Blogs

This is a testing release of Tor IM Browser Bundle 1.2.1-dev. The only fix in this release so far is an updated prefs.js to fix plugin scanning. The InvalidPrefs.js file no longer appears either. I'm working on the other suggestions from this comment.

You can view the diffs to see the changes.

The bundle and associated signature and sha1 files are available too.

This is an open call for testing of the soon to be released Tor Browser Bundle 1.2.0.

The major changes in this version are that you can now run multiple instances of Firefox. This means each Firefox browser is independent of the others. They won't leak urls, scripts, etc between instances.

It also includes Tor's geoip database. This will enable people to set ExitNodes by country code. You still have to manually edit the torrc file. We'd love it if someone wrote a way to do this into Vidalia (such as right click on a country in the network map and choose "exit here"). read more »

• Switch to launching Firefox directly from Vidalia to allow multiple instances of Firefox
• Update Firefox to 3.0.10
• Update to Qt 4.5.1
• Update Firefox prefs.js to stop scanning for plugins
• Update libevent to 1.4.11
• Include the Tor geoip database

The Tor network has grown to more than one thousand relays and millions of casual users over the past few years. We are proud of our network's popularity, but with growth has come increasing performance problems and attempts by some countries to block access to the Tor network. In order to address these problems, we need to learn more about the Tor network. In this post, I describe the current state of network measurements in Tor and some proposed additions to help us understand the network better. read more »

New releases
On April 12, we released 0.2.1.14-rc. Read the details in the announcement.

Outreach
Roger attended an ITSG conference in Chicago.

Roger, Nick, Jacob, and Mike attended the CodeCon conference in San Francisco, http://www.codecon.org/2009/.

Andrew met with the Center for Democracy and Human Rights in Saudi Arabia to discuss using Tor for their mission, http://cdhr.info.

Roger and Andrew met with the Department of Justice CyberCrime Division to give an overview of how Tor works and how we could better work with law enforcement.

Wendy, Roger, and Andrew had a dinner with Internews Central Asia media development staff.

Andrew attended the CIMI/NED panel on World Press Freedom, http://cima.ned.org/860/world-press-freedom-day-2009.html. read more »

Updated Tor Browser and Tor IM Browser bundles are released. The updated bundles can be found at https://www.torproject.org/torbrowser/

The changes from 1.1.11 are:

• Update OpenSSL to 0.9.8k
• Update Tor to 0.2.1.14-rc

Also fixes a bug where Chinese (zh_CN) translations weren't being used in Vidalia, see http://archives.seul.org/or/cvs/Apr-2009/msg00001.html for details.

Tor Browser and Tor IM Browser Bundles are also known as the "Zero Install Client" for Windows.

Changes in version 0.2.1.14-rc - 2009-04-12
Major features: read more »

• Clients replace entry guards that were chosen more than a few months ago. This change should significantly improve client performance, especially once more people upgrade, since relays that have been a guard for a long time are currently overloaded.

New releases, new hires, new funding

On March 9, we released Tor 0.2.1.13-alpha. It includes the following fixes and enhancements:

o Major bugfixes:
- Correctly update the list of which countries we exclude as exits, when the GeoIP file is loaded or reloaded. Diagnosed by lark. Bugfix on 0.2.1.6-alpha.

o Minor bugfixes (on 0.2.0.x and earlier):
- Automatically detect MacOSX versions earlier than 10.4.0, and
disable kqueue from inside Tor when running with these versions.
We previously did this from the startup script, but that was no
help to people who didn't use the startup script. Resolves bug 863.
- When we had picked an exit node for a connection, but marked it as
"optional", and it turned out we had no onion key for the exit,
stop wanting that exit and try again. This situation may not
be possible now, but will probably become feasible with proposal read more »

A number of people are reporting that AntiVir's latest update is reporting trojan Dropper.Gen in the Tor Browser Bundle version 1.1.11, specifically the "Start Tor Browser.exe" program.

This appears to be a false positive from AntiVir. No one has confirmed they've checked the pgp signature with their download of TBB. You may want to confirm you've actually downloaded our package, https://www.torproject.org/verifying-signatures.

False positives occurs often enough we have a FAQ entry about it, https://www.torproject.org/faq#VirusFalsePositives

You can read more about the trojan at http://www.avira.ro/en/threats/section/details/id_vir/3647/tr_dropper.ge...

I'm building a VM to specifically test this AntiVir version against Start Tor Browser.exe to see what inside the executable is triggering the false positive.