New Tor Browser Bundles with Firefox 17.0.5esr

All of the Tor Browser Bundles have been updated to the latest Firefox 17.0.5esr.

https://www.torproject.org/download

Tor Browser Bundle (2.3.25-6)

  • Update Firefox to 17.0.5esr
  • Update NoScript to 2.6.59

Tor Browser Bundle (2.4.11-alpha-2)

  • Update Firefox to 17.0.5esr
  • Update NoScript to 2.6.59
Anonymous

April 06, 2013

Permalink

It appears that at least one release of tor-pluggagle-transports hasn't been actually updated. As already mentioned, the md5 checksums for:

tor-pluggable-transports-browser-gnu-linux-i686-2.4.11-alpha-2-dev-en-US.tar.gz

and

tor-pluggable-transports-browser-gnu-linux-i686-2.4.11-alpha-1-dev-en-US.tar.gz

..are exactly the same. Also:
- 'About TorBrowser' still shows version 17.0.4 - as in the older TPTB
- 'Vidalia about' shows the same Tor version (including git commit hash) as in the older TPTB)

Anonymous

April 06, 2013

Permalink

First, I would like to thank developers for their continued support. You really have given us a great way to browse the internet. While I always admire the efforts but I have few doubts too. I recently used "Tails" and found that there some add-ons which are not being used in "Tor Browser Bundle." Such as "Cookie Monster", "Adblock Plus". Although I am sure that you already are aware of that but I would like to know that why are these add-ons not being used in "Tor Browser Bundle" as well?

I again thank you for your work.

Is a different design choice between two different groups of people really a source of "doubts" for you? Why don't you ask those people directly why they made the choices they did?

1.) On the home page of the Tor Project web site, right underneath the heading "**Our Projects**" is a prominent link to Tails.

This clearly creates the distinct, unmistakable impression that Tails is an official project of the Tor Project.

2.) Both the Tor Project as well as Tails devs have repeatedly stressed that differences in configuration between each other can make Tor users vulnerable to fingerprinting.

In light of this, doesn't it only make sense that TBB and the browser in Tails should be as identical to each other as possible?

I understand that /some/ differences may be unavoidable but I cannot imagine this including add-ons in question. When it comes to /them/, it would seem that they either should be part of /both/ TBB and Tails or /neither/.

What am I missing here?

NoScript which is bundled by default allows JavaScript to be executed globally (it still has other security properties that make it useful) for the same reason that Adblock Plus or any other addons that filter-out content by not loading it. That reason is called profiling, every exit can tell if you have JavaScript enabled or not and if you use and blocking addon.

The exit would (at least could) know that advertises are delivered and if those are missing you are blocking them. The bundles would have to ship with a default list of things to block and you could tell Tor and non-tor users apart if that list is unique.

Beside the possible anonymity implication shipping blocking addons there are many websites financed by ads. Blocking ads by default in TBB would make the Tor Project act against interests of advertisers and website owners (that require ads to run their sites) without any gain on the anonymity side. Many websites are not Tor friendly, that will not be improved by making TBB blocking adds (that might be required for some sites to exist).

For Cookie Monster all I can say that "Tor Button" handles cookies. I don't know if it's conflicting. Including more addons makes the bundles larger, for some that means harder to download because of their poor connection. Or when getting the bundles via Email, because of the limited attachment size the services allow.

Anonymous

April 06, 2013

Permalink

"After get and install obfsproxy 2.4.11-alpha-2 of Linux, I still get the warning of update from the Tor button." Me too.

Perhaps (some of) the new packages carry no updates at all? Have a look at a comment above that begins with: "It appears that at least one release of tor-pluggagle-transports hasn't been actually updated.[...]"

Anonymous

April 07, 2013

Permalink

I know the comment box here is probably a poor place to report this, but I'd like to note that some of the firefox extensions mentioned in the Tor FAQ are hopelessly outdated and do not work on modern firefox versions.

Anonymous

April 07, 2013

Permalink

Hey, some quick feedback:
The browser's privacy settings are set to "Never remember history". However, if you browse the net for a while, and then change that setting to "Use custom settings", you'll notice that you have accumulated a bunch of cookies. I don't have the technical know-how to figure out how much this matters, but the paranoia-friendly options are kind-of scarce: either close & restart the whole TBB, or, if you don't want to delete all cookies (e.g. in order to stay logged in to some service), temporarily change the Cookie setting, then go to "Show Cookies", and delete cookies individually.

I'd like TBB to come with a quick&easy way to clear out individual or all cookies, as well as DOM storage (set to enabled by default), on the go. If that's unfeasible, any hints as to which cookie-management FF add-ons can be recommended/whitelisted/not?

Anonymous

April 08, 2013

In reply to by Anonymous (not verified)

Permalink

TBB already comes with a quick and easy way to clear cookies, browser cache, DOM storage etc etc. Click on the green onion symbol and select "New Identity". Clicking this button is largely the same as restarting TBB, but quick.

It is not recommended to install any additional firefox add-ons, as they may reduce your anonymity.

Well, "New Identity" doesn't seem to do anything about the cookies at least - haven't checked cache & DOM storage. When i open a bunch of webpages, then close them, then press "New identity", i still find the cookies from the earlier sites when i temporarily change the settings as described above.

Another place where earlier visited pages stay, is in "Show Recently Closed Tabs" in the History menu.

Which "New identity" did you try?

There are two: One in the small Vidalia icon in the taskbar (accessible via right-click) and in Tor Button. The Tor Button one is the one that clears cookies and cache.

Click-on on the large green onion icon just to the left of the NoScript icon in the Navigation toolbar. Click "New Identity" /there/ (should be the first option in the drop-down menu). TBB should then disappear for a brief moment and then return, freshly-loading the check.torproject.org home page. All cookies and cache should be cleared and any windows and tabs that were open will be lost.

It just occured to me that vidalia also has a green onion symbol and a "New Identity" button that does something completely different. Make sure you used the onion button inside the Tor Browser window, to the left of the url bar.

If that is what you did, but it still didn't work, then it is a bug that happens you, but not me.

Report it to: https://trac.torproject.org

Anonymous

April 08, 2013

Permalink

not connect in iran. connect pross maximum 20 %.
upgrade please.
thanks

Anonymous

April 08, 2013

Permalink

is it safe to use latest version of tor??? am not using bridge becouse i don't know

Anonymous

April 08, 2013

Permalink

great, all my plugins (\FirefoxPortable\Data\plugins) are not working anymore.

It is my decision if I want to run an older Flash plugin - Why the heck do you guys think the people cannot make their own decisions and restrict them like hell?
This is crap

With the disclaimer that I cannot speak for the Tor folks...

You may be savvy enough to make an informed choice in this area but I doubt this is true for the typical/average TBB user. The Tor Project probably feels a responsibility to put protections in place against these type of tinkerings that could prove fatal to a user.

hi,

this is certainly true.

Thus I would expect a config switch somewhere.
Maybe similar to about:config and then a nice warning.

Else it is just a no brainer - people are _not_ equal

Anonymous

April 08, 2013

Permalink

Updated to the new TOR. Firefox no longer loads. Tried to download the new Firefox, but get a warning - Your system doesn't meet the requirements to run Firefox
I'm on a Mac 10.5.8. Any ideas?

Anonymous

April 08, 2013

Permalink

The tor browser update isn't working for me also, others above have mentioned this issue. It is asking for an update, even after a fresh update and is also refusing any connections and just simply isn't working.

Can developers look into this asap please?

Thanks.

Anonymous

April 08, 2013

Permalink

Torbutton is disabling all drag functions if I use any other profile but the bundle's default.
By that I mean cannot even drag tabs to new positions or drag to bookmark folders etc.
I gone through the standard firefox troubleshooting thing and torbutton is for sure the offender. Is there a fix for this? Tough choice to need to choose Tor or drag functions.

I strongly suggests against using any profile other than the default one. No anonymity guarantees can be made at all of you are running a non-default profile, you might not have any anonymity at all.

And about drag and drop, TorButton have recently has it's drag-n-drop filtering code rewritten. But since it works in the default profile, it is not a bug.

I can see how dragging to desktop might be a risk, but how about dragging a url to the bookmarks toolbar? Or using super dragngo or whatever extension to drag open a link in new tab? I have several other extension not included in the default which are near impossible to live without. If I add any of them to the default all drag ceases to function.
Wow, hoping for some workaround or better update.
Thanks.

Anonymous

April 08, 2013

Permalink

for the last 4 versions or so, the windows tor browser bundle has failed to work for me.

after starting up the tor process, it goes all the way to opening the browser.
but the browser shows the onion toolbar icon beneath the url bar with a cross through it.
the homepage (which checks if you are connected to the tor network) shows up, saying that theres an update available, even though i have the latest version of the bundle.

but trying to browse to any other website other than the Tor check page, doesnt work. and results in the follownig error messages
"The proxy server is refusing connections
Firefox is configured to use a proxy server that is refusing connections."

I'm getting the same proxy server refusing connections message. Is it possible that this is caused by an insufficient number of available Tor relays??

Cna someone who knows how to fix this give instructions to this non-geek (non-expert) user? Thanks!

"The proxy server is refusing connections
Firefox is configured to use a proxy server that is refusing connections."

I'm getting the same message. Never had a problem with Tor browser bundle until this latest update.

Try deleting the Tor Browser Bundle folder completely, and then redownloading and reinstalling Tor Browser Bundle from scratch.

If it still doesn't work it may be that you use a software firewall that blocks the connection between the browser and the tor process. Try temporarily disabling the firewall and see if that fixes the problem.

Anonymous

April 09, 2013

Permalink

I asked above regarding TorButton disabling drag functions. I forgot to mention it also keeps wanting to launch plugincontainer.exe which seems strange since plugins should all be disabled and when I checked, they were.

I hope to get resolutions. Tor bundle always worked as expected until the last 2 upgrades.

Thanks.

Anonymous

April 10, 2013

Permalink

every now and then I get the same IP address (the same nodes), herngaard, formlessnetworking, etc. I tried restarting polipo and tor from terminal but still the same problem. and sometimes checking page show different IP than www.ifconfig.me so everytime I choose New Identity, it is registered by ifconfig.me but not by check.torproject.org

Unless you really know what you are doing, you shouldn't be using polipo anymore. This may be an indication your setup is outdated and maybe not safe to use anymore.

But as for different IP addresses, that is expected behaviour. Tor uses multiple circuits, each maybe with a different exit node (the IP you see on check etc). If you visit different sites, or the same site at different times, you may get another IP.

What you mean with the "choose new identity" part is unclear to me, but a new circuit should be used when that is clicked (can be seen in vidalia's network map). That new circuit may or may not have the same exit node (and therefore same IP as seen on those pages).

Anonymous

April 10, 2013

Permalink

The tor browser update does not work, no connections are going through. Can we have a comment to know that somebody is working on this please?

Goto "about:config" and set these to FALSE:

browser.chrome.favicons
browser.chrome.site_icons

These have been around since day one, and TorButton and TBB have never addressed them.

Anonymous

April 16, 2013

Permalink

Can we get a plain "Tor Browser" PPA?

We don't need Vidalia or Tor. We use a Client server method which eliminates a lot of the various problems associated with RUNNING the TOR SERVER on the same machine as the CLIENT. <<<<---- BAD IDEA.

If they are separated, then you MUST proxy. If you don't have the stuff setup to proxy, it can't get out... This includes malware etc.

We've been using this for several years now.

Since FF started with the "Google" release plan, that screwed over MOST of the Plugins because the DEVs didn't want to have to make an update for compatibility, so they stopped supporting their tools. If nobody picked up for the DEV, the plugin died on the vine.

The actual TorButton tool was far less complicated than this Tor Browser Bundle.

As many have said previously, NOT everyone needs to be protected from stupidity, or is a n00b.

Please release TorBrowser as a SOLE item in a PPA.

They'll never do that. They're too stubborn to just focus on a modularized Tor+hardened client method, which leaves us stuck with Firefox, Pidgin, and Torbirdy.

Notice how those are all based on technologies developed by Mozilla? Ever tried to independently fork a Mozilla project? Ever seen a remotely notable fork of a Mozilla project?

The lack of focus just sucks.

Anonymous

April 23, 2013

Permalink

"The proxy server is refusing connections"

Ever since updating.

Using a Mac running 10.8.3

Anonymous

April 23, 2013

Permalink

This is bullsh*t I can barely go on sites coz it keeps on saying crashed or proxy server can't connect or other sh*t. what's with the new updates? Stop f*cking updating and causing trouble!

Anonymous

April 25, 2013

Permalink

Why not Tor and Tails use same browser and everything else? It always puzzles me! Also why does "NoScript" still allow JavaScript? (I can understand that it works just fine with default Tor settings.) That said, why not to include "AdBlock Plus" to prevent advertisers learning our activity?(Isn't that against anonymity?) And then there's "Cookie Monster", which can be configured too! I also have to say that we run with a low bandwidth, and blocking JavaScript and ads will surely contribute in that segment. Also I would like to know that should we use "SSL Observatory" from "HTTPS-Everywhere" or not to prevent MITM attack?

In the end Tor and Tails projects are both good in their own ways. But as both use same methodology in different ways, a user browsing over both of them should have a common ground.

I wish to see developers from Tails and Tor to bring out the very best to users...together! (Is it too much too ask?)

Anonymous

April 27, 2013

Permalink

"The proxy server is refusing connections"

Add me to that camp. . . have been using Tor just fine until an update last night, now can't do jack squat.

Please help.