2018

Permalink

I am a beginner. I would just like to thank you all for helping me learn .sorry I don't have credit card nor $ to donate

Understand.

I worry that the people who need Tor most are often not able to safely donate generously, but if you can donate even a small amount that can sometimes help Tor make the case to foundations that Tor has a large user base of at risk users. Also, Tor is almost entirely volunteer operated--- in particular, Tor nodes are almost entirely operated by volunteers (and sometimes by our enemies, but that's another issue). That can be expensive, of course, but if you speak a language other than English you can possibly help Tor Project with translation.

I think it is worth noting that you or anybody can help in so many other ways than donating money by donating your time to projects like ours. That in turn can be done in many ways as well depending on skill set, experiences, and interest: it could be outreach helping to spread the word, it could be helping with blog comments on this very blog, it could be coding, it could be patch review, it could be...

March 27, 2018

Permalink

nice

March 27, 2018

Permalink

Been around for 80 odd years been with TOR since the beginning, So before I Pop my clogs, Thanks to you all for all your Work; Never Been on Face book or Twitter, so I don,t suppose I ever existed; So once again "Thanks Tor"

March 27, 2018

Permalink

Question: was Tor created as a Global Law Enforcement effort to combat cyber-crime. If so, it's the most sophisticated (and simple), bait and switch tactic ever dropped on the unsuspecting world of fools. Tor may 'offer' better anonymity, but wouldn't it be interesting to discover that Tor was being used almost exclusively by Global Law Enforcement to expose their primary target demographics?

I worked for the gov for many years and Tor is a really needed app, The gov is very interested in all comm between just reg people. It is a very very needed program to STOP the intrusions in the life of lawful citizens. If they really wanted to know what people think just ask us. Thank you.

March 27, 2018

Permalink

As a former UK police officer, soldier and civil servant, I greatly appreciate the security you guys.provide. Being retired, to say I am short of money is like saying Marconi was keen on radio! However, having spent most of my adult life combating crime and terrorism, I greatly resent having the government (or what passes for such in UK!) looking over my shoulder like a naughty child! Great work TOR, keep on truckin`' Best Regards, Gary

March 27, 2018

Permalink

hi

March 27, 2018

Permalink

1) How do I update tor browser from within tails?
2) I downloaded the bundle and ran it with TorLauncher disabled, but how do I change the control port?

March 27, 2018

Permalink

Thanks for the update. Somehow is my browsing much slower than before. Also my entry node is new in the USA, but im in Europe, maybe the slowless is cause of this? How can I have an entry node nearer to me? Thanks for help, Thomas

> Somehow is my browsing much slower than before.

Maybe check at torstatus.blutmagie.de to see what is the bandwidth of the entry nodes your browser has chosen? Chances are they are large, eliminating one possible source of the problem.

> Somehow is my browsing much slower than before.

>>Maybe check at torstatus.blutmagie.de to see what is the bandwidth of the entry nodes your browser has chosen? Chances are they are large, eliminating one possible source of the problem.

I check it. it's fast, so it's another problem. Thanks for the hint.

March 27, 2018

Permalink

Still no proper SHA checksum files like all other software downloads.

Always the bullshit excuse of making people jump through hoops and expose their ip to validate downloads.

Offer checksum files so sites like archive.org can keep a history which also provide multiple points of verification.

Not a single check site where CIA/NSA can inject their own version using MITM attack during download and verification.

March 29, 2018

In reply to gk

Permalink

"validate downloads"
The never ending story about trustworthiness downloads and i don't know why
not act/program logical?

Add tor/torproject/TBB in Tails.iso keyring! Whats the problem with?
To easy? Government would be not amused?

> Still no proper SHA checksum files like all other software downloads. Always the bullshit excuse of making people jump through hoops and expose their ip to validate downloads.

Assuming you are talking about Tor Browser, you are correct that verifying the tarball before you unpack it is very important. But you don't do that with SHA, you use GPG (or PGP) to verify the tarball using the detached signature. It's explained on the download page at decvnxytmk.oedi.net.

If the problem is that you are having trouble obtaining GPG, this is FOSS software (as are Tor product) but from a different group. GPG is included in all Linux distributions however, so if you use Ubuntu or Debian (or know someone who does) you should be able to verify the tarball.

Cryptographic verification with GPG is much safer than "verifying" with SHA256 or SHA-512, so you should really try to obtain GPG.

> Not a single check site where CIA/NSA can inject their own version using MITM attack during download and verification.

Irony: NSA designed SHA-256, SHA-512, but GPG is based on PGP (the tool which NSA tried to make illegal back in the 1990s) and comes from an independent FOSS developer in Germany. Just one more reason why you should really try to obtain and use GPG.

I am a long-time Tor user, not a dev, so I hope Tor employee will correct me if I get anything wrong.

March 27, 2018

Permalink

Extraordinary effort is supremely appreciated. I'm 72 and not a newbie online; fortunately eh?
Nonetheless as someone who doesn't Code (yet); albeit who can diagnose most hardware or software problems, I find and have found Tor to be my great ally regarding sanctity in privacy.

March 28, 2018

Permalink

so, when i was trying to use Tor browser to watch porn at avgle.com

the site poped out "Please disable adblocker or whitelist avgle.com! No ads, Avgle cannot survive!",

and videos won't play.

so, how can i disable adblocker in Tor browser to make video play??????????????? i don't mind ads if video could play.

March 28, 2018

Permalink

you r best.................................

March 28, 2018

Permalink

الف شكر يا فريق تووووووووور على المساعدة والدعم واصلوا التطوير انه برنامج مهم جدا الف شكر يا تور

THANKS TOR WE WANT UUUUU

March 29, 2018

Permalink

We all love tor and we appreciate your work, i also made a donation .
Sincerely i'm hoping for a NEW tor developement, with new smart solutions to override injections, MITM and fake exit nodes trouble.

At present would love a Simple tool developed for windoz noobs:
- to Check for digital signature of tor releases with just some clicks
- to Test for correct installation or flaws in the system
(how much is safe to run tor if i have ISP or 8.8.4.4 DNS settings?)

*into the application
- User manager for exit nodes selection, to manage exclusions and rotation settings
- A list of checked and recognized Bad Exit Nodes include to be managed from into tor browser.

Anyway thanks for your work.!

March 29, 2018

Permalink

I don't know exactly when it all started, but for the last 3-4 weeks I noticed TOR network tries to tie down users connection to two or just one (!) country.
Example: entry node - middle node - exit node
Country A - A - B
or A - A - A

Imagine, NSA - or the like - runs middle node and exit node in the US... and you are fucked!

TB Version 7.5.3 or 8.0a5 , whatever browser you use - be careful, it's much easier for the "agencies" now to
get you !! IMHO ...

March 29, 2018

Permalink

For those whose Guard Node protection is inoperative due to Tor self-update not working, how do you suggest working with the State file?

Replacing it with an old one creates a new filesystem timestamp on it
AND also a Tor-created timestamp comment (#) inside the text of the file itself?
"# Tor state file last generated on [redacted] local time
# Other times below are in UTC
# You *do not* need to edit this file."

Does this work counter to Tor's anonymized universal "1999" timestamp strategy?

What recommend?

Thank you.

What do you mean with "whose Guard Node protection is inoperative due to Tor self-update not working"? First, what error do you get when updating Tor Browser? Second, how is the guard node protection related to the failing update?

March 30, 2018

Permalink

TBB 7.5.2 worked very very good, but 7.5.3 - all the time some cpu consumption, slow downs, even hangs. 7.5.3 is definitely worse than 7.5.2.
(Windows, 32bit)

Same on my System (Linux Mint 17.3 64 Bit). Browser hangs after start. CPU (Intel® Core™2 Duo CPU P8600 @ 2.40GHz × 2) goes up to 100%!
Browser is frozen for 20-30 seconds. After this time the CPU consumtion came down to normal value (< 10%).

March 31, 2018

Permalink

I'm new to all this, so I'm sorry for asking again a question that has been asked before, but looking back though the blog via the Search function, I have not found a definitive answer:
Can you play Youtube videos over Tor?
On the Security Settings tab it says 'Audio and Video (HTML5 media) are click to play' but How?

Full explanation please for a novice.

Thank you.

March 31, 2018

Permalink

Thanks guys

I use Tor more and more for basic daily tasks, its great to see it being updated this often :-)

A newish Tor user

March 31, 2018

Permalink

I bought a flash drive with Tails preinstalled, from a reputable ( supposedly ) online company. Is there a test I can run to see if the Tails/ Tor system was altered from the official Tails/ Tor version?

April 01, 2018

Permalink

Hello to every body i have a problem whit this version the aplication crash show me this :
Nombre del evento de problema: APPCRASH
Nombre de la aplicación: firefox.exe
Versión de la aplicación: 52.7.3.6607
Marca de tiempo de la aplicación: 3d402168
Nombre del módulo con errores: StackHash_4c0d
Versión del módulo con errores: 0.0.0.0
Marca de tiempo del módulo con errores: 00000000
Código de excepción: c0000005
Desplazamiento de excepción: 0909354e
Versión del sistema operativo: 6.1.7601.2.1.0.256.1
Id. de configuración regional: 3082
Información adicional 1: 4c0d
Información adicional 2: 4c0d4d78887f76d971d5d00f1f20a433
Información adicional 3: 4c0d
Información adicional 4: 4c0d4d78887f76d97

whath i can do please somebody help me

That's expected as Tor Browser is using the Private Browsing Mode by default which makes sure you get a new session every time you start the browser, ideally without traces left from previous browsing sessions.

April 02, 2018

Permalink

I hate asking questions that are seemingly unrelated to the blog post at hand, but everyone does it anyway so... What is the ETA on getting post-quantum crypto (the NewHope hybrid exchange) rolled out? What is left to do to get it working?

At last an answer. Thank you. I already have the 'higher Security Settings' set at 'safest'. With Adblock Plus I do not get ads, or at least few. Without Adblock Plus I get lots of ads. So the only way to avoid ads is a browser plugin. Is this correct? Thank you.

April 02, 2018

Permalink

I got this log with tor 0.3.2.10 (Linux, 64):

  1. 01:32:00.000 [warn] connection_edge_send_command failed. Skipping.<br />
  2. 01:32:00.000 [warn] connection_edge_send_command failed. Skipping.

Google tells me nothing. It may be related to HS, but I cannot sure it. Is this warn message suspicious?

April 03, 2018

Permalink

I am relatively new to Tor and completely new (First day) to Ubuntu.

When I go to the Tor website, page:

https://decvnxytmk.oedi.net/docs/debian.html.en

I see a lot of information, hardly any of it I understand, beginning with:
Option one: Tor on Debian Stretch - stable, Debian Buster - testing, or Debian Sid - unstable

If you're using Debian, just run
apt install tor
as root.”

However, on the Downloads page the first thing I see is “Tor Browser for Linux (64-Bit)” which is what I need.

Do I have to (try to) follow all of the instructions on the first mentioned page or can I just download the Linux Tor 7.5.3 package from the Downloads page?

If I have to do everything it says on the first mentioned page: I don’t even know how to “run
apt install tor
as root.”

I may as well go back to Windows – which is something I DONTt want to do.

Please help.

Thanks

April 03, 2018

Permalink

Why do you love a service owned by the US government, tor owned and operated by US government for the US government.

April 04, 2018

Permalink

I am always getting the intial circuit value of 108.53.208.107 which is identified as
New Jersey (NJ)
City Glen Ridge
ISP Verizon Fios Business
ASN AS701 MCI Communications Services, Inc. d/b/a Verizon Business

My circuit always starts with this ip address even after doing many "new identity". I'm located in Canada,Ontario

That has nothing to do with obfs4. They seem to be blocking Tor in general. I guess one way to try to fix that is asking them why they are doing that and getting them to revert that on their side.

April 07, 2018

Permalink

What is the Point of joining your network, now that we know, You share all of your information and contacts with the alphabet group. This has to end. Time to reveal the truth!. Stop the deception!, Its over !, The revealing is here. Confess to what you have done and maybe there will be empathy for you !

April 08, 2018

Permalink

>3

April 08, 2018

Permalink

I check the guard node when I start to use Tor. Almost always it is the same one. Sometimes it is a different one - on a few occasions it is the same 'different one' that I have seen before.

Why is this?

Thanks

A novice

I have noticed this as well. If I set torbrowser to not censored in my country I get the IP 108.53.208.157, If censored in my country is selected I get with OBFS4 bridge selected I always get bridge: OBFS4 (Netherlands)

April 10, 2018

Permalink

Thanks for all the good work.

Do you envision a time when TOR will include an ad or tracking blocker like TAILS does?

April 10, 2018

Permalink

Why is it so difficult to get an answer from the developers regarding the possibility of playing YouTube videos over Tor, or even seeing the page content?

One correspondent a few days ago pointed out that for the High security settings you yourselves say “High - At this level, HTML5 video and audio media become click-to-play via NoScript;”

I too have looked at the NoScript website (apologies if I have missed it) but I can’t find any information there either.

Thanks for your help.

April 11, 2018

Permalink

I know Tor Browser is the best browserin the world. i like Tor browser. but i wan't to go dark/deep web. i don't know how can i do that. please help me to open/go dark/deep web.please saw me how to go dark or deep web step by step .

April 11, 2018

Permalink

In older versions i click on the S butom to disable javascrips but now where i can do that? Is not longer anymore in that way ☹️

April 13, 2018

Permalink

April 14, 2018

Permalink

The tor circuit always shows the same initial address when not using a tor bridge. When a bridge is used like obfs4 I see a circuit as follows.

˚this browser
˚ Bridge: OBSf4 (Netherlands)
˚Germany (173.212.228.203)
˚France (163.172.132.199)
˚Internet

The value fro Bridge never changes in this case "Bridge: OBSf4 (Netherlands)" even though I perform "new tor circuit for this site" or "new identity" even closing the app and reopening doesn't change the value. I am connected to a Japan network when testing.

Do you consider this a security issue?

April 14, 2018

Permalink

Thank you, guys. There are problems in Russia with anonymity, and we know it will be worse soon also, and so on. Your Tor project is so helpful for us! Thank you for what you're doing for human all over the world.

April 15, 2018

Permalink

I have been using Tor for a couple of months. A couple of weeks ago I started going to some .onion sites.

Up until yesterday, when I went to an .onion site and checked the route my traffic was taking under the green onion and ‘Tor circuit for this site’, I saw the usual 3 nodes (guard, middle and exit) followed by three unnamed nodes to the .onion site (relay/relay/relay).

Yesterday when visiting a couple of .onion sites the guard, middle and exit nodes were mentioned but there was no mention of the additional three relays to the sites.

Does that mean that, in order to reach an .onion site, the browser can by-pass the additional three relays, or was that just a problem with the ‘Tor circuit for this site’ indicator information?
Today everything is back to normal 3 named nodes and 3 unnamed relays?

Please clarify.
Thanks.

April 17, 2018

Permalink

Hello guys and gals,,, you got to find a way around this recapcha bullshit, to many sites are using it and Tor is just blocked outright... Google is the devil here and won't even give you a capcha image at times and the other times won't let Tor users complete it!!!

April 25, 2018

Permalink

When I tried to received bridges by Email with "get transport type obfs4" in the body I got the response

[This is an automated message; please do not reply.]

Here are your bridges:

(no bridges currently available)

To enter bridges into Tor Browser, first go to the Tor Browser download
page [0] and then follow the instructions there for downloading and starting
Tor Browser.

When the 'Tor Network Settings' dialogue pops up, click 'Configure' and follow
the wizard until it asks:

May 07, 2018

Permalink

Thank you thank you and again thank you, will this fix that darn bug from flash player player that was causing my comp to slow a near stop?