Tor Blog |

Tor Browser Bundle 1.2.10 Released

On November 20, we released an updated Tor Browser Bundle, version 1.2.10, which includes:

46 comments

Installing and using Tor

Thanks to Rob at Freedom House for putting together some videos about how to get, install, and use Tor, Tor Browser Bundle, and Bridges.

11 comments

Tor 0.2.1.20 Released

Tor 0.2.1.20 fixes a crash bug when you're accessing many hidden services
at once, prepares for more performance improvements, and fixes a bunch
of smaller bugs.

81 comments

October 2009 Progress Report

New releases, new hires, new funding

2 comments

Blogfest Asia 2009

Roger and I attended the 2009 Blogfest Asia, HK BloggerCon, Privacy and Security Workshop series in Hong Kong last week.

2 comments

Vidalia 0.2.6 Released

On November 2, we released Vidalia 0.2.6. Primarily a bugfix release for OS X issues. The changed items are:

7 comments

Google Summer of Code 2009 Wrap-up

Attending the Google Summer of Code Mentor Summit feels like the perfect time to finally write the wrap up of this year's

5 comments

Vidalia 0.2.5 Released

On October 14th we released Vidalia 0.2.5. Changes are:

54 comments

Picturing Tor censorship in China

As reported, Tor was partially blocked by China on September 25th or so in anticipation of the CCP October

39 comments

Tor 0.2.2.5-alpha released

On October 11, we released Tor 0.2.2.5-alpha.

It can be downloaded from https://www.torproject.org/download/.

5 comments

Upcoming Events

September 22, 2018

Digital Privacy Expo (Toronto Library)

September 27, 2018

Tor Meetup Ciudad de México

October 02, 2018 - October 03, 2018

Tor's Open Hack Days (Mexico City)

October 04, 2018

Tormenta: diálogos feministas para las libertades y autocuidados

October 23, 2018

Embracing the Dark Web as a Tool for Privacy and Anti-Censorship (Yale)

See All Upcoming Events

Recent Updates

New Release: Tor 0.3.5.2-alpha

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.3.5.2-alpha from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release very soon.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Tor 0.3.5.2-alpha fixes several bugs in 0.3.5.1-alpha, including one that made Tor think it had run out of sockets. Anybody running a relay or an onion service on 0.3.5.1-alpha should upgrade.

Changes in version 0.3.5.2-alpha - 2018-09-21

Major bugfixes (relay bandwidth statistics):
- When we close relayed circuits, report the data in the circuit queues as being written in our relay bandwidth stats. This mitigates guard discovery and other attacks that close circuits for the explicit purpose of noticing this discrepancy in statistics. Fixes bug 23512; bugfix on 0.0.8pre3.
Major bugfixes (socket accounting):
- In our socket accounting code, count a socket as closed even when it is closed indirectly by the TLS layer. Previously, we would count these sockets as still in use, and incorrectly believe that we had run out of sockets. Fixes bug 27795; bugfix on 0.3.5.1-alpha.

How Has Tor Helped You? We Need Your Stories

New release: Tor 0.3.5.1-alpha

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.3.5.1-alpha from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release some time this week.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Tor 0.3.5.1-alpha is the first release of the 0.3.5.x series. It adds client authorization for modern (v3) onion services, improves bootstrap reporting, begins reorganizing Tor's codebase, adds optional support for NSS in place of OpenSSL, and much more.

Changes in version 0.3.5.1-alpha - 2018-09-18

Major features (onion services, UI change):
- For a newly created onion service, the default version is now 3. Tor still supports existing version 2 services, but the operator now needs to set "HiddenServiceVersion 2" in order to create a new version 2 service. For existing services, Tor now learns the version by reading the key file. Closes ticket 27215.
Major features (relay, UI change):
- Relays no longer run as exits by default. If the "ExitRelay" option is auto (or unset), and no exit policy is specified with ExitPolicy or ReducedExitPolicy, we now treat ExitRelay as 0. Previously in this case, we allowed exit traffic and logged a warning message. Closes ticket 21530. Patch by Neel Chauhan.
- Tor now validates that the ContactInfo config option is valid UTF- 8 when parsing torrc. Closes ticket 27428.

New Release: Tor 0.3.4.8 (also other stable updates: 0.2.9.17, 0.3.2.12, and 0.3.3.10)

After months of work, we have a new stable release series! If you build Tor from source, you can download the source code for 0.3.4.8 on the download page of the website. Packages should be available within the next several weeks, with a new Tor Browser by some time next week.

Additionally, we're also releasing updates today for the older supported release series: 0.2.9.17, 0.3.2.12, and 0.3.3.10 . You can find them at dist.torproject.org.

Tor 0.3.4.8 is the first stable release in its series; it includes compilation and portability fixes.

The Tor 0.3.4 series includes improvements for running Tor in low-power and embedded environments, which should help performance in general. We've begun work on better modularity, and included preliminary changes on the directory authority side to accommodate a new bandwidth measurement system. We've also integrated more continuous-integration systems into our development process, and made corresponding changes to Tor's testing infrastructure. Finally, we've continued to refine our anti-denial-of-service code.

Below are the changes since 0.3.3.9. For a list of only the changes since 0.3.4.7-rc, see the ChangeLog file.

Changes in version 0.3.4.8 - 2018-09-10

New system requirements:
- Tor no longer tries to support old operating systems without mmap() or some local equivalent. Apparently, compilation on such systems has been broken for some time, without anybody noticing or complaining. Closes ticket 25398.
Major features (directory authority, modularization):
- The directory authority subsystem has been modularized. The code is now located in src/or/dirauth/, and is compiled in by default. To disable the module, the configure option --disable-module-dirauth has been added. This module may be disabled by default in some future release. Closes ticket 25610.