Tor Browser 6.5.2 is released
Tor Browser 6.5.2 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox.
This should be the last minor release in the 6.5 series. This release updates Firefox to 45.9.0esr, Noscript to 5.0.2, and HTTPS-Everywhere to 5.2.14.
Moreover, we included a fix for the broken Twitter experience and worked around a Windows related crash bug. To improve our censorship resistance we additionally updated the bridges we ship.
Here is the full changelog since 6.5.1:
- All Platforms
- Update Firefox to 45.9.0esr
- Update HTTPS-Everywhere to 5.2.14
- Update NoScript to 5.0.2
- Bug 21555+16450: Don't remove Authorization header on subdomains (e.g. Twitter)
- Bug 19316: Make sure our Windows updates can deal with the SSE2 requirement
- Bug 21917: Add new obfs4 bridges
- Bug 21918: Move meek-amazon to d2cly7j4zqgua7.cloudfront.net backend
- Bug 21795: Fix Tor Browser crashing on github.com
Please note that the comment area below has been archived.
I'm getting this error: Tor
I'm getting this error:
Tor Browser could not be updated because: Update XML file malformed (200)
Which version of Tor Browser
Which version of Tor Browser are you updating from, on which OS and locale?
6.5.1, Debian 64, en-US. I
6.5.1, Debian 64, en-US.
I just tested with another system that I have with the same characteristics and I don't get this issue, so I think the problem is just with my install, so I'll just do a manual upgrade and hope that this issue wont repeat itself again.
Tor Browse 6.5.2 Windows 10
Tor Browse 6.5.2
Windows 10 Pro, 64 bit
Also getting this on 7.0a3
Also getting this on 7.0a3 Win Eng, as well as a warning that my browser is out of date.
You get the warning because
You get the warning because it is not released yet. Should be fixed in then next couple of hours.
Are you using some onion
Are you using some onion redirection like darkweb-everywhere? Because I get the same error if Torproject onion redirecton is on
That could be it yes! :) I
That could be it yes! :) I disabled it now it works fine!
Update HTTPS-Everywhere to
Update HTTPS-Everywhere to 5.2.15?
I don't understand that
I don't understand that particular piece of blurb myself, and await explanation.
I take it my settings, eg directly to non-Java sites & other preferences concerning my basic security settings, are auto-carried over? I don't have to go through my entire Settings drop-down from the logo and onion to manually update THOSE do I?
5.2.15 was released few
5.2.15 was released few hours after 6.5.2, i don't think it's any more complicated than that.
so is my ip address safe
so is my ip address safe
best tor update ever :D
best tor update ever :D
how we can install flash
how we can install flash player on this browser?
flash is DEAD!
flash is DEAD!
how do you watch Flash
how do you watch Flash videos then?
i don't visit websites
i don't visit websites requiring flashplayer.
new web standard is html5.
> how we can install flash
> how we can install flash player on this browser?
Do you want to de-anonymise yourself?
hy dude i am just a kid i
hy dude i am just a kid i wana anonymise ....here the speed of internet is very slow so tor isn't connecting afta installing...showing this error :Establishing an encrypted directory connection failed (connection timeout - 220.127.116.11:443).may U suggest me somtin' alternative to tor
I want to be able to use the
I want to be able to use the web and watch videos.
Avast reports "firefox.exe"
Avast reports "firefox.exe" Virus found "IDP.Generic" after updating from Tor Version 6.5.1 to 6.5.2 over online update!
I use now a fresh install - i´m online over that since my updated Version is now in quarantine - and do not notice any virus here... hm... strange...
Win7 32Bit SP1, 4GB
Thanks! I'm not an Internet
I'm not an Internet security expert - is this upgrade the reason why I couldn't enter Tor Browser for a half hour or so? Whenever I tried to enter, it said, "Couldn't load XPCOM."
My guess is that you have
My guess is that you have some antivirus/firewall software that does not like parts of the Tor Browser update. You could try uninstalling that (disabling is often not enough) to check whether it is really the problem.
I am having this same
I am having this same problem. I cannot us my TOR browser for the same reason! How do I fix it??
NoScript: how long will it
NoScript: how long will it be pushed up our throats by the various anonymity products like Tor Browser, Tails, etc.?
Just open the advanced (about:config) settings in TorBrowser/Firefox and do a search on the word "NoScipt". You'll see some exception URLs, some local directory/file paths, some unique IDs... There are more of them than in the past. One weird ID value is said to be user-assigned, yet I didn't set it. Did you?
Was it in the past AdBlock's blog - an article about the NoScript's malicious and deceptive operation in the past?
Can you trust it without the code review? Is anyone going to audit it, or continue assuming it's OK for anonymity?
Various agencies probably delight in the TorBrowser community using this mysterious NoScript for so long. Or is it perhaps an agenda? Yes, low priority, not enough people/time, etc.
uMatrix as an alternative, per Rise-up advice? It may not have the whatever "ClearClick" defense, but is more open and seems to have a better reputation. So far.
> "Can you trust [NoScript]
> "Can you trust [NoScript] without the code review? Is anyone going to audit it, or continue assuming it's OK for anonymity?"
Whom ever told you that is spreading false information
The NoScript extension contains the source code. You just need to unzip it. The whole source code is publicly available in every each XPI.
From the author Giorgio's:
- - -
"This topic was about the availability of a public version-controlled repository, not about the availability of the source code or the validity of its GPL, which is not "a claim", but the license NoScript is released under not just on AMO or my website, but in several GNU Linux distributions including the source-only Gentoo."
"You've got it on your hard disk right now, if you're a NoScript user, otheriwise you can download it here."
"You can examine and/or modify it by unzipping the XPI and the JAR inside, and "building" it back by rezipping both.
It's been like that for ever, since the very first version."
- - -
See Giorgio's reply at http://forums.informaction.com/viewtopic.php?p=9212#p9212
>> "Can you trust [NoScript]
>> "Can you trust [NoScript] without the code review? Is anyone going to audit it,
>> or continue assuming it's OK for anonymity?"
> Whom ever told you that is spreading false information
>The NoScript extension contains the source code. You just need to unzip it.
>The whole source code is publicly available in every each XPI.
You introduced the "Red Herring" fallacy. The original subject here is a lack of the security review, and not a lack of the published source code.
There is a big difference. One can download and look at the code all day long and still miss something like an allowance for a certain dynamic encrypted advertisement/backdoor frame. Or something like this: https://adblockplus.org/blog/attention-noscript-users
A couple of years ago or so, one of the Tor developers replied in this blog that NoScript has not been audited due to lack of resources / low priority / whatever.
Unless already being done, a regular security audit of NoScript code is still needed.
>Unless already being done,
>Unless already being done, a regular security audit of NoScript code is still needed.
I await breathlessly for you to donate the time and money for one. You have the source code, what's stopping you?
- just another satisfied tor user
for just a while saw a
for just a while saw a comment from someone hopes it worked in mobiles too..
yes it dose.. check here pls.(but .. yet can't find his comment after i got below link ) .. it's real: lol ;)
Hi Tor Network Am I safe
Hi Tor Network
Am I safe from monitoring and tracking in a situation that is less secure and what is your advice in order not to know my identity by the security services?
Thank you Team Network Tor
Good job In previous
In previous version it was impossible to Likes and retweets on Twitter But in this version, this problem has been fixed.it's election season in Iran And it was very necessary
thanks so much
Hello, Is the homograph
If somebody wants to know more, please read Wikipedia's "IDN homograph attack" article.
Thank you for your attention.
I'm having the same
I'm having the same question. Is it ok to manually change this in about:config?
See explanation and sample website on
The epic example does not
The epic example does not always work fine.
This example works better, even in Tails!
Not exactly an apple domain
Except in Torbrowser it is.
I'll show this, https://www.аррӏе.com/
We have a bug to discuss
We have a bug to discuss what we do about it: https://trac.torproject.org/projects/tor/ticket/21961.
thx. what about manually
thx. what about manually change it, possible or problem?
avast reports virus
avast reports virus 'IDP.Generic'
Tor Version 6.5.2
Is that OK?
Same here on FF and
Same here on FF and Waterfox. Avast put it in the virus chest, then I up'd the version of Waterfox and Avast put that .exe in the virus chest also. Next step is to remove and then install both but ... I'm also thinking there is a second component to this virus that lurks elsewhere waiting for another exe to show up.
installing this, messed up
installing this, messed up my other browsers completely
> messed up my other
> messed up my other browsers completely
What do you mean by that?
Why can't I use Magnet
Why can't I use Magnet downloads?
magnet worked here with a
magnet worked here with a download program
hope you find a solution
TOR ALWAYS goes to US
TOR ALWAYS goes to US 67.92.173,228 ALWAYS, ALWAYS, ALWAYS, ALWAYS,
Who is that? NSA?????????????????
Perhaps you would
Perhaps you would like
This is a feature, to protect you from attacks over time.
For way way way more details, also check out
Maybe you should write
Maybe you should write another article on the new entry guard algorithm (proposal 271-another-guard-selection) to raise more awareness about this :)
The Future of Freedom: A
The Future of Freedom: A Feature Interview with NSA Whistleblower William Binney
Why doesn't Tails allow
Why doesn't Tails allow users with persistence enabled to save entry guards? I've been waiting for this feature for years now and my colleagues and I use Tails daily and we're very worried that we're going to end up using a malicious guard node one day (if we haven't already).
That's a good question. Let
That's a good question.
Let us know if you figure out the answer from the Tails people. :)
Maybe, because it's a Live
Maybe, because it's a Live CD OS which can't write to CD?
Updated to 6.5.2 via "check
Updated to 6.5.2 via "check for Tor browser update"
Every time computer rebooted,
every time "New Identity",
every time "New Tor Circuit for this site "
The first Tor circuit relay is U.S. 18.104.22.168
2nd and 3rd change up however not getting relay circuit bridges that are all over the globe in different countries as prior.
(which worked well)
I'm not liking this at all.
So what is the issue?
Do I need a fresh 6.5.2 install, and delete the old with all the updates to 6.5.2?
No, it sounds like it's
No, it sounds like it's working fine.
You can read about your guard here:
See the above links for why guards are needed for security.
By "relay circuit bridges that are all over the globe in different countries as prior", do you mean that in an earlier version of Tor Browser, your first hop varied a lot? It's true that in earlier versions (several years back), there were three guards, not one -- so it didn't actually vary a lot, it just rotated among those three. See this paper for how we moved from three to one:
And see the above "improvements to guard parameters" blog post for *why* we moved from three to one.
Same issue for me every
Same issue for me every since this update! 1st circuit is ALWAYS USA and 22.214.171.124 with the second and third changing. Get new identity - Not Really - Same first circuit other two different!
I've not set any strict nodes or changed anything but now 1st is always USA, yesterday I noticed this after the update and now today.
I've also got Tor hardened (that's not been updated yet) and its fine as usual with three different circuits
On my other laptop prior to the update Tor (non-hardened) prior to the 6.5.2 update give three different changing exit relays?
WHAT THE HELL IS GOING ON???? This defeats the point of Tor if you get a static IP.
> I've also got Tor hardened
> I've also got Tor hardened (that's not been updated yet) and its fine as usual with three different circuits
The entry node (aka Guard) not being fixed would be a bug, and totally broken.
> WHAT THE HELL IS GOING ON????
As linked before, this is intended behavior (https://tor.invidious.site/docs/faq#EntryGuards).
> This defeats the point of Tor if you get a static IP.
Given that systems that don't use Guards provide worse anonymity, not using the guards would defeat the point of Tor.
>systems that don't use
>systems that don't use Guards provide worse anonymity, not using >the guards would defeat the point of Tor.
Tails has worse anonymity?
> Tails has worse
> Tails has worse anonymity?
More vulnerable to certain types of attacks certainly.
Thankyou team and
Thankyou team and developers, as your services are greatly appreciated. May you continue giving your services to the people who need it for correct reasons morally. Best wishes.
09:03:50.144 1492765430100 addons.xpi-utils ERROR Unable to read anything useful from the database1 Log.jsm:751:0
excelent work :)
excelent work :)
this phishing works in tor browser ! scary
if you read down there is an fix for it thankfully
why no one seem to be taking
why no one seem to be taking this post exploit seriously ?
just think for one moment, one could uni-code expliot this website, which could have serious implications. this is NOT just only this website by the way.
various parties are working ways to over come this, but in the meantime tor team in my opinion should at least display some kind of flag waving on this issue.
When trying to open TOR from
When trying to open TOR from my desktop,(os 7) I get an error code re firefox.exe Oxc0000022. This has never happened before came out of no where. Is it possible your update addressed this?? The same problem does not happen on my Laptop OS10.
Could you check whether you
Could you check whether you have an Antivirus/Firewall software installed that is interfering with Tor Browser? The easiest way to do that is to uninstall it (disabling is often not enough) and to try to use Tor Browser then.
thank you for your helping
thank you for your helping
Is there a way to turn off
Is there a way to turn off automatic updating of Tor Browser? I want to update manually, but I do want notifications when new updates are available.
Couldn't that feature be exploited by someone running a fake Tor update service to force code onto your computer?
> Is there a way to turn off
> Is there a way to turn off automatic updating of Tor Browser?
> I want to update manually, but I do want notifications when new updates are available.
Not like that though.
> Couldn't that feature be exploited by someone running a fake Tor update service to force code onto your computer?
The updates are signed with an RSA key that's hard coded into the code that applies the update. So someone with a fake Tor update service (with the right magic TLS cert) and nothing else could withold updates, but not force updates.
How do we turn off automatic
How do we turn off automatic update? In about:config (entered manually as the URL) I see app.update.auto. Set that to false? Are any other changes required?
With app.update.auto = false, we will still be notified when an update is ready to install?
Menu Tools> Options >
Menu Tools> Options > Advanced > Updates >
Never check for updates
Do you have app on iOS.??
Do you have app on iOS.??
In which files of Tor
In which files of Tor Browser are there stored full filepaths to files in the install folders?
If I want to change the folder from which Tor is started, which files do I need to patch up to make that change?
As a feature request (if this is not already present), it would be nice if all of the paths were expressed as relative paths to the install folder rather than absolute paths. That way you could freely move the entire install and not lose anything like bookmarks.
Which operating system are
Which operating system are you using? I think you can just move the bundle to a different directory on Linux and Windows and everything is still working. Those bundles are meant to be portable. We moved away from that on macOS due to codesigning problems (and plan to move away for Linux and Windows, too) to a model that more resembles "normal" browser usage: you have your binaries in one location and your profile directory somewhere in your user home directory.
Dear Sir/ Ma'am, I was
Dear Sir/ Ma'am,
I was told by a friend of mine, with a degree in "Computer Science" (specializing in Linux systems), that the "Tor" browser had been hacked/ evaded by the FBI paying Carnegie Mellon to do the work; if there's any truth in this I would appreciate your correspondence at: . Thank you.
Kind regards, Mark
CMU went quiet, I guess out
CMU went quiet, I guess out of fear of lawsuits or something because of their sketchy behavior.
You can read more about it here:
The good news is that it's all in the past (that is, that attack no longer works). The bad news is that some of the issues it raises, like "can the feds pay a university to do what amounts to a search and seizure, without getting a warrant, and it's fine because it's technically not the feds doing the search and seizure?", remain open questions.
thx for all
thx for all
Please consider building
Please consider building choosing entry node option in Torbrowser
I do not want to be halted at border control just because I have used an entry node in a specific country while traveling.
Therefor I do not want to use some entry nodes from some countries, I do not trust it and it is not worth the risk.
But because this option is not in Torbrowser it is also not an option in Tails and that is a pity.
Please consider tot build this option so people can manage their personal security and have the possibility to use Torbrowser and also Tails..
Thank you very much
just block them in firewall
just block them in firewall - no need for additional option
I think you can add the
I think you can add the line
to torrc, with whatever country codes you want to not use.
Hej Tor! For a short while I
For a short while I have got a little warning window with: "You know you close two tabs" (or something like that), when closing down Tor, when I only have one side up?
Thanks for asking.
tor is working fine like i
tor is working fine like i use them for many years
Thank you for your TOR
Thank you for your TOR Browser ... it helps. Wished to make another smal donation - I'm poor' but saw n place to do so...
hello it not works properly
hello it not works properly on hidden wikipidia
I am having problem login
I am having problem login in. I cannot us my TOR browser for the same reason! How do I fix it?? thanks
Network distortion? For
For already a long time I get the impression that as soon as an exit, entry or also middle node from United Kingdom is taking part, I experience problems with Tor connections.
With exit nodes I experience on a regular basis that pages are slow loading or not loaded at all, broken ssl messages and warnings of some sort in the blank browser window.
When they appear as a middle node a lot of times the connection gets slow and it is very hard to renew the Tor circuit, it just hangs for a long time on the same circuit or end up over and over again with United Kingdom middle nodes.
Very very attached to the UK.
Now, some people believe in coincidences, others don't.
While I actually do believe in coincidence I think it is at least remarkable and worth noting the Tor troubles here.
No, I did not only see red cars today in the streets, there were a lot of yellow ones too.
Anyway, I would not be surprised if there are some unwanted construction work attempts all along that UK-node line.
But question is, can they succeed in disturbing/slowing down/breaking Torcircuit?
Have other people seen these Tor cricuit/network issues too?
Sure, if a misbehaving relay
Sure, if a misbehaving relay is on your circuit, it can mess with your circuit. (It can't change the bytes that you receive unless it's the exit relay, but it can slow things down, break connections, etc.)
I wonder if there is a particularly fast relay in the UK that is mis-measured by the bandwidth authorities.
...this browser is very
...this browser is very great. i'm very glad to use this browser.
I've been keeping off from
I've been keeping off from updating to this version as the stated IP used is some fucked up shit.
It has been housing a spambot in the second quarter of 2015 to only be hacked in september 2015 and used as base camp for other attacks. More can be located.
Using Torbrowser on Ubuntu
Using Torbrowser on Ubuntu 16.04LTS it is clearly linked to Firefox 53. If I open Torbrowser then go to the task bar I see indicator icons that Firefox is open. If I close Firefox from the task bar the Torbrowser closes.
this link shoud not exist.
Wrong format ?! Printing a
Wrong format ?!
Printing a page to A3 format is not allowed anymore.
It gives a long statement about being a wrong format, someone sponsored by A4 (anti A3) manufacturers?
What is the funny but actually highly annoying story behind this?
Please make it possible again to print on A3 paper size format again or give us an about config solution for circumventing this strange paper size management dictatorship.
Circumventing is again a key word for Torbrowser.
Does this happen with a
Does this happen with a normal Firefox as well or is this Tor Browser specific? If the former then opening a bug at https://bugzilla.mozilla.org/ might be a good start.
EDIT: You could test the alpha build as well (https://archive.torproject.org/tor-package-archive/torbrowser/7.0a3/) as this is the first one based on Firefox 52 ESR. Maybe your issue got fixed meanwhile in Mozilla's code?
Tor version 6.5.2 on that
Tor version 6.5.2
on that stupid FireFox start page, a google link got added that contains an IP address.
Please provide many more
Please provide many more specific details?
That doesn't sound right.
the page with the preview
the page with the preview panels, when you open a new tab, had a link to a goo gle redirect video web site. the link contained an ip address, maybe one used by tor
It seems something is wrong
It seems something is wrong with your Tor Browser as you should not get a Firefox startup page to begin with. Neither should you get any non-empty preview panels if you are opening a new tab.
Does this happen as well if you download clean, new Tor Browser 6.5.2?
new tab preview page not
new tab preview page not start page
for it work for me well
for it work for me well
Question: More (big?) sites
More (big?) sites you surf and more 'New Identity', more longer
'New Identity' last.On MSWindows.
What's the reason for?
Hard to say without any
Hard to say without any logs. But I suspect that the garbage collection we do during New Identity takes much longer when those big sites are loaded. You could test that with looking at the logs in the browser console (Ctrl+Shift+J) after setting "extensions.torbutton.loglevel" to "3" in your about:config and doing New Identity (the "GC pass" messages are garbage collection related): the delay between the messages showing up should give you and us a hint where the actual bottleneck is.
When is the next update
When is the next update coming?
On my Mac the torbrowser
On my Mac the torbrowser always shows
bridge:obfs4 (United States) although the other locations change to the internet. I have tried new circuits and new identity.
The previous version did not do this any recommendations?