New Release: Tor Browser 10.0.6
Tor Browser 10.0.6 is now available from the Tor Browser download page and also from our distribution directory.
This version brings back a functioning meek bridge, and also allows users to automatically get bridges within Tor Browser again.
The full Desktop and Android changelogs since Tor Browser 10.0.5 is:
- All Platforms
- Bug 40175: Update obfs4proxy's TLS certificate public key pinning
Please note that the comment area below has been archived.
next update can you add…
next update can you add flash player i cant download because of the admine right please that we be very help full for me thank you.
Sorry, Flash is dead and is…
Sorry, Flash is dead and is not supported by Tor Browser.
Not just Tor Browser; all…
Not just Tor Browser; all major browsers. "In July 2017, Adobe announced that it will end support for Flash Player on December 31, 2020, and continued to encourage the use of open HTML5 standards in place of Flash. All major web browsers plan to officially remove Adobe Flash Player on December 31, 2020, and Microsoft will be removing it from the Windows OS entirely in January 2021 via Windows Update. Apple’s latest MacOS, Big Sur, which was released November 12, 2020, removed software compatibility for Adobe Flash Player." Apple never has supported Flash on iOS.
But about Tor Browser, to king20,
Tor is built the way it is…
Tor is built the way it is to protect it's users from leaking their I P address also to protect from tracking and finger printing techniques.. Flash has always had vulnerabilities and it could expose a Tor user by trackers and user i p address.. also it has now been removed by it's own creators you can find further info https://www.adobe.com/products/flashplayer/end-of-life.html
I don't understand why…
I don't understand why bother checking the certificates. I mean, why would the appropriate response to Microsoft Azure showing an (apparently) invalid certificate be to fail mysteriously and frustrate the user? I don't see it. What if somebody is doing a MITM-attack on Azure, why not try to connect to the "meek" server anyway? It's not as if we are certain Microsoft doesn't log who uses "meek" and gives that data to governments.
This is equivalent to "let…
This is equivalent to "let any attacking government see meek (and moat!) in addition to Microsoft". If the attacking government is the US or related, there's effectively no difference. But if the attacking government is, say, Iran, there's an enormous difference. (Iran has specifically performed a MITM attack that got foiled by certificate pinning before, in Google Chrome.)
The certificates affect moat…
The certificates affect
moatas well. Moat needs TLS, but if meek doesn't, then meek code should be decoupled from TLS. Maybe Azure refuses non-TLS connections?
Boring unimportant update.
Boring unimportant update.
Getting meek (and moat!)…
Getting meek (and moat!) from "almost completely non-functional" to "working again" is pretty hugely important for anyone living in a censored area.
Unless you need meek bridges…
Unless you need meek bridges or new bridges via MOAT, which Microsoft broke. Then, it's very important.
Good work team. Hope to see…
Good work team. Hope to see Apple Silicon support soon that would be great. Tor Browser runs well on Rosetta 2 most of the time but some onion pages keep giving a "crashed tab" error over and over. Those same pages work fine on Intel Mac. No way to make them work on the M1 chip. Hope this feedback is helpful. Looking forward to Apple Silicon support in future!
This is very helpful, can…
This is very helpful, can you specify any page where we can reproduce the crash? We don't have enough information (or access to a M1 macOS): https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/402…
There is a new version of…
There is a new version of openssl out fiximg a security issue. Should updare for next release
Are referrers ever gonna be…
Are referrers ever gonna be scrubbed from the HTTP header?
The main security implications are:
1.) If a user leaves a private, non-public .onion page of which the owners do not want anyone to know about, the next page he visits can discover that address - completely undermining the whole v3 hidden service overhaul, and the concept of "hidden" services.
2.) It makes tracking users much easier.
Will uploading files to…
Will uploading files to sites work? Now, when choosing files to upload, nothing happens. You can check on the sites sendpace, postimage and others. In Firefox this feature works, but in Tor browser there is no reaction to file selection.