tor browser bundle

Tor Browser Bundle 1.2.2 is now available. The only change is an update to Pidgin to version 2.5.7. The Pidgin changelog has more information.

Tor Browser Bundle 1.2.1 is released. The major changes are:

• changes to Firefox to stop scanning for plugins such as Java, Windows Media, etc. These were disabled by torbutton, but still showed up in Firefox. More work will continue on this task
• Include OpenSSL dll (ssleay32.dll) so we're not relying upon the system ssl dll. This should fix Vidalia errors relating to ssl differences.

The official changelog is:

• Better updates to Firefox to stop scanning for plugins on start
• Update Pidgin to 2.5.6r2
• Update Firefox to 3.0.11
• Include OpenSSL 0.9.8k DLL and stop using the system ssl dll
• Update Tor to 0.2.1.16-rc

In continuing to improve TBB for a vast array of users, here's the release candidate for Tor Browser Bundle 1.2.1.

I appreciate your feedback, comments, and bugs filed so far about TBB 1.2.1-dev.

You can find here the updated TBB 1.2.1-1-dev, sig, and sha1 files.

The changes since the last test are:

• Update Pidgin to 2.5.6r2
• Update Firefox to 3.0.11
• Include OpenSSL 0.9.8k DLL and stop using the system ssl dll

This is a testing release of Tor IM Browser Bundle 1.2.1-dev. The only fix in this release so far is an updated prefs.js to fix plugin scanning. The InvalidPrefs.js file no longer appears either. I'm working on the other suggestions from this comment.

You can view the diffs to see the changes.

The bundle and associated signature and sha1 files are available too.

This is an open call for testing of the soon to be released Tor Browser Bundle 1.2.0.

The major changes in this version are that you can now run multiple instances of Firefox. This means each Firefox browser is independent of the others. They won't leak urls, scripts, etc between instances.

It also includes Tor's geoip database. This will enable people to set ExitNodes by country code. You still have to manually edit the torrc file. We'd love it if someone wrote a way to do this into Vidalia (such as right click on a country in the network map and choose "exit here"). read more »

• Switch to launching Firefox directly from Vidalia to allow multiple instances of Firefox
• Update Firefox to 3.0.10
• Update to Qt 4.5.1
• Update Firefox prefs.js to stop scanning for plugins
• Update libevent to 1.4.11
• Include the Tor geoip database

New releases
On April 12, we released 0.2.1.14-rc. Read the details in the announcement.

Outreach
Roger attended an ITSG conference in Chicago.

Roger, Nick, Jacob, and Mike attended the CodeCon conference in San Francisco, http://www.codecon.org/2009/.

Andrew met with the Center for Democracy and Human Rights in Saudi Arabia to discuss using Tor for their mission, http://cdhr.info.

Roger and Andrew met with the Department of Justice CyberCrime Division to give an overview of how Tor works and how we could better work with law enforcement.

Wendy, Roger, and Andrew had a dinner with Internews Central Asia media development staff.

Andrew attended the CIMI/NED panel on World Press Freedom, http://cima.ned.org/860/world-press-freedom-day-2009.html. read more »

Updated Tor Browser and Tor IM Browser bundles are released. The updated bundles can be found at https://www.torproject.org/torbrowser/

The changes from 1.1.11 are:

• Update OpenSSL to 0.9.8k
• Update Tor to 0.2.1.14-rc

Also fixes a bug where Chinese (zh_CN) translations weren't being used in Vidalia, see http://archives.seul.org/or/cvs/Apr-2009/msg00001.html for details.

Tor Browser and Tor IM Browser Bundles are also known as the "Zero Install Client" for Windows.

A number of people are reporting that AntiVir's latest update is reporting trojan Dropper.Gen in the Tor Browser Bundle version 1.1.11, specifically the "Start Tor Browser.exe" program.

This appears to be a false positive from AntiVir. No one has confirmed they've checked the pgp signature with their download of TBB. You may want to confirm you've actually downloaded our package, https://www.torproject.org/verifying-signatures.

False positives occurs often enough we have a FAQ entry about it, https://www.torproject.org/faq#VirusFalsePositives

You can read more about the trojan at http://www.avira.ro/en/threats/section/details/id_vir/3647/tr_dropper.ge...

I'm building a VM to specifically test this AntiVir version against Start Tor Browser.exe to see what inside the executable is triggering the false positive.

An updated Tor Browser Bundle is released to address the Firefox 3.0.7 security issues. It includes:

• Update Firefox to 3.0.8
• Add Italian language bundles
• Update Torbutton to 1.2.1
• Update Vidalia to 0.1.12

This updated TBB can be downloaded from https://www.torproject.org/easy-download as the "zero install bundle".

Releases
Vidalia 0.1.9 (released September 2) fixes a big pile of bugs and inconveniences in the earlier releases. This new release marks the first "stable" release of Vidalia, in that we have now branched into a stable (0.1.x) branch and a development (0.2.x) branch.
http://trac.vidalia-project.net/browser/vidalia/tags/vidalia-0.1.9/CHANG...

Tor 0.2.0.31 (released September 3) addresses two potential anonymity issues, starts to fix a big bug we're seeing where in rare cases traffic from one Tor stream gets mixed into another stream, and fixes a variety of smaller issues.
http://archives.seul.org/or/announce/Sep-2008/msg00000.html

Tor 0.2.1.6-alpha (released September 30) further improves performance and robustness of hidden services, starts work on supporting per-country relay selection, and fixes a variety of smaller issues.
http://archives.seul.org/or/talk/Oct-2008/msg00093.html

Circumvention Enhancements
From the Vidalia 0.1.9 ChangeLog:
"Correct the location of the simplified Chinese help files so they will actually load again."

From the Tor 0.2.1.6-alpha ChangeLog:
"Start work to allow node restrictions to include country codes. The syntax to exclude nodes in a country with country code XX is "ExcludeNodes {XX}". Patch from Robert Hogan. It still needs some refinement to decide what config options should take priority if you ask to both use a particular node and exclude it."
This feature should allow users in China to specify that they don't want to enter (and/or exit) in China, which in theory could provide stronger security for them.

From the Tor 0.2.1.6-alpha ChangeLog:
"Allow ports 465 and 587 in the default exit policy again. We had rejected them in 0.1.0.15, because back in 2005 they were commonly misconfigured and ended up as spam targets. We hear they are better locked down these days." read more »