Tor Browser Bundle 3.0beta1 Released

The first beta release in the 3.0 series of the Tor Browser Bundle is now available from the Tor Package Archive:
https://archive.torproject.org/tor-package-archive/torbrowser/3.0b1/

This release includes important security updates to Firefox, as well as a fix for a startup crash bug on Windows XP.

This release also reorganizes the bundle directory structure to simplify implementation of the FIrefox updater in future releases. This means that extracting the bundle over previous installation will likely not preserve your preferences or bookmarks, and may cause other issues.

This release has also introduced a build reproducibility issue on Windows, hence it is signed only by two keys. We should have this issue fixed by the next beta.

Here is the complete ChangeLog:

  • All Platforms:
    • Update Firefox to 17.0.10esr
    • Update NoScript to 2.6.8.2
    • Update HTTPS-Everywhere to 3.4.2
    • Bug #9114: Reorganize the bundle directory structure to ease future autoupdates
    • Bug #9173: Patch Tor Browser to auto-detect profile directory if launched without the wrapper script.
    • Bug #9012: Hide Tor Browser infobar for missing plugins.
    • Bug #8364: Change the default entry page for the addons tab to the installed addons page.
    • Bug #9867: Make flash objects really be click-to-play if flash is enabled.
    • Bug #8292: Make getFirstPartyURI log+handle errors internally to simplify caller usage of the API
    • Bug #3661: Remove polipo and privoxy from the banned ports list.
    • misc: Fix a potential memory leak in the Image Cache isolation
    • misc: Fix a potential crash if OS theme information is ever absent
    • Update Tor-Launcher to 0.2.3.1-beta
      • Bug #9114: Handle new directory structure
      • misc: Tor Launcher now supports Thunderbird
    • Update Torbutton to 1.6.4
      • Bug #9224: Support multiple Tor socks ports for about:tor status check
      • Bug #9587: Add TBB version number to about:tor
      • Bug #9144: Workaround to handle missing translation properties
  • Windows:
    • Bug #9084: Fix startup crash on Windows XP.
  • Linux:
    • Bug #9487: Create detached debuginfo files for Linux Tor and Tor Browser binaries.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Been testing this for some days now and it's awesome! The only thing that still needs fixing is the password saving bug of Torbutton, at least I have no idea how to get this to work.

I am surprised to learn that there is still support for Windows XP given that technical support by Microsoft for the said operating system will cease with effect from April 1, 2014.

Well, you know how it goes -- if we stopped providing XP builds we'd screw a huge pile of users. Of course, that's the case for Microsoft pretty soon too.

Let's wait and see what happens in April 2014.

Thank you for your hard work!

Where do we report issues for this project? I can't start TBB if I have Mozilla Firefox open. Says that Firefox is already running. This is new behavior.

This is the only issue I have encountered in the alpha/beta releases (kudos). I love the user friendly consolidation. Thanks for all the hard work; greatly appreciated.

If you think you're using it wrong, the best place to ask is the helpdesk:
https://www.torproject.org/about/contact#support

If you think you've found a bug and you're willing to help us track it down, you should make a new ticket in Trac:
https://trac.torproject.org/projects/tor

Thanks!

gpg --verify sha256sums.txt.asc-mp sha256sums.txt
gpg: Signature made Tue 05 Nov 2013 08:57:26 AM HKT using RSA key ID 0E3A92E4
gpg: Can't check signature: public key not found

why the RSA key ID is 0E3A92E4 ??

and I can not find the key ID on
https://www.torproject.org/docs/signing-keys.html.en

who signed sha256sums.txt.asc-mp ??

I've updated https://www.torproject.org/docs/signing-keys

Thanks!

And update deb.torproject.org-keyring this package (debian keyring for tor) please.

I wonder if anyone could comment on the points raised in this ticket, as it seems important to ensure that users can be sure they're downloading from the Tor site and not some MITM honeytrap? https://trac.torproject.org/projects/tor/ticket/9931

I too have been wondering how I can know for sure that I am not downloading both the Tor browser bundle and the signature from a MITM page. The points you raise in your ticket seem valid to me, but I confess I am a beginner in these matters and would be grateful for some reassurance from those who know more about these matters than myself.

One feature that was lost with embedding vidalia was its network activity graph. It helped me in verifying that my uploads are not stuck.

Since Vidalia is not available in this beta, how does one access information it provided under the control panel? Particularity, the view the network option.

How do I setup a non-exit relay on this version?

I'm confused without Vidalia.

1)How do users gain Vidalia-type functions with this approach? Are all of these user options lost?
2) Cookies are not required for Captcha validation. Why are you requiring them?

Thank You.

I miss the vidalia world map, where i could see, which circuit I am using... it is bad to delete all the nice features of vidalia, imho.

It's been mentioned that we can get Vidalia running by pointing an existing Vidalia binary at control port 9151 after the Tor browser has been launched. Can someone give instructions how to do so.

This could be a good compromise, if vidalia would be actively developed after the final release of TBB3...

Unfortunately, the current answer is "feel free".

It was a cool feature within vidalia to see, which circuit I am using... this option gone is a big step back. did you think about the fail of tor with this decision?

Not sure if this should be a bug report, but on 3.0 when I select "new identity" on Torbutton, it closes the browser and starts a new session.

It's a feature! It's the only way to actually throw away your browser state.

But it sure is a surprising feature. See
https://trac.torproject.org/projects/tor/ticket/9906

I was sure I couldn't be the only one who noticed it. :) And yes - a very surprising feature as the effect, from a user standpoint, is jarringly different from previous versions.

But it is working as intended and that is the important thing.

what a shit "feature "it is , reminds of me windows retarded explanation its a feature not a bug,

Yeah, this may be more secure (or so I've read) but from a user standpoint is not user friendly. I need to keep tabs open and refresh identity from time to time. This is a pain.

Workaround can be to use Vidalia for your newnym needs in the meantime:
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#WhydoesNewIdentitycloseallmyopentabs

I still get Vidalia launch with this version on OS X. That's correct ?

I don't know why verifying the signature relies on gpgp. It's installer is a buggy mess on a Mac. Why can't it be a signature that can be verified by md5 in terminal ?

It's very annoying that it isn't possible anymore to make use of another exit node without losing your browser state. I understand that 'New identity' button of Vidalia wasn't actually giving you a new identity, because your browser cookies (and other state) were not deleted. Removing the option however, makes it very annoying to use the Tor Browser Bundle at times. Especially when the exit node you're using is blocked by a website or the current exit node is too slow (for example when downloading larger files or watching a video).

Can there not be an extra button in the Torbutton named something along the lines of "Use a different exit node", that would have the same behavior as the button in Vidalia? I and others would greatly appreciate that.

I, too, miss the ability to change the exit node without losing the browser state. The new function may be more secure, but it is a nuisance to use.

See the workaround at https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#WhydoesNewIdentitycloseallmyopentabs for now, until we have a better fix.

Syndicate content Syndicate content