New Tor Browser Bundles

by erinn | October 12, 2011

The Tor Browser Bundles have been updated to Vidalia 0.2.15. The OS X and Linux bundles have Torbutton 1.4.4, but a hotfix for Windows was released with 1.4.4.1 because 1.4.4 had a minor issue that prevented the Windows bundle from going to https://check.torproject.org.

https://www.torproject.org/download

Tor Browser Bundle (2.2.33-3)

  • Update Vidalia to 0.2.15
  • Update Torbutton to 1.4.4.1
  • Update NoScript to 2.1.4
  • Remove trailing dash from Windows version number (closes: #4160)
  • Make Tor Browser (Aurora) fail closed when not launched with a TBB profile
    (closes: #4192)

Comments

Please note that the comment area below has been archived.

October 12, 2011

Permalink

I just wanted to say THANK YOU so much for adding the Tor Browser version update check to the check.torproject page. That will help SO many people that are not overly tech savvy. Great job. That's a good pseudo-fix until Thandy is ready. Thank you!

Is there any plan to add support for connecting to cloud storage services like Google Drive or Dropbox through Tor, which are of course, great ways to distribute photos and documents but are blocked by China's Great Firewall and other countries censorship systems?

October 12, 2011

Permalink

Excuse me, I describe problems with new version in mailing list:

https://lists.torproject.org/pipermail/tor-talk/2011-October/021706.html
https://lists.torproject.org/pipermail/tor-talk/2011-October/021708.html

Before this version I can use Tor-Browser directly without TB starting script, without using "local user tor" and vidallia and enjoy Linux transparent firewalling for torifycation and use manually configured more secure "system tor-daemon" integrated with SELinux without users privilegies.

With this version I have a lot of a problems to make this in Debian, and forced to have more annoying workarounds with the configuration to disabling unnecesary TB features. Problems described in my posts in the mailing list more concrete.

Hope, that Debian packages with separated tor-daemon itself, Tor-browser and Tor-browser-plugins will be created sometime.

Can you help to make runnig TB as before? Without enforcing use full bundle for Linux users, without ruining transparency firewall--per-user-proxyfying and other fine tuning settings.

October 12, 2011

Permalink

I recently used Tor Browser Bundle with Aurora v7 on a Windows XP with Firefox v7 browser. I should clarify that I am a first time user of Tor bundle and so to try it I ran it once and the browser worked and connected to internet. Then I shut down the Aurora/Tor and tried to reopen Firefox. That's when trouble began...

Now, I can see Firefox.exe running the Task Manager processes but no browser windows open up and the only way I can use Firefox is to use Aurora. Please help me get back to regular Firefox. I have tried uninstalling and reinstalling Firefox a couple of times; Used the XP system restore to take the system back to a time before I used Tor bundle but to no avail.

Please do help me get back to regular firefox operations.

Thank you in advance for your help.

Bhavin

Very weird. Tor Browser Bundle is a standalone thing. It doesn't mess with your installed Firefox in any way.

After a reboot, there will be no TBB processes running.

Perhaps you moved around your taskbar icons and got confused?

Same here - run TOR, but most times the browser window never comes up - only once in a blue moon.

Pretty much makes the whole thing useless!

OS X Lion

October 13, 2011

Permalink

Yesterday check.torproject.org showed a message advising to install the newest version of Tor Browser Bundle. I did so. Today comes the next version. Perfect timing.

October 13, 2011

Permalink

Don't you people know that Internet Explorer is nowadays the most secure browser?!
It says right so on the new Microsoft site http://www.yourbrowsermatters.org/.

Internet Explorer score 4 (best).
Chrome score 2.5
Firefox score 2.

The site has analyzed my poor Firefox browser and has immediately detected a fault in my setup:
"This page requires Flash Player version 10.2.0 or higher.
IMPORTANT: After installing the required upgrade please reload this browser window to view the video."

Now that is up-to-date browser security!!!

October 15, 2011

Permalink

check.torproject.org website is broke! It continuously says "Sorry. You are not using Tor." Where it says "Your IP address appears to be" it shows the same IP which doesn't change, even when I press Use A New Identity. Using other website that show my IP show a different IP address than check.torproject.org!!! check.torproject.org just shows the same IP Address (which is not mine) no matter what I do. It has to be broke

October 15, 2011

Permalink

The anonymity provided by Tor seems to have been shaken by the team of researchers led by Eric Filiol, director of research at the laboratory and ESIEA Cryptology and Virology operational in France. French scientists say they have managed "to break both the encryption and anonymization, [...] which allows us to access all the information clear."
This week at a conference at ESIEA (http://www.esiea.fr/), Eric Filiol said to have reached an inventory of all machines, 5827 nodes in total, connected to the Tor network. A total of 9039 IP addresses were identified, one more than the total number of machines but due to the presence of dynamic IP addresses.
In this study, French researchers have discovered hidden nodes, the "Tor Bridges", "not listed in the source code. Only the foundation routers Tor knows these hidden" explained the expert computer. Using an algorithm of their own, the research team identified 181 hidden nodes.
With this, the researchers were then able to analyze the nature and machine safety. It showed that 41.4% of them run on Windows and that about 30% of all nodes are vulnerable. These vulnerabilities are clearly sufficient "to infect and they can be easily obtain system privileges" continued Eric Filiol.
Taking control of machines can then address the encryption keys used to protect communications. Of the three layers of protection, two were diminished and the third was pierced by a statistical method. From there, the exchanges between the different nodes can be deciphered without difficulty. "Cryptography based in TOR is weak" said the laboratory director.
Once the data protection transported is raised, the next step is to channel traffic through the infected routers. This method can be done with using the "packet spinning force," a technique that forces the machine to cycle in order to run the packages in circles. "It does not cause denial of service, just a micro-congestion," he added. (See:
http://www.numerama.com/magazine/20198-l-anonymat-du-reseau-tor-ebranle…).
QUESTION: What are you going to do about it?

What are we going to do about it? I mailed Eric and he refused to tell me any details. That's not a very friendly approach. Then he trumps up vague claims to the press while still not telling us anything.

I guess what we're going to do about it is wait to see if he ever has any details.

My guess at this point is that the details will be an already-published issue and/or they will be nonsense.

See also http://archives.seul.org/tor/talk/Oct-2011/msg00171.html

October 15, 2011

Permalink

the first time I start the tor bowser 2.2.33-3 bundle on my ubuntu 10.04 torcheck says things are set up right and working. If I reload the page it says I'm not using tor and shows a consistent IP. What's up?

October 15, 2011

Permalink

Hi erinn,

https://check.torproject.org/ reports "Sorry. You are not using Tor" using this bundle "Your IP address appears to be: 38.229.70.31" .
Not my IP is it still safe to use ?

Both, https://torcheck.xenobite.eu/index.php and
http://anonymous-proxy-servers.net/ sites also coming up with similar problems ?

Friends i have in Iran are very concerned and have reverted back to the safety of Vers. 1.3.23 as in their opinion it seems to be the only one they trust.
Any suggestions would help

TIA

October 15, 2011

Permalink

This keeps on crashing my computer now.

I don't know if its connected or not but it started after I tried to change a setting in tor to not use the cache at all. After that It said to restart tor, so I did. When it was coming back up I got a BSOD saying a "memory management" problem.

Then even after redownloading the bundle it still does that 9/10 times.

Whats the problem?

Bad memory? Hardware problems? Bad hardware drivers? Bad antivirus software? Viruses all over your computer already?

I'd say to get somebody who understands Windows to take a look at your computer and see what's broken about it. I bet it has nothing to do with Tor.

Had the very same problem, BSOD about memory management + longest reboot ever most of the time.

Think I solved it by putting TBB's folder on another hdd, root, no special chars. No problem ever since.

Hope this helps, be safe.

October 15, 2011

Permalink

I installed the latest Windows Tor Browser Bundle (2.2.33-3) but check.torproject.org says I am not using Tor. The tray onion is green, Torbutton is enabled and green and leader.ru indicates I am using Tor.

October 15, 2011

Permalink

I just upgrade my tor and now GetRight does not connect to any sites for downloads. Before upgrade i had no problems. I want to install an older version so I can get back to using GetRight with no problems, where can I download older versions?

October 16, 2011

In reply to arma

Permalink

Thank you but i still can not get it working. Is there a way I can just download the old version to get it working again?

October 16, 2011

Permalink

Is it possible to put file sizes with the download links? And make it easier to find the change log from the torproject.org page?

Also, autoloading videos and such are sapping my very limited bandwidth.

Some of us don't have the luxury of unlimited bandwidth, but instead are strapped with pre-1990's download speeds and stupid data caps. It would be helpful to streamline the site to make our access and downloads more efficient.

I can't find anything on Tails, and had to search for the info on the Tor Bundle. It is painful and aggravating when I have to keep loading new pages, wait forever, new page, etc.

October 16, 2011

Permalink

Today I was faced with this error on my tour of the network
I used
tor-browser-2.2.33-2_en-US
If danger threatens me
One of your applications (probably Telnet) appears to be making a potentially unencrypted and unsafe connection to port 23.

Anything sent over this connection could be monitored. Please check your application's configuration and use only encrypted protocols, such as SSL, if possible.
Anonymous from Iran

What operating system?

Were you in fact trying to use telnet? More generally, what applications were you trying to use with Tor? Hopefully just the Firefox that comes with it (the one whose window is named Aurora), and not something like bittorrent?

October 16, 2011

Permalink

Why is `sessionstore.resume_from_crash` ENABLED by default?!

Isn't this a major privacy issue?

October 17, 2011

Permalink

cant play Hulu vids from the UK on mac osx . It says flash needed. Flash is saying im on windows so offers that. I know this is a small part of what you designed TOR for but I do like to watch Fringe and other sci fi stuff and the UK is crap in comparison. Thanks if you can look at it. Much appreciated :)

October 19, 2011

Permalink

I think I'm using tor? I hit the check button and it' says I'm using it. But it doesn't say tor enabled in the right hand browser window? Also not sure if it's firefox because it says aroura. I'm new and just want to make sure I'm good.

October 19, 2011

Permalink

I recently used Tor Browser Bundle with Aurora v7 on a Windows XP with Firefox v7 browser. I should clarify that I am a first time user of Tor bundle and so to try it I ran it once and the browser worked and connected to internet. Then I shut down the Aurora/Tor and tried to reopen Firefox. That's when trouble began...

Now, I can see Firefox.exe running the Task Manager processes but no browser windows open up and the only way I can use Firefox is to use Aurora. Please help me get back to regular Firefox. I have tried uninstalling and reinstalling Firefox a couple of times; Used the XP system restore to take the system back to a time before I used Tor bundle but to no avail.

Please do help me get back to regular firefox operations.

Thank you in advance for your help.

Bhavin

October 20, 2011

Permalink

im in iran i cant downlod through fitering please upload on 4shared or mediafire thank you

https://www.torproject.org/docs/faq#GetTor
says
"""
Some government or corporate firewalls censor connections to Tor's website. In those cases, you have three options. First, get it from a friend — the Tor Browser Bundle fits nicely on a USB key. Second, find the google cache for the Tor mirrors page:
https://encrypted.google.com/search?q=tor+mirrors
and see if any of those copies of our website work for you. Third, you can download Tor via email: log in to your Gmail account and mail 'gettor AT torproject.org'. If you include the word 'help' in the body of the email, it will reply with instructions. Note that only a few webmail providers are supported, since they need to be able to receive very large attachments.

Be sure to verify the signature of any package you download, especially when you get it from somewhere other than our official HTTPS website:
https://www.torproject.org/docs/verifying-signatures
"""

October 20, 2011

Permalink

It seems to me that it is not a good way that the Tor team pay attention only or mostly to not-advanced Tor-users in the prejudice of advnced Tor-users.
The TBB is a good project but it cannot give the proper level of anonymity such as transparently firewalling on *nix-systems.
So, it seems to me that it needs to continue supporting of Tor-packages for *nix-distrs and to detach from TBB Tor Browser which may used with system-wided tor daemons.

October 24, 2011

Permalink

Hi, I updated bundle (already customized by me, so I just replaced old files with new [minus 'prefs.js' in userprofile]) and now Aurora opens UNmaximized (normal thing if it happen just in first run after update) every time, don't save windows position and size and check.torproject.org shows there's newer version of TBB available.

http://ip-check.info/ shows that everything is fine.

So, what can be causing this problem and how to get rid of it?

October 25, 2011

Permalink

1) Tor-Browser-Bundle is always a problem to update. When just overwriting the folder bookmarks get lost and config-changes in a new release (e.g. change of socks-port, change/remove of proxy-app) affect installed programs configured to work with tor + polipo.

2) In Browser-Bundle there is no way to start vidalia + tor + polipo without firefox. I don't like the newest firefox because common extensions don't work anymore. Since they get updated after a new ff-version was released, they never work with the newest TBB. A 2nd shortcut is neccesary: "Start Vidalia-only"

3) Noscript is always included. It's pretty useful and the only prog of it's kind. However, there are rumours noscript has "strange" code.

4) Torbutton doesn't work in seamonkey.

October 25, 2011

Permalink

1) Tor-Browser-Bundle is always a problem to update. When just overwriting the folder bookmarks get lost and config-changes in a new release (e.g. change of socks-port, change/remove of proxy-app) affect installed programs configured to work with tor + polipo.

2) In Browser-Bundle there is no way to start vidalia + tor + polipo without firefox. I don't like the newest firefox because common extensions don't work anymore. Since they get updated after a new ff-version was released, they never work with the newest TBB. A 2nd shortcut is neccesary: "Start Vidalia-only"

3) Noscript is always included. It's pretty useful and the only prog of it's kind. However, there are rumours noscript has "strange" code.

4) Torbutton doesn't work in seamonkey.

October 27, 2011

Permalink

Has anyone from the Tor team done a code review of NoScript? I for one do not trust its author after how he reacted to AdBlockPlus blocking ads on his web site. I would prefer to know the code is sound, considering the author has shown himself to be very interested in making money at the expense of end-user wishes (e.g., his constant updates to Noscript which then force users to visit his web site, and hence, his ads, which make him money).

The author of NoScript is not altruistic, that much is obvious. Please educate me whether anyone from the Tor team has done code review for NoScipt. And please, do not tell me Tor trusts the Firefox add-on code review process in lue of Tor carrying-out code review ...

October 28, 2011

Permalink

Can anyone tell me how to setup getright download manager with the tor-browser-2.2.34-1?

October 29, 2011

Permalink

The new Tor Browser Bundle doesn't allow GetRight Download Manager to connect, has anyone figured out how to set GetRight to connect yet?

October 29, 2011

Permalink

ECHO ... ECHO ... ECHO ...

Has anyone from the Tor team done a code review of NoScript? I for one do not trust its author after how he reacted to AdBlockPlus blocking ads on his web site. I would prefer to know the code is sound, considering the author has shown himself to be very interested in making money at the expense of end-user wishes (e.g., his constant updates to Noscript which then force users to visit his web site, and hence, his ads, which make him money).

The author of NoScript is not altruistic, that much is obvious. Please educate me whether anyone from the Tor team has done code review for NoScipt. And please, do not tell me Tor trusts the Firefox add-on code review process in lue of Tor carrying-out code review ...

Mike Perry has looked at Noscript. I trust his judgement here, since he also maintains Torbutton and HTTPS Everywhere.

You're right that the Noscript author is not altruistic. We've had some scuffles with his design process in the past.

Note also that TBB only uses Noscript as a backup for disabling plugins even more thoroughly. It doesn't use any of the javascript whitelisting or blacklisting. So in theory we could coopt just that part of the code and put it into Torbutton. But maintaining stuff that messes with Firefox's innards is enough of a nightmare already. We should be grateful for whatever Mike is willing to do. :)

October 30, 2011

Permalink

I just installed the new 2.2.34-1 Browser bundle for Win and noticed that the Poliipo directgory is missing, there is nothing to suggest Polipo is even part of this installation anymore. The download info says it is there, so where is it exactly. I wanted to edit the config so that it would use Socks 4a but cannot find that either.

As this threads original poster, I found out elsewhere on your site that Polipo http proxy was only there as a workaround for a bug in Firefox 6 and below, and was removed because that bug no longer exists, leaving the damage control job to TorButton which they said was actually safer.

But is it?. When this was done this forced Tor users into accepting Socks 5. It has long been know in the Tor community that Socks 4a is the most secure and 5 leaks DNS information so why??????. Torbutton does not allow 4a.

The reference also said that Polipo can be manually added back in as before but was unsupported. I find that with Polipo installed, config;d and running, Torbutton will not let me select the box that would enable Polipo proxy. If I set the proxy manually for Polipo, it does not work either.

How can I get this latest release to run with Socks 4a?

Socks4 is unsafe. Socks4a is safe. Socks5 can be either safe or unsafe, depending on how your application uses it. If your application uses socks5 safely, it is better than socks4a, since the socks5 protocol lets Tor be more precise with its error codes -- so for example you can distinguish between "connection timed out" and "connection refused".

No idea what your problem is with getting polipo working. My first thought is that you didn't configure your polipo using our recommended config file, so it's listening on port 8123 (and not configured to route its traffic through Tor), rather than on port 8118 as Torbutton expects.

October 31, 2011

In reply to arma

Permalink

Is there a link to the recommended conf file? Just checked, it is running on 8123. Nice rundown on Socks versions. Sounds like those who use included Aurora exclusively are safer than with 4a. Being a power user, 4a still would make good sense for me. Thanks.

October 31, 2011

In reply to arma

Permalink

Got Polipo hack working with 2.2.34-1. After reinstalling the old version in the same location and checking settings, I found the path info was prepended differently than the one used earlier (literlal path) and changed. Even after Polopo started on 8118, Torbutton select box for Polipo was still disabled, but.I was able to configure the proxy manually and Socks 4a has been verified in message window traffic.

How do you install polipo/privoxy on tor? can anyone help me out with this. tor seems to take an "expert" level comprehension to figure out.

Cause I'm having the same problems. having a hard time ripping images from reddit and imgur.

November 08, 2011

Permalink

Bottom line, the new tor doesn't work. I run and extract it but my IP stays the same. Should have left well enough alone.

November 08, 2011

Permalink

Can anyone tell me why Gettright (6.5) does not work with Aurora in Tor Bundle ? Can´t conect .

November 20, 2011

Permalink

I'm using the newest TOR browser with Windows 7 64 bit and haven't been able to access any sites. The check.torproject.org site says that my browser is properly configured for TOR, but when I try to go to any sites (i know cause i can get to them from other computers not on 64 bit) I keep getting the message:

Unable to connect

Firefox can't establish a connection to the server at_______________

The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Aurora is permitted to access the Web.

I can't find 'Aurora' anywhere in my computer by searching so can't allow it to go through my firewall. What am I missing here?

Thanks

Aurora just uses Tor, so all you'd need to allow through your firewall is Tor. If you tell torbutton to do 'new identity' and then try your failed sites again, do they work? Meaning, perhaps there is an overloaded relay in the circuit that isn't allowing exiting to that site for some reason. Or the site isn't allowing tor exits to talk to it.

November 21, 2011

In reply to phobos

Permalink

i just tried 'new identity' to the same effect, anything else i can try?

i've tried with the full tor suite (separate vidalia, polipo etc) and it did the same thing-check.torproject says i'm configured but no sites will connect. is this a 64 bit problem?

January 19, 2012

In reply to phobos

Permalink

I'm having a similar problem on Mac 10.6 32-bit. It used to work fine however now no matter how many new identities I try or what .onion sites I try (normal www sites work) it comes up with the same cannot connect error. any other ideas of what I could try? or a good test .onion site that people know is reliable to test my connection. thanks

December 07, 2011

Permalink

Why is "temporarily allow" not available in TTB's NoScript? It is only possible to "Allow" which is less safe because that creates a permanent allow and also a history of allowed sites. "Temporary Allow" would be safer and more not leave a record of allowed sites.

January 07, 2012

Permalink

Temporarily Allow is available, you simply have to select it to be available in NoScript options.

January 27, 2012

Permalink

I'm using OSX 10.6.6., and I seem to have a serious problem. Well, if not serious, it's hella annoying to say the least.

Vidalia says that I'm running the 0.2.15 version, and it also says Tor 0.2.2.35 so everything should be up to date. Using FF with Tor seemed too much of a hassle, so I switched to Aurora that came with the bundle. After some serious work setting up the browser (transferring bookmarks and add-ons like NoScript, AdBlock Plus, HTTPS Everywhere etc.), I finally got it running somewhat smoothly with the settings I'm used to (it still doesn't remember window positions or zoom level or site passwords). However, it keeps crashing. All of a sudden, out of the blue, with no warning. No cursed beachball of death or anything, just an announcement "Aurora has suddenly stopped functioning". After this, I have to stop Tor from the control panel and hope it will start nice and smooth. I have found no other way to start a browser after the crash. If Tor doesn't start properly, all that is left is to reboot. In addition to this, my regular FF seems to get nowhere and can't seem to establish any connections (it just gives the Privoxy page with 503 error). This is really, really frustrating. Is there something I'm doing wrong or is there some poor soul I can blame for all this?

I may have noticed what I do to instigate the crash: if I happen to move the cursor while clicking on a link (whether it's intentional or not or whether the cursor moves across the screen or just one pixel), instantaneous crash ensues. As mentioned before, it's slightly annoying (throwing the laptop out of the window and having visions of forcefeeding the broken bits to software engineers and committing various other extremely messy and violent acts to a big crowd of them kinda annoying).

And, like said, there's no other way to start the browser again except stopping and restarting Tor. After the crash, your normal announcement appears, but if you click on "Restart Aurora", first I get a message saying "Aurora is not your default browser, would you like to change your settings?", and the browser window flashes on the screen for a second, disappears and _then_ I have to stop the Tor and restart it. The interrupted Aurora stays on except that it doesn't respond, and I have to end the process through force quitting.

Dear people, what to do?

January 31, 2012

Permalink

GetRight now cannot use both HTTP and SOCKS 5 proxy, and Firefox lacks basic resume download functionality. Terrific.

April 28, 2012

Permalink

Maybe it's been reported here, but Torbutton has an odd conflict with Firefox 12. When I have the Tor add-on (1.4.5.1) "enabled" (but not actually using Tor), I can't drag and drop bookmarks. I'm using an iMac 10.6.8, and when I pull down "Show All Bookmarks" Firefox normally lets me drag and drop bookmarks for sorting, putting in folders, etc. An enabled Tor add-on prevents that. I can still delete bookmarks, and I can copy and paste them, but I can't drag and drop.

Works fine when I disable the add-on, but when I enable it, drag and drop goes away.

I have the same problem. Windows XP SP3 & Firefox 12. Disabling Torbutton solves the problem. There are numerous others on various sites that have the same issue. Most of them fix it by disabling Torbutton. Quite annoying. (Are these comments read by Tor developers?)

April 28, 2012

Permalink

I've downloaded and jettisoned Tor so many times and I still cannot get it to work. I'm using Mac OSX, downloaded the bundle from your site, I'm not computer savvy so watched the video etc. and it all seemed so easy. I'm able to download and successfully open torbrowser which tells me I am connected showing ip address etc but the moment I try and browse different benign websites it crashes and I have to re-start the whole bloody thing again. What am I doing wrong? I so wanted to use this but it isn't stable.

May 09, 2012

Permalink

how can i download files while using tor? i can't seem to fix my getright for tor :( it just keep on loading and all that. need help please :( are there any software like getright o there than can be used for tor? :(

May 14, 2012

Permalink

I have a few questions.

1. Why isn't NoScript blocking scripts globally, by default?
2. Why isn't the DNT header ticked in the options?