New Stable Tor Browser Bundles

The stable Tor Browser Bundles have all been updated to the latest Tor stable release.

Tor Browser Bundle (2.2.38-1)

  • Update Tor to
  • Update NoScript to 2.5
  • Update HTTPS Everywhere to 2.1

New Tor Browser and Obfsproxy Bundles

The alpha Tor Browser Bundles have all been updated to the latest Tor release candidate as well as being updated with some bugfixes. We're getting closer and closer to releasing the 0.2.3.x series as stable, so please give these bundles a lot of testing and help us shake out all of the remaining bugs! The regular bundles have also been updated.

The Tor Obfsproxy Browser Bundles have also been brought up to date with all of the same software as the regular alpha Tor Browser Bundles. These are still a work in progress, so please remember to report bugs! You can download them from the obfsproxy page.

Tor Browser Bundle (2.3.20-alpha-1)

  • Update Tor to
  • Update NoScript to 2.5
  • Change the urlbar search engine to Startpage (closes: #5925)
  • Firefox patch updates:
    • Fix the Tor Browser SIGFPE crash bug (closes: #6492)
    • Add a redirect API for HTTPS-Everywhere (closes: #5477)
    • Enable WebGL (as click-to-play only) (closes: #6370)

Updated Tor Cloud images with fix for Tor upgrades

The Tor Cloud images for all the seven regions have been updated to include the latest cloud image for stable Ubuntu release 10.04 LTS (Lucid Lynx). These new images are available on the Tor Cloud website.

The new images include a fix to allow Tor to upgrade automatically without requiring user intervention (#6511).

If you are already running a Tor Cloud bridge, you will need to either manually update your image, or set up a new Tor Cloud bridge and terminate the old one. If you decide not to take action, your image will fail to upgrade Tor correctly and will not be running as a bridge.

To manually update your image, do the following:

0. Log on with SSH
1. Open /etc/apt/apt.conf.d/50unattended-upgrades
2. Add the line: Dpkg::Options { --force-confold; }
3. Save and exit

Tor has funding for another browser hacker

Your job would be to work on Torbutton and patches to our Firefox-based browser, as well as a potential Android port. This would be a contractor position likely starting in October and going through Q1 2013, with the possibility of later in 2013 and beyond. There may also be a possibility for part-time work prior to October.

The purpose of our browser is to build a private-by-design reference implementation of "Do Not Track", but through the alteration of browser behavior and without the need for regulation or begging.

Your job will include triaging, diagnosing, and fixing bugs; looking for and resolving web privacy issues; responding on short notice to security issues; and working collaboratively with coworkers and volunteers on implementing new features and web behavior changes.

We'd also need help making our code more maintainable, testable, and mergeable by upstream. Sometimes, we need to drop everything and scramble to implement last-minute fixes, or to deploy urgent security updates. You'd also be reviewing other people's code, designs, and academic research papers, and looking for ways to improve upon them.

See the job posting for information on how to apply and what you need to send in with your application.

For an even more detailed overview of the full breadth and depth of the work you'd be doing, have a look at The Design and Implementation of the Tor Browser, especially The Design Requirements section.

New Tor Browser Bundles

The stable Tor Browser Bundles have all been updated to the latest Firefox 10.0.6esr release.

The alpha Tor Browser Bundles have also (finally) been updated with numerous new pieces of software, including the latest Tor release candidate (

All users are strongly urged to upgrade.

Tor Browser Bundle (2.2.37-2)

  • Update Firefox to 10.0.6esr
  • Update Vidalia to 0.2.20
  • Update NoScript to 2.4.8
  • Disable Firefox crashreporter
  • Windows: Fix Firefox transparency problems with Aero theme (closes: #4795.)

Tor Browser Bundle (2.3.19-alpha-1)

  • Update Tor to
  • Update Firefox to 14.0.1
  • Update libevent to 2.0.19-stable
  • Update OpenSSL to 1.0.1c
  • Update zlib to 1.2.7
  • Update Torbutton to 1.4.6
  • Update NoScript to 2.4.9
  • Update HTTPS Everywhere to 3.0development.5
  • Downgrade Vidalia to 0.2.20
  • Update libpng to 1.5.12
  • Turning funding into more exit relays

    For a few years now, funders have been asking if they can pay Tor to run more relays. I kept telling them their money was better spent on code and design improvements:
    since a) network load would just grow to fill whatever new capacity we have, especially if we don't deal with the tiny fraction of users who do bulk downloads, and b) reducing diversity of relay operator control can harm anonymity.

    But lately the Tor network has become noticeably faster, and I think it has a lot to do with the growing amount of excess relay capacity relative to network load:

    At the same time, much of our performance improvement comes from better load balancing -- that is, concentrating traffic on the relays that can handle it better. The result though is a direct tradeoff with relay diversity: on today's network, clients choose one of the fastest 5 exit relays around 25-30% of the time, and 80% of their choices come from a pool of 40-50 relays.

    Since extra capacity is clearly good for performance, and since we're not doing particularly well at diversity with the current approach, we're going to try an experiment: we'll connect funding to exit relay operators so they can run bigger and/or better exit relays.

    If we do it right (make more faster exit relays that aren't the current biggest ones, so there are more to choose from), we will improve the network's diversity as well as being able to handle more users.

    We've lined up our first funder (BBG, aka, and they're excited to have us start as soon as we can. They want to sponsor 125+ fast exits.

    I've started a discussion on the tor-relays list about open questions that we as a community will need to decide about:
    1) What exactly would we pay for?
    2) Should we fund existing relays or new ones?
    4) What exactly do we mean by diversity?
    5) How much "should" an exit relay cost?
    6) How exactly should we choose which exit relay operators to reimburse?
    7) How do we audit / track the sponsored relays?
    8) Legal questions?

    The first step is collecting facts about the current fast Tor exit relays. Please join the discussion on the tor-relays list if you want to contribute:

    Announcing Tor Reports

    For the past four years, I've been summarizing progress of Tor on the blog. See the tag progress report for the history of these reports. Based on community feedback, we're switching to a mailing list with archive of the raw status reports. Tor-reports is live. The goal is to provide the raw details rather than summarizing all of the progress and only being able to provide a quick summary per topic.

    Each developer, advocate, and internal staff will be posting their reports to this list. The idea is to share more with the community and give people a chance to ask questions directly of the people doing the work. Enjoy the transparency.

    Florence Hackfest Thanks

    Thanks to all who attended and helped make the hackfest in Florence a success. Around 50 people stayed for the two day event. We heard from a team working on a free hardware and software (firmware to drivers) laptop prototype, some Italian legal experts with regards to anonymity, encryption, and chilling effects used to great length in the country, plus a number of Italian hackers from EuroPython 2012 interested in Tor (and vice versa).

    And a big thanks to the Università degli Studi di Firenze, Il Progetto Winston Smith and Arturo for their translations, coordinations, and general welcoming attitude to Italy.

    Syndicate content Syndicate content