New Tor Browser Bundles for Mac OS X

by erinn | May 1, 2012

We recently switched our build machine to Lion (OS X 10.7) which had some unintended effects on the Firefox/TorBrowser build. After consulting with Mozilla developers, Sebastian Hahn was able to nail down the problem and provide a fix. The Mac OS X Tor Browser Bundles have been updated so they should stop crashing for everyone now. Thanks for your patience!

https://www.torproject.org/download

Tor Browser Bundle (2.2.35-10)

  • Make TorBrowser stop crashing on random websites by building with clang instead of llvm-gcc. (closes: #5697)

Comments

Please note that the comment area below has been archived.

May 01, 2012

Permalink

Version 10 is utterly unuseble.

To quote another user comment for previous (-9.1) version:

"Meh do you guys test your releases at all!? Mac torbundle 2.2.35-9.1: if you right-click the firefox toolbar and click 'customize' results in immediate crash of the browser. ADDENDUM: actually no it's way worse than that. you can't click on the noscript button on the toolbar or it crashes. You can't even HOVER over the noscript button or it crashes. Come on guys."

All these critical bugs are still there in the new version. I can add that the previous page button also crashes the browser. All this must mean that the problem hasn't even been recognized let alone adressed! (The reply to the above comment was that you were aware of the problem and then refer to a ticket which seems to have nothing to do with these problems!)
Is it a Mac-only problem? Snow Leopard (which I use) only?
I fully realize that you are a small team with limited resources but this lack of organization is seriously worrisome.
Don't you test new versions across platforms at all before release???
I know you're looking for a manager to tidy up this mess at the moment and that's a good start. When you have to read about critical bugs in blog comments and these comments are generally ignored/misunderstood you are doing yourself no favors. Many pointed out (a long time ago) that TBB versions (even those that work) install with a default setting of Javascript "globally allowed" via the NoScript extension. As a bundled security solution aimed at people who are not experts but need security, this is a disaster. Yet nothing has been done about it.
Instead of this geeky non-user friendly "ticket" system why don't you set up a simple bug list (that non-programmer users actually can find)? Keep it TBB only and identify if bugs are platform/os dependent or universal.

While I agree with most of what you wrote, especially your point about how the devs seems to *NOT* test all releases on all OSes, your point about NoScript and global scripts is ignorant. The Tor devs, specifically Mike Perry, have addressed this point MANY times. TBB (via patches and TorButton) prevents malicious JavaScript code, so it's safe to use TBB with NoScript globally allowing all scripts.

That said, I for one disallow global scripts because I don't like ads and other junk on web pages; and for obscure/new JS attacks TBB can't prevent/mitigate. However, for non-English speakers and non-tech computer users, there would much confusion if TBB shipped NoScript to block all scripts, and the users may then decide "Tor's broken", and not try to figure out what's going on...and recent comments by Andrew wrt to his unofficial user testing recently bears out that point.

With Tor enabled javascript may be less of an issue. But I have never understood the purpose of Tor button in TBB.
It would be a lot more safe if TBB forced users to use Tor, i.e. no switch to turn Tor off as non-Tor mode and javascript on is dangerous. Make it clear that this browser is configured to use Tor and if the pre-configured settings/preferences are untampered with you are surfing safely and anonymously. I never ever use TBB with the proxy off.
Much better to use a separate browser for non-Tor browsing rather than mixing them up. Not as smooth perhaps but it does lessen the risk of users who are non-technical doing something wrong. And security trumps smooth in any security solution.

> default setting of Javascript "globally allowed" via the NoScript extension

"We configure NoScript to allow JavaScript by default in the Tor Browser Bundle because many websites will not work with JavaScript disabled. Most users would give up on Tor entirely if a website they want to use requires JavaScript, because they would not know how to allow a website to use JavaScript (or that enabling JavaScript might make a website work). "

https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled

And allow JavaScript allows the user to blend with the crowd. The goal of Tor is to provide anonymity which loves company. Since the crowd uses JavaScript, allowing it makes you part of the crowd of normal users.

May 01, 2012

Permalink

My browser still crashes regularly. I'm using Mac OS X 10.7.3

I find it crashes whenever I attempt to go back to a page viewed previously.

May 01, 2012

Permalink

Ouch! My faith in an end product is not enhanced by the presence of a simple error in a technical announcement: it's either 10.6 "Snow Leopard" or 10.7 "Lion" - there is no "Snow Lion". :(
On the other hand: thanks for the swift update. :)

May 02, 2012

Permalink

"Many pointed out (a long time ago) that TBB versions (even those that work) install with a default setting of Javascript "globally allowed" via the NoScript extension. As a bundled security solution aimed at people who are not experts but need security, this is a disaster. Yet nothing has been done about it."

Jesus Christ bananas! Is this true?

Does turning Java off manually have any effect I'm wondering?

Snow Lion is simply a Lion playing the the Snow! Meoow!

May 02, 2012

Permalink

Still crashing here also
Instead of trotting around the world telling people about tor why not stay at home
and getting these packages tested and tested again?

May 02, 2012

Permalink

Tor really needs to FOCUS on a FEW products, otherwise all of your MANY products suffer, e.g., you should CONCENTRATE on:

a) Tor base code
b) Solutions to Tor blocking, e.g., bridges and Obfuscate proxy
c) Hidden Services (speed, connectivity, etc)
d) TorBrowserBundle (incl. TorButton)
e) user-outreach (e.g., make a user forum, damn it!)
f) Increasing node number and geographic diversity

May 02, 2012

Permalink

Snow Lion - Wikipedia, the free encyclopedia
en.wikipedia.org/wiki/Snow_Lion
The Snow Lion, sometimes also Snowlion, (Tibetan: གངས་སེང་གེ་, Wylie: gangs seng ge; Chinese: 瑞獅; pinyin: ruìshī) is a celestial animal of Tibet.

May 02, 2012

Permalink

New fix for TorBrowser-2.2.35-10-osx-i386-en-US.zip crashes on Mac OS X, version 10.6.8

May 02, 2012

Permalink

I just used Tor for the first time on my Mac Lion 10.7 and it crashed after several tries. Always when pressing "previous page" and usually after the second page I visit.Vidalia acts like its still on but the Tor icon is gone.


May 02, 2012

Permalink

Mac Lion 10.7.3. Crashing after a search or two. Vidalia is still runner after the browser has crashed. This is a repeating event.

May 03, 2012

Permalink

Why is the new versions of TBB coming with Firefox instead of Aurora? What happened with Aurora that was used in several versions? why swtich?

May 04, 2012

In reply to arma

Permalink

I'm using the pre-lastest release of Tor Browser Bundle (2.2.35-8), with Firefox 11.0. It clearly says Mozilla Firefox at the top and when I press Help it says "About Firefox". It used to say Aurora at the top and "About Aurora" in Help in earlier versions.

Should it say Aurora in 2.2.35-8? Is there something wrong with my version?

May 03, 2012

Permalink

you know I had downloaded tor about a month or two ago for mac 10.6.8 and it was running great. I finally realize there is an update for the past couple days it's been there i've just ignored it, so i download it and now all the crashing.

me so sad :( Hope there are fixes soon

May 09, 2012

Permalink

I've been Tor Browser Bundle for a while. I sometimes have trouble with Firefox/Tor Browser not starting up properly after the Vidalia Control Panel is connected to the Tor network. So I would, after it connected to the Tor network, sometimes go to manually open tor browser (firefox) in the folders: FirefoxPortable -> App -> Firefox -> tbb-firefox.exe . Everything seemed to be OK for a while as Firefox would start up. (but every time I turned it on like this it would should the Mozilla "Thanks for Upgrading" screen. I later found out that all the Bookmarks from my other (non tor) firefox were in the tbb-firefox. And the proxy settings were not activated!!!!! In Firefox: Tools -> Advanced -> Network -> Connection (Settings), the option "Use System Proxy Settings" was enabled, instead of "Manual proxy configuration"!!!!!! Is this a huge bug?!?! I went to Tor Check website and it wasn't routing my traffic through Tor! My privacy has been leaked because of something I don't understand. Can anyone help me please??????