Tor 0.3.3.6 is released, first stable release in 0.3.3.x series

Mr nickm on behalf of Tor Project has announced the release of Tor 0.3.3.6, the first stable release in 0.3.3.x series. Tor is a set of tools to ensure secure and privacy while connecting various services available on internet. Tor 0.3.3.6 being a stable release, includes various security patches and bug fixes. It also backports several important patches from 0.3.4.1 alpha release.

The Tor 0.3.3 series includes controller support and other improvements for v3 onion services, official support for embedding Tor within other applications, and our first non-trivial module written in the Rust programming language. (Rust is still not enabled by default when building Tor.) And as usual, there are numerous other smaller bugfixes, features, and improvements.

Currently, Tor 0.3.3.6 is only available as source code. Various packages will be made available in coming weeks along with new version of Tor Browser which is expected to arrive on June.

The main highlights and bug fixes in Tor 0.3.3.6 release includes,

• When built with Rust, Tor now depends on version 0.2.39 of the libc crate. 
• There is now a documented stable API for programs that need to embed Tor. See tor_api.h for full documentation and known bugs.
• Tor now has support for restarting in the same process. Controllers that run Tor using the "tor_api.h" interface can now restart Tor after Tor has exited. This support is incomplete, however: we fixed crash bugs that prevented it from working at all, but many bugs probably remain, including a possibility of security issues.
• Add consensus method 27, which adds IPv6 ORPorts to the microdesc consensus. This information makes it easier for IPv6 clients to bootstrap and choose reachable entry guards.
• Add consensus method 28, which removes IPv6 ORPorts from microdescriptors. Now that the consensus contains IPv6 ORPorts, they are redundant in microdescs. This change will be used by Tor clients on 0.2.8.x and later. (That is to say, with all Tor clients that have IPv6 bootstrap and guard support.)
• Expand the documentation for AuthDirHasIPv6Connectivity when it is set by different numbers of authorities. 
• The control port now supports commands and events for v3 onion services. It is now possible to create ephemeral v3 services using ADD_ONION. Additionally, several events (HS_DESC, HS_DESC_CONTENT, CIRC and CIRC_MINOR) and commands (GETINFO, HSPOST, ADD_ONION and DEL_ONION) have been extended to support v3 onion services. 
• Provide torrc options to pin the second and third hops of onion service circuits to a list of nodes. The option HSLayer2Guards pins the second hop, and the option HSLayer3Guards pins the third hop. These options are for use in conjunction with experiments with "vanguards" for preventing guard enumeration attacks. 
• When v3 onion service clients send introduce cells, they now include the IPv6 address of the rendezvous point, if it has one. Current v3 onion services running 0.3.2 ignore IPv6 addresses, but in future Tor versions, IPv6-only v3 single onion services will be able to use IPv6 addresses to connect directly to the rendezvous point. 

You can find complete list of changes in Tor 0.3.3.6 release announcement published on Tor Project blog.

Tor Browser 8.0a2 is released

The Tor Project has announced the release of Tor Browser 8.0a2, latest development release of secure and open source web browser dedicated to protect anonymity and privacy of users while surfing internet. This release comes with various updated components and bug fixes to take another foot step towards the mission of this project.

Tor Browser Banner

What is Tor and Tor Browser?

Tor is a software that protect users by channelling communications through a distributed network of relay servers run by volunteers around the world. It prevent people and software from understanding the browsing habits of users by analyzing the origin of request and the sites visited. It also helps to overcome the censorship endorsed by govt and authorities.

Tor Browser is a cross platform supported web browser that comes with preconfigured Tor. It helps users to anonymously browse the internet without downloading any additional software or package. Tor Browser is portable and can run on multiple platforms like Windows, GNU/Linux or macOS.

What are new features in Tor Browser 8.0a2

Tor Browser 8.0a2 is a successor of version 8.0a1 and it has following changes from the predecessor.

Common Changes

• Based on Tor 0.3.3.2-alpha
• Torbutton to 1.9.9 - which includes bug fixes and translation update
• Tor Launcher 0.2.15 which fixes the issue of not escaping special characters in proxy password.
• Updated HTTPS Everywhere to 2018.1.29
• Noscript 5.1.8.4
• meek 0.29
• Revert bug 18619 (we are not disabling IndexedDB any longer)
• Rip out optimistic data socks handshake variant (#3875)
• Changes to `intl.accept.languages` get overwritten after restart
• Add [System+Principal] to the NoScript whitelist
• Disable Range requests used by pdfjs as they are not isolated
• Make e10s/non-e10s Tor Browsers indistinguishable
• Disable randomised Firefox HTTP cache decay user tests
• Add a tbb_version.json file
• Include git hash in tor --version

Also, there are some platform specific fixes like AF_INET/AF_INET6 related issues in macOS and GNU/Linux.

Where can I download Tor Browser 8.0a2?

Tor Browser 8.0a2 is available in projects official download page. This page will always include links to latest alpha release. Alternatively, you can make use of following direct links.

All these links are pointing to English version of Tor Browser 8.0a2.

For windows (32/64 bit , 64 bit)

For GNU/Linux (32 bit, 64 bit)

For macOS (64 bit)

Tor Browser 7.5 released with redesigned UI & security updates from Firefox

The Tor Project has announced release of Tor Browser 7.5, latest stable release of secure web browser suite based on Firefox that provides anonymity and protect your privacy while browsing internet. This release of Tor Browser brings various security updates from Mozilla Firefox. It also includes several other notable changes.

Tor Browser 7.5 release announcement

The Tor Browser 7.5 includes a redesigned UI to provide a better and easy user experience. The UI redesign was done based on a paper published on A Usability Evaluation of Tor Browser. The Tor Project has taken the suggestions proposed in this paper to next level and it has been implemented.

Following are some notable visual changes that users can experience on Tor Browser 7.5.

• Redesigned Welcome Screen : Our old screen had way too much information for the users, leading many of them to spend great time confused about what to do. Some users at the paper experiment spent up to 40min confused about what they needed to be doing here. Besides simplifying the screen and the message, to make it easier for the user to know if they need to configure anything or not, we also did a 'brand refresh' bringing our logo to the launcher.

• Configuring Censorship Circumvention : This is one of the most important steps for a user who is trying to connect to Tor while their network is censoring Tor. We also worked really hard to make sure the UI text would make it easy for the user to understand what a bridge is for and how to configure to use one. Another update was a little tip we added at the drop-down menu (as you can see below) for which bridge to use in countries that have very sophisticated censorship methods.

• More documentation on configuring proxy network : The proxy settings at our Tor Launcher configuration wizard is an important feature for users who are under a network that demands such configuration. But it can also lead to a lot of confusion if the user has no idea what a proxy is. Since it is a very important feature for users, we decided to keep it in the main configuration screen and introduced a help prompt with an explanation of when someone would need such configuration.

In addition to the user interface improvements, there are some other notable highlights in Tor Browser 7.5.

• We ship the first release in Tor's 0.3.2 series, 0.3.2.9. This release includes support for the Next Generation of Onion Services.

• On the security side we enabled content sandboxing on Windows and fixed remaining issues on Linux that prevented printing to file from working properly. Additionally, we improved the compiler hardening on macOS and fixed holes in the W^X mitigation on Windows.

• We finally moved away from Gitian/tor-browser-bundle as the base of our reproducible builds environment. Over the past weeks and months rbm/tor-browser-build got developed making it much easier to reproduce Tor Browser builds and to add reproducible builds for new platforms and architectures. This will allow us to ship 64bit bundles for Windows (currently in the alpha series available) and bundles for Android at the same day as the release for the current platforms/architectures is getting out.

For a comprehensive yet complete list of changes in Tor Browser 7.5 comparing to it's ancestor Tor Browser 7.0, see Tor Browser 7.5 release announcement published in project's website.

Tor Messenger 0.3.0b1 is released

The Tor Project has officially announced public availability of Tor Messenger 0.3.0b1, latest development release of cross-platform supported, secure chat client that makes use of tor network. It support various transport networks like XMPP, IRC, Twitter ..etc.

Tor Messenger is still under development and hence the team encourages to not use it if you are looking for extreme secure, anonymous chat client. Tor Messenger 0.3.0b1 is coming with improved security and stability of instabird. Beginning from this release, Tor Messenger will be built on Tor Browser instead of Mozilla ESR. This will offer improved security by making use of tor browser patches. Also, the team is planning to release messenger in sync with tor browser release cycle.

Considering the security benefits, Tor project recommends immediate update to new release. Existing users of Tor Messenger 0.2.0b2 will get option to update their installation.

From a release announcement published in Tor blog.:

We are pleased to announce another public beta release of Tor Messenger. This release features important improvements to the stability and security of Instantbird. All users are highly encouraged to upgrade.

Tor Browser Build

Starting with this release, Tor Messenger will be built on top of Tor Browser instead of Mozilla ESR. This will help us in improving the security of Tor Messenger by making use of Tor Browser's patches. We will also try to keep in sync with the Tor Browser stable release cycle.

Secure Updates

Tor Messenger 0.2.0b2 users will be automatically prompted to install the update (similar to Tor Browser). On installing and restarting, the update will be applied; your account settings and OTR keys will be preserved.

Tor 0.2.8.7 released with critical bug fixes

Keeping the commitment to provide a more secure way to use internet, the tor project has announced availability of Tor 0.2.8.7, latest bug fix release of tool to guide your internet traffic through dedicated servers to provide more anonymity and security while using internet and associated services.

The Tor 0.2.8.7 release brings fix for an important bug associated with ReachableAddresses option in previous point release and also it replaces retiring bridge authority. The tor project strongly recommends this update for people who use ReachableAddress and all bridges.

Currently tor project does not provide binary packages for 0.2.8.7 release. It is expected that binary packages will be available over the week. Those who are curious to use this feature can download source code from projects home page.

Following are some notable highlights of Tor 0.2.8.7 release:

• The "Tonga" bridge authority has been retired; the new bridge authority is "Bifroest". 
• Only use the ReachableAddresses option to restrict the first hop in a path. In earlier versions of 0.2.8.x, it would apply to every hop in the path, with a possible degradation in anonymity for anyone using an uncommon ReachableAddress setting. Fixes bug 19973; bugfix on 0.2.8.2-alpha.  
• Update geoip and geoip6 to the August 2 2016 Maxmind GeoLite2 Country database. 
• Remove an inappropriate "inline" in tortls.c that was causing warnings on older versions of GCC. Fixes bug 19903; bugfix on 0.2.8.1-alpha.  
• Avoid logging a NULL string pointer when loading fallback directory information. Fixes bug 19947; bugfix on 0.2.4.7-alpha and 0.2.8.1-alpha. Report and patch by "rubiate".

You can find Tor 0.2.8.7 release announcement in projects blog.

Tor Browser 5.5.5 released

The Tor project announced release of Tor Browser 5.5.5, latest update of software tool kit that provides improved anonymity and privacy while browsing internet. One of the notable highlight of this release is important security fixes in Mozilla firefox which default web browser packed in Tor browser kit.

Tor Browser 5.5.5 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox.
This release updates Firefox to 38.8.0esr. Additionally, we bump NoScript to version 2.9.0.11 and HTTPS-Everywhere to 5.1.6.
Moreover, we don't advertise our help desk anymore as we are currently restructuring our user support.
Here is the full changelog since 5.5.4:
Tor Browser 5.5.5 -- April 26 2016

• All Platforms
  • Update Firefox to 38.8.0esr
  • Update Tor Launcher to 0.2.7.9
    • Bug 10534: Don't advertise the help desk directly anymore
    • Translation updates
  • Update HTTPS-Everywhere to 5.1.6
  • Update NoScript to 2.9.0.11
  • Bug 18726: Add new default obfs4 bridge (GreenBelt)

Read original release announcement in Tor project's blog.