New Tor packages and updated stable Tor Browser Bundles

There's a new Tor out and all packages, including the beta Tor Browser Bundles, have been updated. The stable Tor Browser Bundles have also been updated to fix a bug in the last release which prevented the language packs from working (which resulted in all of the bundles being in English!). We're very sorry about this.

Tor Browser Bundle (2.3.25-12)

  • Re-add the locale pref to the Firefox prefs file to allow for localization
    of bundles again (closes: #9436)

Tor Browser Bundle (2.4.16-beta-1)

  • Update Tor to
  • Re-add the locale pref to the Firefox prefs file to allow for localization
    of bundles again (closes: #9436)

Why don't you supply anymore Tor Vidalia Bundle ? It was usufull and configure manually only Tor is not for everybodies. I hope you will continue to supply Tor Vidalia Bundle.Consider it.

Using TorBrowser: '... only one in 417,370 browsers have the same fingerprint as yours.'

Suggestion: Close the fingerprint leak.

Does this also affect the 3.0.x versions of Tor Browser Bundle?

are you not able to link the damn latest Tor bundle version, or what is wrong? it's the second time that i downloaded Tor from the link below and after the installing i have still a blinking symbole on the tor button. slow but steady going angry about this damn it.

is 2.3.25-12 the latest version or not?

.....i have 17.0.8 ESR but still the blinking symbol on the tor button WHY?

I think someone may have cracked Tor's security.

Will the pluggable transports browser bundles be updated?

Where could I find an online changelog of tor... nevermind (

An *.onion address link would be appreciated for the gitweb if possible (like idnxcnkne4qt76tg.onion).

You that still have the blinking symbol... you probably extracted the new files over the old ones. You shouldn't do it.

Hello, is there any pop up blockers available for bundle 23 25 12 ? Thanks!

I have the blinking Tor button even after updating to 2.3.5-12. I also checked the Firefox version and it's 17.0.7. :|

Lavabit has shut down and Silent Circle no longer offers encrypted email but continues to offer encrypted texting. How is encrypted texting any safer from *** eavesdropping in real time than encrypted email. I'm looking at this from an Orbot point of view.

Encrypted email is simply a marriage of a text encryption utility and an email utility that does all of the "work" for you:

It encrypts the email text you write (using your public and private keys - assuming you are using simple assymmetric encryption like GPG);

On the recipients end, it looks up your public encryption key and decrypts the message (leaving it encrypted only with your private key);

Then it re-encrypts the message with the recipient's private and public keys, and returns the encrypted message to you;

The utility then decrypts the message with the recipient's public key and your private key, and returns it encrypted with the recipient's public and private keys.

The utility then decrypts the message into clear text using the recipient's public and private keys.

Using a utility, this all happens in the background and reasonably quickly, so you don't really notice it.

[And, this explanation is theoretical to explain exactly how assymetric dual-key encryption works. In the real world, the actual operations might be different, but the practical effect - the message is always "locked" by two levels of encryption, one public and one private - is the same.]

You can do the same thing with text encryption. It is just more work for the user.

I can encrypt this message with my public and private keys.

When you receive it, you will be able to see the encrypted text, but not read it.

You will have to know where my public key is kept, decrypt the message using that, re-encrypt it using your public and private keys, and return it to me.

I will decrypt it with my private key, and return it to you encrypted with your public and private keys. (I, of course, will not be able to read it, since I don't have your private key, but it's my message, so I know what it says.)

You will then be able to decrypt it to clear text using your keys.

One, less secure but more convenient, alternative is that I could just encrypt the message with a public key and send it to you anonymously (using a pseudonym known to each of us but not to anyone else). You could then decrypt it with the pseudononymous public key. If I use 2048 or 4096 bit encryption, as a practical matter this method of exchanging encrypted text would be almost as secure as dual-key encryption PROVIDED NOBODY FIGURES OUT THE PSEUDONYM (This is a huge qualification, to say the least! It probably means that I could not use any pseudonym more than once.)

In short, an email encryption utility simply performs a bunch of administrative steps that make exchange of encrypted text both reliable and practical. For those who desire anonymity and privacy and are willing to make the effort, the availability of text encyption alone will suffice, but will be much less convenient.

Rather, messages are encrypted using the recipient's public key and decrypted by the recipient using their private key.

Don't listen to people trying to make encryption sound harder than it really is.

Russia’s FSB mulls ban on ‘Tor’ online anonymity network

Hmm ... isn't that ironic! Putin gives Snowden temporary, conditional asylum, but Russia is a country that values monitoring its citizens' secrets (and protecting its state secrets) much more highly than any Western country.

Look again at what Putin gave to Snowden. He can stay, but only if he refrains from any further disclosures that might upset Russia's friends in the U.S. (not the exact language, but close enough for this purpose).

As I've asked before, what might Snowden have to disclose?

Maybe that Russian intelligence services monitor traffic in the U.S. to the same extent as U.S. intelligence services do, perhaps even to a greater extent?

Maybe that when the Russians obtain information on U.S. citizens that U.S. intelligence would prefer not to acknowledge that it obtains, the Russians provide information to us? (On matters of mutual concern, like Islamic terrorism, more of a problem for Russia than for us.)

Is is possible that Putin did us a favor?

Tor Browser Bundle Bug:

Everytime you open many tabs really quickly (like you search on a search engine and open multiple sites quickly by right-clicking and choosing "Open Link in New Tab") Tor Browser crashes. This happens in all newer versions 2.3.25-10 and onward.

Should I allow TBB to update addons?

Hello, I am new to using TOR, but I have a question: Is there any download manager that can work with this bundle? How should I configure it? Thank you.

"Is there any download manager that can work with this bundle?"

There is no supported download manager for Tor that I am aware of.

This means that should you choose to use one, you do so entirely at your own risk. There are any number of ways in which a download manager could, potentially, compromise the protections offered by Tor.

I have to LOL at all the questions here, and not a single answer!

If questions are ignored completely why not just remove the comments section to safe peoples frustration...?

But then of course, that was a question! o.O

I understand that the Tor devs are quite busy and understaffed.

But they should at least add a notice, prominently displayed, with info about the recommended support channels.

I downloaded this version on the 17th and later heard from the leak. I suppose this version contains all security fixes and is safe even with global script allowed?

I would like to include the extension "Smart Referer" instead of RefControl. Is this ok or would I compromise my anonymity?

I downloaded Tor Browser Bundle (2.3.25-12) to my MacBook Air running OS X 10.8.4. Still got the error message "The proxy server is refusing connections.
Firefox is configured to use a proxy server that is refusing connections."
The error seems to originate from inconsistencies in assigning ControlPort and SocksPort.
I found the following comment to be most useful in resolving this issue.
To edit the torrc file, this FAQ is a must read.
In my OS X, values of ControlPort and SocksPort are found here:

  1. TorBrowser (FireFox modified by Tor) - Click on TorBrowser>Preferences>Advanced>Network>Connections>Settings. "Manual Proxy Configuration:" is selected. Port 9150 worked best for me.
  2. TorButton is the onion button next to the URL. Hover mouse pointer over it will display "Tor Enabled". Click onion>Preferences>Proxy Settings to see your SocksPort.
  3. torrc file is what I changed to make everything work. Click on the onion (Vidalia Control Panel) on the Dock. Then click Settings>Advanced. ControlPort should be 9151. Click "Edit current torrc". I changed SocksPort to 9150 to match the other two.
  4. BTW Here is what to do if you get the "control password" message:
    The developer will probably fix this soon. But it was fun for a novice like me to sleuth it out.

This belongs rather to, but its comment section is closed, so posting it here:

There is a newish research paper called "Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries" in

I'm not sure what to think of it though. At least a string replacement of "security" with "anonymity" seems to be necessary. :)

Hi all, I just wanted to say that our fine new USB-only runnin Mister Puppy Linux does RUN solely AS root, and does always only start all apps as root. There has been some dude who has altered the tor bundle to be allowed to be run as root for Puppy Linux specially, you can find it easily.

I will not enter into any discussions. Either the Puppy Lucid maker develops a non-root method or some people alter Puppy to run apps as non-root, or, Tor would allow and adapt that here. Puppy is great, it runs from USB only, and has total persistence, and I will yet get the darn Synaptic Package Manager also to run. It is some hassle, but Puppy has a great principle. Do not miss out on Puppy, folks. :)

Addition to my first statement: Also, running, as I do now, an OLD Tor version, is of course surely not in the intent of the Tor-makers nor of anonymity (for whatever others might all use or even abuse it, gosh, terrible, really, it IS).

Security is for a good one a naturality, it is not 100 percent, but JAP and Tor and etc are goin the good direction.

So, the old Tor version, which is yet indicated in the Puppy Package Manager, DOES work, by simply mouse-clicking it into its installation. Still, when ya copy the new files into the same directory, after having deleted the old files, Puppy tells ya, that Tor refuses to be run as root. This happens only with newest, self-downloaded versions. Sad, really.

Also, peerguardian is VERY hard to install on Puppy, sadly, VERY sadly. Will search for that like MAD dudes. Thank you, long live TBP Fairlight and etc. you guys are HOLY and GREAT HEROES. Like Assange and Manning.

Yeah. Uh. I won't enter into any discussions of puppy linux then either. :)

In fact, I'm going to take this opportunity to close comments on this old post.

Syndicate content Syndicate content