tor browser bundle

New Tor Browser Bundles with Firefox 6

We've updated the experimental Tor Browser Bundles to Firefox 6 and all users are strongly encouraged to upgrade, as Firefox 6 fixes some serious security issues present in Firefox 5.

The 64bit GNU/Linux version of the bundle is now available again.

Tor Browser Bundle (2.2.31-1) alpha; suite=all

  • Update Tor to 0.2.2.31-rc
  • Update Firefox to 6.0
  • Update Libevent to 2.0.13-stable
  • Update NoScript to 2.1.2.6
  • Update HTTPS Everywhere to 1.0.0development.5
  • Remove BetterPrivacy until we can figure out how to make it safe in all bundles (see #3597)

New Firefox 3.6 Tor Browser Bundles

The stable Tor Browser Bundle for Windows and the beta Firefox 3.6 Tor Browser Bundles for Linux and OS X have been updated to Firefox 3.6.20.

We are currently building new versions of the experimental Tor Browser Bundles, this time containing Firefox 6; we will announce them when they are ready. Firefox 5 and the experimental Firefox 5 TBBs are no longer safe to use.

https://www.torproject.org/download/download

Windows bundle
1.3.27: Released 2011-08-19

  • Update Firefox to 3.6.20
  • Update Libevent to 2.0.13-stable
  • Update HTTPS-Everywhere to 1.0.0development.5

OS X bundle
1.0.23: Released 2011-08-19

  • Update Tor to 0.2.2.31-rc
  • Update Firefox to 3.6.20
  • Update Libevent to 2.0.13-stable
  • Update NoScript to 2.1.2.6
  • Update HTTPS-Everywhere to 1.0.0development.5
  • Remove BetterPrivacy until we can figure out how to make it safe in all bundles (see #3597)

Linux bundle
1.1.13: Released 2011-08-19

  • Update Tor to 0.2.2.31-rc
  • Update Firefox to 3.6.20
  • Update Libevent to 2.0.13-stable
  • Update NoScript to 2.1.2.6
  • Update HTTPS-Everywhere to 1.0.0development.5
  • Remove BetterPrivacy until we can figure out how to make it safe in all bundles (see #3597)

New Tor Browser Bundles

All of the alpha Tor Browser Bundles have been updated to the latest Tor 0.2.2.29-beta.

Firefox 5 has recently been released and our next set of Firefox alpha bundles
will come with that instead of Firefox 4. For users who want to use Firefox 5
now, Torbutton 1.3.3-alpha is compatible.

We're also going to begin phasing out the Firefox 3.6 bundles within the next
month. Mike Perry is focusing his attention on the new Firefox releases (see
his previous posts on the topic) and we feel this is the best path to keep our users safe. You can also see his current Firefox patches in the Tor Browser Bundle git repository.

https://torproject.org/download/download

The following changelogs encompass the would-be Tor 0.2.2.28-beta packages as
well as the changes made for Tor 0.2.2.29-beta.

Firefox 3.6 Tor Browser Bundles

OS X bundle
1.1.19: Released 2011-06-21

  • Update Tor to 0.2.2.29-beta
  • Update NoScript to 2.1.1.1
  • Update HTTPS-Everywhere to 0.9.9.development.6

1.0.18: Released 2011-06-05

  • Update Tor to 0.2.2.28-beta
  • Update Libevent to 2.0.12-stable
  • Update zlib to 1.2.5
  • Update NoScript to 2.1.1
  • Update BetterPrivacy to 1.51

Linux bundles
1.1.11: Released 2011-06-21

  • Update Tor to 0.2.2.29-beta
  • Update NoScript to 2.1.1.1
  • Update HTTPS-Everywhere to 0.9.9.development.6

1.1.10: Released 2011-06-05

  • Update Tor to 0.2.2.28-beta
  • Update Libevent to 2.0.12-stable
  • Update zlib to 1.2.5
  • Update NoScript to 2.1.1
  • Update BetterPrivacy to 1.51

Firefox 4 Tor Browser Bundles

Tor Browser Bundle (2.2.29-1)

  • Update Tor to 0.2.2.29-beta
  • Update Libevent to 2.0.12-stable
  • Update HTTPS Everywhere to 0.9.9.development.6
  • Update NoScript to 2.1.1.1
  • Update BetterPrivacy to 1.51

Temporary direct download links for Firefox 4 bundles:

New Tor Browser Bundles

All of the alpha Tor Browser Bundles have been updated to the latest Tor 0.2.2.27-beta.

https://torproject.org/download/download

Firefox 3.6 Tor Browser Bundles

Linux bundles
1.1.9: Released 2011-05-19

  • Update Tor to 0.2.2.27-beta
  • Update NoScript to 2.1.0.5
  • Update BetterPrivacy to 1.50
  • Update HTTPS Everywhere to 0.9.9.development.5

OS X bundle
1.0.17: Released 2011-05-19

  • Update Tor to 0.2.2.27-beta
  • Update NoScript to 2.1.0.5
  • Update HTTPS-Everywhere to 0.9.9.development.5
  • Update BetterPrivacy to 1.50

Firefox 4 Tor Browser Bundles

Tor Browser Bundle (2.2.27-1)

  • Update Tor to 0.2.2.27-beta
  • Update HTTPS Everywhere to 0.9.9.development.5
  • Update NoScript to 2.1.0.5

Temporary direct download links for Firefox 4 bundles:

New Tor Browser Bundles (and other packaging updates)

Tor 0.2.2.25-alpha is out and there are the usual packaging updates. You can go right to the download page to update.

The alpha Vidalia bundles have also been updated with the latest Torbutton 1.3.3-alpha which has itself been updated to work with the latest Firefox 4.0.1 release and has this notable feature:

When used with Firefox 4 or the alpha Tor Browser Bundles, it also
features support for youtube videos in HTML5, but you must currently
opt-in for youtube to provide you with HTML5 video as opposed to
flash: http://www.youtube.com/html5

Tor Browser Bundle changelogs follow.

Firefox 3.6 Tor Browser Bundles

Tor Browser Bundle for Windows

1.3.24: Released 2011-04-30

  • Update Firefox to 3.6.17
  • Update Libevent to 2.0.10-stable
  • Update zlib to 1.2.5
  • Update OpenSSL to 1.0.0d

Tor Browser Bundle for Linux
1.1.8: Released 2011-04-30

  • Update Tor to 0.2.2.25-alpha
  • Update Firefox to 3.6.17

Tor Browser Bundle for OS X
1.0.16: Released 2011-04-30

  • Update Tor to 0.2.2.25-alpha
  • Update Firefox to 3.6.17

Firefox 4 Tor Browser Bundles

Tor Browser Bundle (2.2.25-1) alpha; suite=all

  • Update Tor to 0.2.2.25-alpha
  • Update Firefox to 4.0.1
  • Update Torbutton to 1.3.3-alpha
  • Update BetterPrivacy to 1.50
  • Update NoScript to 2.1.0.3

Temporary direct download links for Firefox 4 bundles:

To Toggle, or not to Toggle: The End of Torbutton

In a random bar about two years ago, a Google Chrome developer asked me why Torbutton didn't just launch a new, clean Firefox profile/instance to deal with the tremendous number of state separation issues. Simply by virtue of him asking me this question, I realized how much better off Chrome was by implementing Incognito Mode this way and how much simpler it must have been for them overall (though they did not/do not deal with anywhere near as many issues as Torbutton does)...

So I took a deep breath, and explained how the original use model of Torbutton and my initial ignorance at the size of the problem had led me through a series of incremental improvements to address the state isolation issue one item at a time. Since the toggle model was present at the beginning of this vision quest, it was present at the end.

I realized at that same instant that in hindsight, this decision was monumentally stupid, and that I had been working harder, not smarter. However, I thought then that since we had the toggle model built, we might as well keep it: it allowed people to use their standard issue Firefoxes easily and painlessly with Tor.

I now no longer believe even this much. I think we should completely do away with the toggle model, as well as the entire idea of Torbutton as a separate piece of user-facing software, and rely solely on the Tor Browser Bundles, except perhaps with the addition of standalone Tor+Vidalia binaries for use by experts and relay operators.

The Tor Browser Bundles will include Torbutton, but we will no longer recommend that people use Torbutton without Tor Browser. Torbutton will be removed from addons.mozilla.org, and the Torbutton download page will clearly state that it is for experts only. If serious unfixed security issues begin to accumulate against the toggle model, we will stop providing Torbutton xpis at all.

I believe this shift must be done for a few reasons: some usability, some technical. Since I feel the usability issues trump the technical ones, I'll discuss them first.

Unfortunately, the Tor Project doesn't really have funding to conduct official usability studies to help us make the best choice, but I think that even without them, it is pretty clear that this migration is what we must do to improve the status quo.

I think the average user is horribly confused by both the toggle model and the need to install additional software into Firefox (or conversely, the need to *also* install Tor software onto their computers after they install Torbutton). I also think that the average user is not likely to use this software safely. They are likely to log in to sites over Tor that they shouldn't, forget which tor mode they are in, and forget which mode certain tabs were opened under. These are all nightmare situations for anonymity and privacy.

On the technical side, several factors are forcing us in the direction of a short-term fork of Firefox. The over-arching issue is that the set of bugfixes required to maintain the toggle model is a superset of those required to maintain the browser model. Trac report #39 lists the bugs we must fix for the browser model, where as to maintain the toggle model, we must fix bugs from trac report #14 in addition to the bugs in report #39.

A similar issue exists with bugs that must be fixed in Firefox. The Firefox API bugs that need to be addressed to properly support the toggle model include rather esoteric and complicated issues that few groups other than Tor will find useful.

This means more resistance from Mozilla to get the toggle mode bugs fixed or even merged, less likelihood the fixes will be used elsewhere, and more danger they will succumb to bitrot. As a result, the lag time between fix and deployment for low-priority Firefox bugs can be as long as 3 years. See Bug 280661 for an example.

The Tor Browser bugs on the other hand are more directly usable by Firefox in its own Private Browsing Mode, which makes them more likely to merge quicker, and be maintained long-term. Also, because we are releasing our own Firefox-based browser, we will also have more control over experimenting with them and deploying these fixes to our users rapidly, as opposed to waiting for the next major Firefox release.

So, we can either invest effort in improving the UI of Torbutton to better educate users to understand our particular rabbit-hole tunnel-vision of design choices, and also solving crazier Firefox bugs; or we can reconsider our user model and try to simplify our software.

We don't have the manpower (ie: enough me) to do both. This means we should go with the simpler, easier option.

We do face a small number of barriers and downsides associated with this plan. We are collecting the issues we need to address ASAP as child tickets of this bug:
https://trac.torproject.org/projects/tor/ticket/2880

Overall, the downsides seem to mostly apply to expert users and how they will adapt the custom Tor setups they have built. We don't anticipate a lot of long term issues with this group, as most of the configuration options of Torbutton will remain available, and users should still be able to install custom addons and configure their Tor Browser profile however they need (even to the point of running it side-by-side to a system tor instance that is used for non-web applications).

Additional discussion about this issue has occurred on the tor-talk mailinglist.

Hopefully this announcement doesn't ruin your day!

Firefox 4 Tor Browser Bundle for Windows

Windows users, your time has finally arrived! A new Tor Browser Bundle with Firefox 4 is available here (sig). The build infrastructure has moved to a Windows 7 machine, but this bundle has been tested on both WinXP and Win7. If you encounter any strange issues, please let me know here or on our bug tracker. read more »

Lots of new Tor and Vidalia packages

New Vidalia and Tor releases mean lots and lots of new packages. You can download most of them from the download page.

RPM users: we'll have all of the RPMs up within the next 24 hours. Everyone else, read on for Tor Browser Bundle changelogs and other packages.

Bridge-by-Default Bundle

Tor Browser Bundle with Firefox 4

Tor Browser Bundle (2.2.24-1) alpha; suite=osx

  • Update Tor to 0.2.2.24-alpha
  • Update Vidalia to 0.2.12
  • Update NoScript to 2.1.0.1

Tor Browser Bundle (2.2.24-1) alpha; suite=linux

  • Update Tor to 0.2.2.24-alpha
  • Update Vidalia to 0.2.12
  • Update NoScript to 2.1.0.1
  • Fix missing extensions by putting them in the right location (closes: #2828)
  • Disable plugin searching (closes: #2827)

Tor Browser Bundle with Firefox 3.6

https://www.torproject.org/projects/torbrowser

Windows 1.3.23: Released 2011-04-13

  • Update Vidalia to 0.2.12
  • Fix langpack mistake that made Firefox only use English

Linux 1.1.7: Released 2011-04-12

  • Update Tor to 0.2.2.24-alpha
  • Update Vidalia to 0.2.12
  • Update NoScript to 2.1.0.1

OS X 1.0.15: Released 2011-04-11

  • Update Tor to 0.2.2.24-alpha
  • Update Vidalia to 0.2.12
  • Update NoScript to 2.1.0.1

Firefox 4 Tor Browser Bundles for GNU/Linux

We now have Firefox 4 bundles available for GNU/Linux. If you encounter any problems with these, please let us know. (Windows users, you're next.)

Tor Browser Bundle (2.2.23-1) alpha; suite=linux

  • Create new bundles for Firefox 4, both i386 and x86_64
  • Update Tor to 0.2.2.23-alpha
  • Update Torbutton to 1.3.2-alpha
  • Update OpenSSL to 1.0.0d
  • Update HTTPS-Everywhere to 0.9.9.development.4
  • Update NoScript to 2.0.9.9
  • Update BetterPrivacy to 1.49

Firefox 4 Tor Browser Bundles for OS X

UPDATE: there were some issues with the first set of bundles which have been fixed. I've updated the links below. The changelog is here.

We have new Firefox 4 Tor Browser Bundles available for OS X. (Worry not, users of other operating systems, your turn is coming in the next few days!) They come in 64- and 32-bit versions, and one important fix for 10.6 64-bit users is that Firefox no longer crashes on initial startup. These are alpha, but they are going to be a permanent addition to the Tor Browser Bundle family and will be maintained from now on. You can download them here:

These have thus far only been tested on Snow Leopard, but the 32-bit bundle ought to work on Leopard. If it doesn't please let me know! And as usual, please file any bugs you discover.

Tor Browser Bundle (2.2.23-1) alpha; suite=osx

  • Create new bundles for Firefox 4, both i386 and x86_64 (closes: #2140)
  • Update Tor to 0.2.2.23-alpha
  • Update Torbutton to 1.3.2-alpha
  • Update OpenSSL to 1.0.0d
  • Update HTTPS-Everywhere to 0.9.9.development.4
  • Update NoScript to 2.0.9.9
  • Update BetterPrivacy to 1.49
Syndicate content Syndicate content