[tor-announce] Tor Browser 7.5 is released

Nicolas Vigier boklm at mars-attacks.org
Wed Jan 24 12:07:54 UTC 2018

The Tor Browser Team is proud to announce the first stable release in
the 7.5 series. This release is available from the Tor Browser Project
page [1] and also from our distribution directory [2].

    1: https://www.torproject.org/download/download-easy.html
    2: https://www.torproject.org/dist/torbrowser/7.5/

This release features important security updates [3] to Firefox.

    3: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/

Apart from the usual Firefox security updates it contains some notable
improvements compared to the 7.0 series. Here are the highlights:

1) We redesigned parts of the Tor Browser user interface. One of the
   major improvements for our users is our new Tor Launcher experience.
   This work is based on the findings published at 'A Usability Evaluation
   of Tor Launcher' [4], a paper done by Linda Lee et al. At our work we
   iterated on the redesign proposed by the research, improving it even
   further. Here are the main changes we would like to highlight:

    4: https://petsymposium.org/2017/papers/issue3/paper2-2017-3-source.pdf

   *Welcome Screen*

   Our old screen had way too much information for the users, leading many
   of them to spend great time confused about what to do. Some users at
   the paper experiment spent up to 40min confused about what they needed
   to be doing here. Besides simplifying the screen and the message, to
   make it easier for the user to know if they need to configure anything
   or not, we also did a 'brand refresh' bringing our logo to the
   launcher. [5]

    5: https://extra.torproject.org/blog/2018-01-23-tor-browser-75/tor-launcher-bridge-small.gif

   *Censorship circumvention configuration*

   This is one of the most important steps for a user who is trying to
   connect to Tor while their network is censoring Tor. We also worked
   really hard to make sure the UI text would make it easy for the user
   to understand what a bridge is for and how to configure to use one.
   Another update was a little tip we added at the drop-down menu (as
   you can see below) for which bridge to use in countries that have
   very sophisticated censorship methods. [6]

    6: https://extra.torproject.org/blog/2018-01-23-tor-browser-75/tor-launcher-select-bridge-small.gif

   *Proxy help information*

   The proxy settings at our Tor Launcher configuration wizard is an
   important feature for users who are under a network that demands
   such configuration. But it can also lead to a lot of confusion if
   the user has no idea what a proxy is. Since it is a very important
   feature for users, we decided to keep it in the main configuration
   screen and introduced a help prompt with an explanation of when
   someone would need such configuration. [7]

    7: https://extra.torproject.org/blog/2018-01-23-tor-browser-75/proxy-small.gif" /></p>

   As part of our work with the UX team, we will also be coordinating
   user testing of this new UI to continue iterating and make sure we
   are always improving our users' experience. We are also planning a
   series of improvements not only for the Tor Launcher flow but for
   the whole browser experience (once you are connected to Tor)
   including a new user onboarding flow. And last but not least we are
   streamlining both our mobile and desktop experience: Tor Browser 7.5
   adapted the security slider design we did for mobile bringing the
   improved user experience to the desktop as well.

2) We ship the first release in Tor's 0.3.2 series, [8]. This
   release includes support for the Next Generation of Onion Services [9].

    8: https://blog.torproject.org/tor-0329-released-we-have-new-stable-series
    9: https://blog.torproject.org/tors-fall-harvest-next-generation-onion-services

3) On the security side we enabled content sandboxing on Windows and
   fixed remaining issues on Linux that prevented printing to file from
   working properly. Additionally, we improved the compiler hardening
   on macOS and fixed holes in the W^X mitigation on Windows.

4) We finally moved away from Gitian/tor-browser-bundle as the base of
   our reproducible builds environment. Over the past weeks and months
   rbm [10] / tor-browser-build [11] got developed making it much easier
   to reproduce Tor Browser builds and to add reproducible builds for
   new platforms and architectures. This will allow us to ship 64bit
   bundles for Windows (currently in the alpha series available) and
   bundles for Android at the same day as the release for the current
   platforms/architectures is getting out.

    10: https://rbm.torproject.org/
    11: https://gitweb.torproject.org/builders/tor-browser-build.git/

The full changelog since Tor Browser 7.0.11 is:

 * All Platforms
   * Update Firefox to 52.6.0esr
   * Update Tor to
   * Update OpenSSL to 1.0.2n
   * Update Torbutton to
     * Bug 21847: Update copy for security slider
     * Bug 21245: Add da translation to Torbutton and keep track of it
     * Bug 24702: Remove Mozilla text from banner
     * Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
     * Translations update
   * Update Tor Launcher to
     * Bug 23262: Implement integrated progress bar
     * Bug 23261: implement configuration portion of new Tor Launcher UI
     * Bug 24623: Revise "country that censors Tor" text
     * Bug 24624: tbb-logo.svg may cause network access
     * Bug 23240: Retrieve current bootstrap progress before showing progress bar
     * Bug 24428: Bootstrap error message sometimes lost
     * Bug 22232: Add README on use of bootstrap status messages
     * Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
     * Translations update
   * Update HTTPS Everywhere to 2018.1.11
   * Update NoScript to
   * Bug 23104: CSS line-height reveals the platform Tor Browser is running on
   * Bug 24398: Plugin-container process exhausts memory
   * Bug 22501: Requests via javascript: violate FPI
   * Bug 24756: Add noisebridge01 obfs4 bridge configuration
 * Windows
   * Bug 16010: Enable content sandboxing on Windows
   * Bug 23230: Fix build error on Windows 64
 * OS X
   * Bug 24566: Avoid white flashes when opening dialogs in Tor Browser
   * Bug 23025: Add some hardening flags to macOS build
 * Linux
   * Bug 23970: Make "Print to File" work with sandboxing enabled
   * Bug 23016: "Print to File" is broken on some non-english Linux systems
   * Bug 10089: Set middlemouse.contentLoadURL to false by default
   * Bug 18101: Suppress upload file dialog proxy bypass (linux part)
 * Android
   * Bug 22084: Spoof network information API
 * Build System
   * All Platforms
     * Switch from gitian/tor-browser-bundle to rbm/tor-browser-build
   * Windows
     * Bug 22563: Update mingw-w64 to fix W^X violations
     * Bug 20929: Bump GCC version to 5.4.0
   * Linux
     * Bug 20929: Bump GCC version to 5.4.0
     * Bug 23892: Include Firefox and Tor debug files in final build directory
     * Bug 24842: include libasan.so.2 and libubsan.so.0 in debug builds

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-announce/attachments/20180124/12314a6c/attachment.sig>

More information about the tor-announce mailing list