New Bundles

by erinn | February 8, 2013

UPDATE: Don't upgrade to these bundles. The version of OpenSSL in these bundles -- even though it fixes some bugs -- introduces new bugs that will prevent Tor from working on many computers. See the following links for more information:

Please continue using the old bundles. All of the download links have been downgraded to the previous version. We will release updated bundles in a few days. Thanks.

All of the bundles have been updated. The alpha bundles contain the latest Tor 0.2.4.10-alpha and all of the bundles have received an OpenSSL update (1.0.1d for everything except the PPC Vidalia bundles which have 0.9.8y). The regular obfsproxy bundles have been discontinued but pyobfsproxy/flashproxy bundles are available from the obfsproxy page. We plan to begin shipping these as part of the regular release cycle within the next month or two.

https://www.torproject.org/download

Tor Browser Bundle (2.3.25-3)

  • Update OpenSSL to 1.0.1d
  • Update HTTPS Everywhere to 3.1.3
  • Update NoScript to 2.6.4.4

Tor Browser Bundle (2.4.10-alpha-1)

  • Update Tor to 0.2.4.10-alpha
  • Update OpenSSL to 1.0.1d
  • Update NoScript to 2.6.4.4
  • Add PDF Viewer (PDF.js) to README

    Comments

    Please note that the comment area below has been archived.

    February 08, 2013

    Permalink

    Hi just a quick out-of-context question:

    Is it OK to use the windows tor bundle along with the normal installed firefox simultaneously?

    They both run completely separately from each other and will happily do so at the same time, the downside to this is getting the two browsers mixed up if you have them both running at the same time and then accidentally using firefox to post something that you meant to post using tor, easily done if you keep switching back and forth between the two and you are tired.

    February 08, 2013

    Permalink

    Seperate issue:

    Why the fsck does Tails 0.16 use an ancient version of OpenSSL? And has it been modified somehow? I see this every boot:

    Look at this:

    [notice] No AES engine found; using AES_* functions.
    [notice] This version of OpenSSL has a slow implementation of counter mode; not using it.
    [notice] OpenSSL OpenSSL 0.9.8o 01 Jun 2010 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation
    [notice] We weren't able to find support for all of the TLS ciphersuites that we wanted to advertise. This won't hurt security, but it might make your Tor (if run as a client) more easy for censors to block.
    [notice] To correct this, use a more recent OpenSSL, built without disabling any secure ciphers or features.

    You've GOT to be kidding me! Someone explain this please.

    February 10, 2013

    Permalink

    (Poland.PL)
    Program "Emsisoft EMERGENCY KIT" pokazuje , ze plik "tbb-firefox.exe" w Tor Browser Bundle (2.4.10-alpha-1) to wysokie zagrozenie
    "Gen:Variant.Kazy.31094(B)" ?!!

    February 13, 2013

    Permalink

    Boosting the TOR Network speed and security by multiplexing requests.
    https://en.wikipedia.org/wiki/Digital_Spread_Spectrum

    The TOR network has hundreds of nodes if not thousands today, could they be used more effitiently by sending a request for only some packets through one node, then the next, then the next making 2 or 3 connections at a time?

    Would this make statistical analisis harder? and speed up delivery of data? of course if possible.

    Also NoScript on the Linux x86-64 rpm version comes out of the box set to "allow all scripts".

    Sorry, the bug tracker wants me to sign in, I don't have an account.

    Thank you all for your work.

    February 19, 2013

    Permalink

    I'm not sure where else to post this so I will post it here.
    I'm getting the message that "There is a security update available for the Tor Browser Bundle."

    yet when I click on the link to go to the download page I find that I am running the same version available for download, being the Tor Browser Bundle for Windows Version 2.3.25-2

    Is this an error? or is the site slow on updating the new bundle links?.
    I can see that you advised people not to update to the last available bundles on February 8th but it is February the 19th today and I only just started getting the update messages today.

    February 20, 2013

    Permalink

    Has "Tor Browser Bundle for Windows Version 2.3.25-2" been changed in the past 24 hours?

    Why is the Tor Check page, seen when starting TorBundle Firefox, suggesting that Tor needs a security update? "Tor Browser Bundle for Windows
    Version 2.3.25-2" was installed in the first week of January. If there has been an update why has the version number not changed?

    Has there been a mistake or a security breach?

    February 20, 2013

    Permalink

    Please remove the warning from check.torproject.org if there are no new updates (or the old ones were revoked).

    February 20, 2013

    Permalink

    How do we know what version we have? the "hyphen number" part is not shown in Vidalia --> About Vidalia.

    Also, I have consistently been updating and continuing to receive the "There is a security update" after updating for several days. There seems to be some sort of bug. This has happened over several sequential updates for me.

    To see what version you are running, just click on the "i"(About) icon in the Vidalia Control Panel. Voila! There's your info!

    Since you keep getting a "nag" that there is a security update, you can bet that something about YOUR configuration is not configured right. If all else fails do what I do. Delete virtually everything about TOR on your computer then reinstall it. (Works every time and only takes about two minutes if you are running any kind of Linux OS. I can't speak for WIndows as I don't use it ....never have).

    Cheers!

    February 25, 2013

    Permalink

    working with ipad I believe my ip has been blocked from twitter i am unable to open a new Twitter account even when trying to using onion browser on the ipad Any suggestions?
    Help me Cableweek is counting on me I believe when I was noted as a top blogger Bamm I was identified as a troublemaker I guess..... Now I can not open an account Not even using onion Maybe I need a little lesson on tor no surely I do I have so much work to do with cable

    March 06, 2013

    Permalink

    WHY IS THIS TOR PROJECT AN ABYSMAL FAILURE YOU DO NOT COMMUNICATE...YOUR DOWNLOAD INSTRUCTIONS SUCK AND FURTHER, YOU HAVE NO USER FRIENDLY CONTACT/COMMUNICATIONS IAM AT MOPXLEYFAHM@AOL.COM MATH GIVE ME A BREAK!!!!!!!!!

    if the download instructions [1] [2] [3] suck, help improve them. this stuff needs to be as user friendly as possible.

    contact information is at https://www.torproject.org/about/contact.html.en

    oh, and here's your break: <br>

    [1] https://www.torproject.org/download/download-easy.html.en
    [2] https://www.torproject.org/download/download.html.en
    [3] https://www.torproject.org/docs/installguide.html.en

    Instead of yelling, why don't you just run along and never return? We'd all very much appreciate it if you would. There is a very old saying, "If you don't have anything good to say, don't say anything at all." imho you should start (right away) by memorising that old saying and then applying it to your daily life. In the long run it just might prevent you from suffering a stroke or heart attack, plus we don't want to hear your "ranting and raving" anyway ...which is why I asked that you please stay to hell away if you dislike this place so much.
    It has been my experience that virtually ALL software has "tons-of-bugz" (no exceptions either). It has also been my experience that 99% of those who seem to have the most trouble getting TOR to work either fail to read everything that has been provided by the folks at TOR (and believe me when I say there is A LOT OF STUFF to read)! Reading it all so that you totally understand it all makes for an informed user that has few, if any, problems. Furthermore, the fine folks at TOR tell you in "black and white" that they are 100% aware that TOR is not without "bugz", and thus you should ensure to follow all of the rules "to the letter" (to protect your anonimity).
    Lastly, if and when TOR fails to work properly, 99% of the time the problem can be traced to a misconfiguration in the machine you are trying to use TOR in. Such as using TOR with Windows. The TOR Personnel tell you up front that although it will work, that it will not work as well (and they've not yet figured out exactly why because M$ refuses to supply 'source code' (which is precisely what is needed to figure out these kinds of problems ....so you can't blame TOR Personnel when M$ is to blame. (So, either split off a section of your HDD or if you have more than one USE IT to install a nice distro of Linux (Debian, Slackware, Ubuntu) and then install TOR into your new Linux and RUN it with Linux. 99% of your complaints will magically go away when you are using the software that TOR was originally designed to work with ...and remember that TOR "is a work in progress" (meaning it is going to have 'bugz' and 'mood-swings' because NOTHING ever stays the same (especially the Internet) and thus it is simply impossible to keep TOR "on the cutting edge" (much less Error Free like you seem to want it).
    One last thing, your young ass is, in my humble opinion, the "abysmal failure" and few others here would disagree with me. Tor communications are nothing less than excellent, the Download Instructions lack for NOTHING and are even detailed excellently for every OS that exists PLUS there is an e-mail RIGHT THERE should you run into a problem (that isn't self-induced, as most of them are). They are far friendlier than you ...that much is obvious, and ....we don't give a hoot "where you are at" ...so please "give US a break" and remember that if you have nothing good to say, shut up and read (like the rest of us that are having no problems because we actually read everything provided and are having "zero problems" with TOR, plus we know "what we can and cannot do."
    Have a nice day ...and grow up soon please? YOU are your own worst enemy!

    Cheers,

    An Old Fart With Zero Tolerance For Hot-Heads

    March 06, 2013

    Permalink

    IT SEEMS THAT THERE ARE ALOT OF ISSUES AND COMPLAINTS WITH THIS TOR PROJECT. I WONDER IF THE MANAGERS OF THIS 'ANONIMITY' PLEDGE FOR INTERNET USERS HAVE OVERSOLD WHAT THEY DO.IT DOES NOT WORK FOR ME AND THERE IS NO SUPPORT...AND THEY STILL ASK FOR MONEY TO SUPPORT A BAD ARRANGEMENT IT SEEMS........

    March 07, 2013

    Permalink

    I have downloaded Tor at least a couple of times today, the bundle. I read about Tor at businessinsider.com having never heard of it before. get it to a point where it says "extract" or extracting, never get it to run.

    Now I cannot get it to open, I can only

    March 11, 2013

    Permalink

    I think I had downloaded the defected version of TBB. I tried to de-install it and re-install an older version, but nothing helped. I tried the same with the current windows version 2.3.25-4. Vidalia gets stuck at "Establishing an encrypted directory connection" and the message log shows "Bootstrapped 10%: Finishing handshake with directory server". I cannot connect to tor. What should I do? Please help.

    March 25, 2013

    Permalink

    Running Fedora 17 here.

    Is there a guide for getting OpenSSL without ciphers disabled? Does it require building from source? If so what are the command line options necessary to enable all ciphers? Or does the version of OpenSSL currently compiled have an option to enable all ciphers -- maybe from the command line?

    1. <br />
    2. [notice] We weren't able to find support for all of the TLS ciphersuites that we wanted to advertise. This won't hurt security, but it might make your Tor (if run as a client) more easy for censors to block.<br />
    3. [notice] To correct this, use a version of OpenSSL built with none of its ciphers disabled.<br />

    Here is full output of tor:

    1. <br />
    2. Mar 25 14:49:00.444 [notice] Tor v0.2.3.25 (git-17c24b3118224d65) running on Linux.<br />
    3. Mar 25 14:49:00.444 [notice] Tor can't help you if you use it wrong! Learn how to be safe at <a href="https://www.torproject.org/download/download#warning
    4. Mar" rel="nofollow">https://www.torproject.org/download/download#warning<br />
    5. Mar</a> 25 14:49:00.444 [notice] Read configuration file "/etc/tor/torrc".<br />
    6. Mar 25 14:49:00.449 [notice] Initialized libevent version 2.0.18-stable using method epoll (with changelist). Good.<br />
    7. Mar 25 14:49:00.449 [notice] Opening Socks listener on 127.0.0.1:9050<br />
    8. Mar 25 14:49:00.000 [notice] Parsing GEOIP file /usr/share/tor/geoip.<br />
    9. Mar 25 14:49:00.000 [notice] No AES engine found; using AES_* functions.<br />
    10. Mar 25 14:49:00.000 [notice] This OpenSSL has a good implementation of counter mode; using it.<br />
    11. Mar 25 14:49:00.000 [notice] OpenSSL OpenSSL 1.0.0k-fips 5 Feb 2013 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation<br />
    12. Mar 25 14:49:01.000 [notice] Reloaded microdescriptor cache. Found 9547 descriptors.<br />
    13. Mar 25 14:49:03.000 [notice] We now have enough directory information to build circuits.<br />
    14. Mar 25 14:49:03.000 [notice] Bootstrapped 80%: Connecting to the Tor network.<br />
    15. Mar 25 14:49:03.000 [warn] Your application (using socks5 to port 80) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see <a href="https://wiki.torproject.org/TheOnionRouter/TorFAQ#SOCKSAndDNS.
    16. Mar" rel="nofollow">https://wiki.torproject.org/TheOnionRouter/TorFAQ#SOCKSAndDNS.<br />
    17. Mar</a> 25 14:49:03.000 [notice] Bootstrapped 85%: Finishing handshake with first hop.<br />
    18. Mar 25 14:49:03.000 [notice] We weren't able to find support for all of the TLS ciphersuites that we wanted to advertise. This won't hurt security, but it might make your Tor (if run as a client) more easy for censors to block.<br />
    19. Mar 25 14:49:03.000 [notice] To correct this, use a version of OpenSSL built with none of its ciphers disabled.<br />
    20. Mar 25 14:49:03.000 [notice] Bootstrapped 90%: Establishing a Tor circuit.<br />
    21. Mar 25 14:49:04.000 [notice] Heartbeat: Tor's uptime is 0:00 hours, with 3 circuits open. I've sent 1 kB and received 2 kB.<br />
    22. Mar 25 14:49:05.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.<br />
    23. Mar 25 14:49:05.000 [notice] Bootstrapped 100%: Done.<br />

    March 30, 2013

    Permalink

    *** Just a SHOUT OUT to the #TorProject Team. I think you guys do a terrific job, for what time you have and leading "normal", busy lives. ***

    I see @TorProject and at least one team member on Twitter. Tweet as often as you are able, that we may be both informed and encouraged (for those who use Twitter.)

    TBB current, in my GNU/Debian Testing on a older Dell laptop, runs like a charm. [I just hate those websites that want the affirmation and are related to photos ... I feel it makes me want to shut down TBB, wipe it, reinstall & reboot ... I know, I am paranoid and probably no reason to so this.]

    /Cheers