Archive

Tor 0.2.4.26 and 0.2.5.11 are released

Hello! I released Tor 0.2.4.26 and 0.2.5.11 last week. This is the formal announcement.

(Per usual practice with non-critical stable releases, I've delayed
the tor-announce announcement to give distributions have a chance to
make packages. If you are a packager and you didn't notice that,
please let me know and I'll put you on the list of people I notify
extra-early about new releases.)

Tor 0.2.4 and 0.2.5 are stable release series. Going forward, they will continue to only receive patches for really serious issues.

You can get the source code for Tor 0.2.4.26 and 0.2.5.11 from the download page, or at https://dist.torproject.org/. If you're running TorBrowser 4.0.5, you already have Tor 0.2.5.11. Remember to check the signatures!

The changelogs follow below... read more »

Tor Browser 4.0.5 is released

A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.

Tor Browser 4.0.5 is based on Firefox ESR 31.5.3, which features important security updates to Firefox. Additionally, it contains updates to Tor and NoScript.

Note to Tor Browser alpha users: There won't be a corresponding alpha release based on Firefox ESR 31.5.3 this time as we are currently in the midst of preparing releases based on ESR 31.6.0. Alpha users that can't wait another week are strongly recommended to use the Tor Browser 4.0.5 meanwhile.

Here is the changelog since 4.0.4:

  • All Platforms
    • Update Firefox to 31.5.3esr
    • Update Tor 0.2.5.11
    • Update NoScript to 2.6.9.19

Tor 0.2.6.5-rc is released

Tor 0.2.6.5-rc is the second and (hopefully) last release candidate in the 0.2.6. It fixes a small number of bugs found in 0.2.6.4-rc. It is the smallest 0.2.6 release to date, but has a couple of important fixes.

You can download the source from the website; I'd hope that the releveant packages will be online before long, and that this will ship with the next TorBrowser.

If you're curious about all the cool features coming up in Tor 0.2.6, I wrote a post about it a couple of weeks ago.

Changes in version 0.2.6.5-rc - 2015-03-18

  • Major bugfixes (client):
    • Avoid crashing when making certain configuration option changes on clients. Fixes bug 15245; bugfix on 0.2.6.3-alpha. Reported by "anonym".
  • Major bugfixes (pluggable transports):
    • Initialize the extended OR Port authentication cookie before launching pluggable transports. This prevents a race condition that occured when server-side pluggable transports would cache the authentication cookie before it has been (re)generated. Fixes bug 15240; bugfix on 0.2.5.1-alpha.
  • Major bugfixes (portability):
    • Do not crash on startup when running on Solaris. Fixes a bug related to our fix for 9495; bugfix on 0.2.6.1-alpha. Reported by "ruebezahl".
  • Minor features (heartbeat):
    • On relays, report how many connections we negotiated using each version of the Tor link protocols. This information will let us know if removing support for very old versions of the Tor protocols is harming the network. Closes ticket 15212.
  • Code simplification and refactoring:
    • Refactor main loop to extract the 'loop' part. This makes it easier to run Tor under Shadow. Closes ticket 15176.

Tor Weekly News — March 18th, 2015

Welcome to the eleventh issue in 2015 of Tor Weekly News, the weekly newsletter that covers what’s happening in the Tor community.

An animated introduction to Tor

Nima Fatemi announced the release of a short animation offering Internet users a brief and lively introduction to the tracking and surveillance they face online, and the ways in which Tor Browser can protect them. The result of a collaboration between the Tor Project and KAJART Studio, the video is available for download or sharing online, with voiceovers in five languages and subtitles in a further three.

“But we still have work to do”, as Nima explained. “If you have an idea for making better videos and documentation, or if you’re a visual artist and you can help us explain these complex technologies in simple and understandable forms to inexperienced users”, then please see the Tor Project’s website for ways to get in touch; the same goes if you want this animation to be available in your language. See Nima’s post for further details, and be sure to share the video with your friends and contacts!

Thanks Reddit!

Following Reddit’s generous donation to the Tor Project, Tor developers and community members in attendance at the Circumvention Tech Festival in Valencia responded with a surprise video thank-you message. Bonus points if you can identify everyone who took part…

Miscellaneous news

Sukhbir Singh announced the release of TorBirdy 0.1.4. This version of the torifying wrapper for Thunderbird fixes a bug that prevented the email client from opening if three or more IMAP accounts are configured. Apart from an update to the Whonix gateway, no other features are introduced in this release.

Mike Perry gave details of the Tor Browser release cycle, and discussed a possible synchronization with the release schedule for the core Tor software.

Jens Kubieziel published his minutes of the Tor relay operators’ meeting in Valencia.

Sukhbir Singh sent out his status report for February, while George Kadianakis submitted the SponsorR report, and Arturo Filastò reported on the activities of the OONI team in January and February.

David Fifield published the regular summary of costs incurred in February by the infrastructure for meek.

WhonixQubes offered an update on recent progress in the Whonix+Qubes project, including architecture improvements, upstream integration, better documentation, and more.

Thanks to Peter from ftp.yzu.edu.tw for running a mirror of the Tor Project’s website and software!


This issue of Tor Weekly News has been assembled by Harmony and Karsten Loesing.

Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved!

Releasing Tor Animation

Dear Torizens,

I’m thrilled to finally publish something we’ve been working on for a while.

The “Tor Animation” is a short video to help new users and members of our community become more familiar with Tor and understand how Tor Browser protects their privacy online.

The Tor Animation is available in the following languages for stream and download in two sizes of High Definition (~95M) and High Quality (~15M).

Arabic: HD, HQ, YouTube
English: HD, HQ, YouTube
Farsi: HD, HQ, YouTube
French: HD, HQ, YouTube
German: HD, HQ, YouTube
Spanish: HD, HQ, YouTube

Subtitles are available in Albanian, Arabic, Basque, Catalan, Chinese (China), Chinese (Hong Kong), English, Farsi, Filipino/Tagalog, Finnish, French, German, Indonesian, Italian, Latvian, Polish, Portuguese, Russian, Spanish, and Swedish. (special thanks to Karsten Loesing for coordinating the translations)

You can find all the files in this directory, which is also available via torrent.

This could not be possible without the fantastic work of the KAJART studio (@KajartStudio) and the Tor community and we'd like to thank everyone involved.

But we still have work to do. The idea behind this video and other activities like the UX studies is to get closer to end-users and understand their needs. So if you have an idea for making better videos and documentation, or if you're a visual artist and you can help us explain these complex technologies in simple and understandable forms to inexperienced users, please step forward and contact us.

Please consider helping us make the video available in more languages. To make this easier for you, we've added a version of this video without the voice over for download. We'd be glad to accept translated subtitles for any language. If you're also interested in providing voice-overs, please talk to us first. Send your contributions and any feedback to tor-assistants at lists.torproject dot org or contact mrphs on IRC.

Please download and share this video with your friends and help others understand Tor better.

And if you liked the video, make sure you donate to the Tor Project, so we can make more cool things like this.

With love and respect,
Nima Fatemi

TorBirdy 0.1.4: Fifth Beta and Bug Fix Release

We are happy to announce the release of TorBirdy 0.1.4, our fifth beta release. This is a bug-fix release, which fixes an issue with TorBirdy 0.1.3 that prevents Thunderbird from starting if three or more than three IMAP accounts are configured. This was reported by users in several tickets (#14099, #13982, #13722, #14007, #14130) and affects all platforms.

Changes in TorBirdy 0.1.4

0.1.4, 09 March 2015
* Fix bug that prevented Thunderbird with TorBirdy 0.1.3 from starting
in profiles with more than three IMAP accounts (closes #14099, #13982,
#13722, #14007, #14130)

Technical Explanation

This bug was due to a variable in a for lop that was declared twice and was affecting the enumeration of an outer loop (lines 521 and 531 in components/torbirdy.js) used to iterate over IMAP accounts. Please see commit 625f80e in the TorBirdy repository for the fix.

Users who are not affected by this issue (less than three IMAP accounts configured) may also upgrade but note that this release does not introduce any new features.

We offer two ways of installing TorBirdy -- either by visiting our website (GPG signature) or by visiting the Mozilla Add-ons page for TorBirdy. (TorBirdy 0.1.4 has been fully reviewed by Mozilla.)

Using TorBirdy for the First Time?

As a general anonymity and security note: we are still working on two known anonymity issues with Mozilla. Please make sure that you read the Before Using TorBirdy and Known TorBirdy Issues sections on the wiki before using TorBirdy.

We had love help with getting our patches accepted, or anything that you think will help improve TorBirdy!

Feel free to follow along with the release on the tor-talk mailing list.

Tor Weekly News — March 11th, 2015

Welcome to the tenth issue in 2015 of Tor Weekly News, the weekly newsletter that covers what’s happening in the Tor community.

Tor 0.2.6.4-rc is out

Nick Mathewson announced the first release candidate in the Tor 0.2.6 series; the next release will hopefully be the stable version.

This update “fixes an issue in the directory code that an attacker might be able to use in order to crash certain Tor directories”, as well as various other bugfixes and improvements. See Nick’s announcement for a full changelog, and get your copy of the source code from the distribution directory.

More monthly status reports for February 2015

The wave of regular monthly reports from Tor project members for the month of February continued, with reports from Sebastian Hahn, Arlo Breault, Karsten Loesing, and George Kadianakis.

Israel Leiva reported on behalf of the GetTor project, while the Tails team also resumed publishing status reports, with one report for the second half of 2014 and one for the beginning of this year.

Miscellaneous news

Ximin Luo announced preliminary Debian packages for the meek pluggable transport. See Ximin’s message for installation instructions.

Sukhbir Singh announced a second alpha version of Tor Messenger, the torified instant-messaging client with multi-protocol support and Off-the-Record encryption. While not yet ready for public use, Linux bundles are available for developers and advanced users who want to try out this exciting new software and provide feedback; if you run into any new issues, open a ticket on the bug tracker and select the “Tor Messenger” component.

The Tails team set out the release schedule for version 1.3.1 of the anonymous live operating system.

For the past few years, Tor has taken part in Google’s Summer of Code mentoring program, with many positive contributions made and several projects launched or redeveloped as a result; this year, however, the program has been scaled back somewhat, and longstanding participants like the Tor Project, Mozilla, and the Linux Foundation have been “dropped to make way for newcomers”, as Damian Johnson noted in his monthly report [see above]. If you’d still like to join the community of Tor developers, don’t be deterred: see the Volunteer page for a wealth of ideas for getting started.

The British Parliamentary Office of Science and Technology, “charged with providing independent and balanced analysis of policy issues that have a basis in science and technology”, issued a briefing paper on the subject of “the darknet and online anonymity”.

arm is the status monitor of choice for Tor relay operators everywhere; unfortunately, the name is easily confused with that of the ARM processor family, so lead developer Damian Johnson is poised to change the program’s name to “Seth”: “Any strong reasons to pick something else? Nothing is set in stone yet so still open to alternatives.”

Tor developer and Nos Oignons member Lunar gave a lengthy and detailed interview to France Culture’s “Les Nouvelles vagues”, offering an introduction to Tor and online privacy.


This issue of Tor Weekly News has been assembled by Karsten Loesing, the Tails team, and Harmony.

Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved!

Tor 0.2.6.4-rc is released

Tor 0.2.6.4-rc fixes an issue in the directory code that an attacker might be able to use in order to crash certain Tor directories. It also resolves some minor issues left over from, or introduced in, Tor 0.2.6.3-alpha or earlier.

If no serious issues are found in this release, the next 0.2.6 release will make 0.2.6 the officially stable branch of Tor.

You can download the source from the usual place on the website. Packages should be up in a few days.

NOTE: This is an alpha release. Please expect bugs.

Changes in version 0.2.6.4-rc - 2015-03-09
  • Major bugfixes (crash, OSX, security):
    • Fix a remote denial-of-service opportunity caused by a bug in OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared in OSX 10.9.
  • Major bugfixes (relay, stability, possible security):
    • Fix a bug that could lead to a relay crashing with an assertion failure if a buffer of exactly the wrong layout is passed to buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on 0.2.0.10-alpha. Patch from "cypherpunks".
    • Do not assert if the 'data' pointer on a buffer is advanced to the very end of the buffer; log a BUG message instead. Only assert if it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.

  read more »

Syndicate content