Tor Browser 6.5 is released

by boklm | January 24, 2017

Tor Browser 6.5 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This is a major release and the first one in the 6.5 series. First of all it fixes the usual critical bugs in Firefox by updating to ESR 45.7.0. It contains version updates to other bundle components as well: Tor to 0.2.9.9, OpenSSL to 1.0.2j, HTTPS-Everywhere to 5.2.9, and NoScript to 2.9.5.3.

Besides those updates Tor Browser 6.5 ships with a lot of the improvements we have been working on in the past couple of months.

On the security side we always block remote JAR files now and remove the support for SHA-1 HPKP pins. Additionally we backported from an other firefox branch patches to mark JIT pages as non-writable and other crash fixes that could disrupt a Tor Browser session quite reliably.

With respect to user tracking and fingerprinting we now isolate SharedWorker script requests to the first party domain. We improved our timer resolution spoofing and reduced the timing precision for AudioContext, HTMLMediaElement, and Mediastream elements. We stopped user fingerprinting via internal resource:// URLs, and for Windows users we fixed a regression introduced in Tor Browser 6.0 which could leak the local timezone if JavaScript were enabled.

A great deal of our time was spent on improving the usability of Tor Browser. We redesigned the security slider and improved its labels. We moved a lot of Torbutton's privacy settings directly into the respective Firefox menu making it cleaner and more straightforward to use. Finally, we moved as many Torbutton features as possible into Firefox to make it easier for upstreaming them. This allowed us to resolve a couple of window resizing bugs that piled on over the course of the past years.

The features mentioned above are only some of the highlights in Tor Browser 6.5. The full changelog since 6.0.8 is:

  • All Platforms
  • Update Firefox to 45.7.0esr
  • Tor to 0.2.9.9
  • OpenSSL to 1.0.2j
  • Update Torbutton to 1.9.6.12
    • Bug 16622: Timezone spoofing moved to tor-browser.git
    • Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
    • Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
    • Bug 20701: Allow the directory listing stylesheet in the content policy
    • Bug 19837: Whitelist internal URLs that Firefox requires for media
    • Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
    • Bug 19273: Improve external app launch handling and associated warnings
    • Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
    • Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
    • Bug 17767: Make "JavaScript disabled" more visible in Security Slider
    • Bug 20556: Use pt-BR strings from now on
    • Bug 20614: Add links to Tor Browser User Manual
    • Bug 20414: Fix non-rendering arrow on OS X
    • Bug 20728: Fix bad preferences.xul dimensions
    • Bug 19898: Use DuckDuckGo on about:tor
    • Bug 21091: Hide the update check menu entry when running under the sandbox
    • Bug 19459: Move resizing code to tor-browser.git
    • Bug 20264: Change security slider to 3 options
    • Bug 20347: Enhance security slider's custom mode
    • Bug 20123: Disable remote jar on all security levels
    • Bug 20244: Move privacy checkboxes to about:preferences#privacy
    • Bug 17546: Add tooltips to explain our privacy checkboxes
    • Bug 17904: Allow security settings dialog to resize
    • Bug 18093: Remove 'Restore Defaults' button
    • Bug 20373: Prevent redundant dialogs opening
    • Bug 20318: Remove helpdesk link from about:tor
    • Bug 21243: Add links for pt, es, and fr Tor Browser manuals
    • Bug 20753: Remove obsolete StartPage locale strings
    • Bug 21131: Remove 2016 donation banner
    • Bug 18980: Remove obsolete toolbar button code
    • Bug 18238: Remove unused Torbutton code and strings
    • Bug 20388+20399+20394: Code clean-up
    • Translation updates
  • Update Tor Launcher to 0.2.10.3
    • Bug 19568: Set CurProcD for Thunderbird/Instantbird
    • Bug 19432: Remove special handling for Instantbird/Thunderbird
    • Translation updates
  • Update HTTPS-Everywhere to 5.2.9
  • Update NoScript to 2.9.5.3
  • Bug 16622: Spoof timezone with Firefox patch
  • Bug 17334: Spoof referrer when leaving a .onion domain
  • Bug 19273: Write C++ patch for external app launch handling
  • Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)
  • Bug 12523: Mark JIT pages as non-writable
  • Bug 20123: Always block remote jar files
  • Bug 19193: Reduce timing precision for AudioContext, HTMLMediaElement, and MediaStream
  • Bug 19164: Remove support for SHA-1 HPKP pins
  • Bug 19186: KeyboardEvents are only rounding to 100ms
  • Bug 16998: Isolate preconnect requests to URL bar domain
  • Bug 19478: Prevent millisecond resolution leaks in File API
  • Bug 20471: Allow javascript: links from HTTPS first party pages
  • Bug 20244: Move privacy checkboxes to about:preferences#privacy
  • Bug 20707: Fix broken preferences tab in non-en-US alpha bundles
  • Bug 20709: Fix wrong update URL in alpha bundles
  • Bug 19481: Point the update URL to aus1.torproject.org
  • Bug 20556: Start using pt-BR instead of pt-PT for Portuguese
  • Bug 20442: Backport fix for local path disclosure after drag and drop
  • Bug 20160: Backport fix for broken MP3-playback
  • Bug 20043: Isolate SharedWorker script requests to first party
  • Bug 18923: Add script to run all Tor Browser regression tests
  • Bug 20651: DuckDuckGo does not work with JavaScript disabled
  • Bug 19336+19835: Enhance about:tbupdate page
  • Bug 20399+15852: Code clean-up
  • Windows
    • Bug 20981: On Windows, check TZ for timezone first
    • Bug 18175: Maximizing window and restarting leads to non-rounded window size
    • Bug 13437: Rounded inner window accidentally grows to non-rounded size
  • OS X
    • Bug 20590: Badly resized window due to security slider notification bar on OS X
    • Bug 20439: Make the build PIE on OSX
  • Linux
    • Bug 20691: Updater breaks if unix domain sockets are used
    • Bug 15953: Weird resizing dance on Tor Browser startup
  • Build system
    • All platforms
      • Bug 20927: Upgrade Go to 1.7.4
      • Bug 20583: Make the downloads.json file reproducible
      • Bug 20133: Don't apply OpenSSL patch anymore
      • Bug 19528: Set MOZ_BUILD_DATE based on Firefox version
      • Bug 18291: Remove some uses of libfaketime
      • Bug 18845: Make zip and tar helpers generate reproducible archives
    • OS X
      • Bug 20258: Make OS X Tor archive reproducible again
      • Bug 20184: Make OS X builds reproducible (use clang for compiling tor)
      • Bug 19856: Make OS X builds reproducible (getting libfaketime back)
      • Bug 19410: Fix incremental updates by taking signatures into account
      • Bug 20210: In dmg2mar, extract old mar file to copy permissions to the new one

Comments

Please note that the comment area below has been archived.

Anonymous (not verified) said:

February 12, 2017

Permalink

how did you get it? i've been trying for 3 hours ad cannot get the linux version to either update(unknown error) or download from scratch (file not available)

Anonymous (not verified) said:

January 24, 2017

Permalink

thanks !

browserfingerprint result is even in the highest setting not very good

"Are you unique? Almost! (You can most certainly be tracked.)"

[details snipped]

But only 301 browsers out of the 301007 observed browsers (0.09 %) have exactly the same fingerprint as yours.

middle setting
--------------------
"Are you unique?" Almost! (You can most certainly be tracked.)"

[details snipped]

"But only 391 browsers out of the 301001 observed browsers (0.09 %) have exactly the same fingerprint as yours."

source https://amiunique.org/

It's getting better but still too trackable:

"But only 2356 browsers out of the 301620 observed browsers (0.80 %) have exactly the same fingerprint as yours."

Let's wait

Remember that the goal of Tor Browser is to make you blend in with the other Tor Browser users. It's not to make you blend in with "all browser everywhere".

Anonymous (not verified) said:

January 26, 2017

Permalink

Yes this is clear. Still thought that more Users use Tor.

"But only 2442 browsers out of the 302327 observed browsers (0.81 %) have exactly the same fingerprint as yours."

I guess on websites where I am the only one with TorBrowser it could be even more conspicuous to use TBB.

Wouldn't it be quite ironic if the site "amiunique.org" were run by the FBI or the CIA ?

As a honeypot, I can see little that is more attractive to people worrying about their security....

Anonymous (not verified) said:

January 24, 2017

Permalink

Some months ago if you visit a webpage and changed the security slider the webpage automatically reload. For some time it doesn't do that. Is this the right way?

Anonymous (not verified) said:

January 25, 2017

Permalink

Thanks!

Anonymous (not verified) said:

January 24, 2017

Permalink

I have three questions/suggestions:

  1. Some time ago I had to edit start-tor-browser script adding option -no-remote for tor-browser, as otherwise I couldn't run 2 different tor-browsers at the same time (with different Tor ports and different security slider settings, all are binded to system Tor). Starting from some moment it became no loner necessary, as second browser starts even if the first browser is already running. Is it safe to no longer indicate this option (-no-remote) in start-tor-browser script? I afraid the risk that the contexts of different browsers can be mixed.
  2. I see this new version comes with many improvements, but there is one issue. In previous versions in order to use TBB with system Tor I had to follow the instruction in start-tor-browser script and change many options (e.g. extensions.torbutton.settings_method) which are no longer needed for this version. However, old instruction with these old options is still in place in this script (see, Sec. "Using a system-installed Tor process with Tor Browser"). Should that be fixed?
  3. Before this release I saw 3 different SOCKS-options in about:config. I had to change all of them to get my TBB reliably working with external (system) Tor with custom port. Now I see only single option, which looks as a nice replacement for all of them. So, could I change SOCKS host/port in conventional place in Edit → Prefernces? That would be more convenient than looking at necessary options in about:config.

Thanks for those questions/suggestions:

Re 1) Hm. I can't remember right now that we changed something in that regard. I guess this got introduce with Tor Browser 6.0 when we switched to ESR45? Could you track the version down where that changed (https://archive.torproject.org/tor-package-archive/torbrowser/ has all the old Tor Browser versions)? Without knowing exactly what causes this "new" behavior it is hard to tell whether you are on the safe side.

Re 2) Do you mind filing a bug on https://trac.torproject.org/projects/tor? Ideally with some explanation about what is not needed anymore/needed now so we can fix it (we even accept patches ;) ).

Re 3): Could you elaborate on which options you saw and which single option you are seeing now? Depending on that, yes, it might be possible to just set the options via the Firefox settings menu.

Thanks!

mcs

mcs said:

January 25, 2017

Permalink

Re 1) As part of https://trac.torproject.org/projects/tor/ticket/11641, we made --no-remote the default and added support for a new (at the time) --allow-remote flag. But note that remoting is still enabled if the browser is started with the -osint flag. That means that it should be safe to leave --no-remote off unless somehow your Tor Browser is being started with the -osint flag (that probably only happens if you make Tor Browser your default browser and start it by clicking an URL in another application such as Thunderbird).

Anonymous (not verified) said:

January 26, 2017

Permalink

Thanks for reply!

  1. I see that mcs already replied well to both of us: https://blog.torproject.org/comment/reply/1301/232631
  2. I filed it just now: https://trac.torproject.org/projects/tor/ticket/21326
  3. I meant options:
    1. <br />
    2. extensions.torbutton.custom.socks_host<br />
    3. extensions.torbutton.custom.socks_port<br />
    4. extensions.torbutton.socks_host<br />
    5. extensions.torbutton.socks_port<br />
    6. network.proxy.socks<br />
    7. network.proxy.socks_port<br />

    Now we have only network.proxy.socks and network.proxy.socks_port in about:config. I described it in the aforementioned ticket 21326 too.

Anonymous (not verified) said:

January 24, 2017

Permalink

I hate it.
As usual problems with tabgroups after update. Add-on "Tabgruppen" no function. All tabgroups lost!!!

Addons may very well deanonymise you. That is why The Tor Project doesn't develop the TBB for the stability all other addons (except for the ones that comes with it) in mind.

Anonymous (not verified) said:

January 24, 2017

Permalink

Heads up, I'm seeing an increase in circuit retries of the form "We tried for 15 seconds to connect to '[scrubbed]' using exit... at...".

You can set SafeLogging 0 if you want to see which destinations are causing the problems.

It could be anything really -- maybe you're trying to go to a website that's down.

Anonymous (not verified) said:

January 24, 2017

Permalink

Ok, so after a few minutes the notices appeared again, the faulty destination is ocsp.comodoca.com. I looked in the browser console, and sure enough, it reports the getFirstPartyURI failure for the ocsp server, and an invalid security certificate for ocsp.digicert.com.

(Roger, could you remove my previous, and as of yet unpublished comment, I wouldn't want to add noise to the blog. Thanks for the prompt reply.)

Anonymous (not verified) said:

January 24, 2017

Permalink

Right after the update, as no transition scheme was developed, my Medium-High settings landed to Medium with some minor inconsistencies in NoScript:
05:31:12.993 ReferenceError: PolicyState is not defined Main.js:3946:1

Anonymous (not verified) said:

January 25, 2017

Permalink

I didn't test thoroughly, but it looks like NoScript continues to use the settings that were before the update, and it causes "merely" errors showing up in the browser console.

Anonymous (not verified) said:

January 24, 2017

Permalink

DDG from about:tor instead of search results gave me empty https://duckduckgo.com/ with my request in its search bar and:
06:18:53.521 TypeError: DDG.Pages.SERP is not a constructor
duckduckgo.com:1
duckduckgo.com:1:12
06:18:53.599 ReferenceError: DDH is not defined
nrji() duckduckgo.com:1
d2048.js:61
bL.Callbacks/b6() d2048.js:26
bL.Callbacks/cf.fireWith() d2048.js:26
.ready() d2048.js:15
bZ() d2048.js:15
duckduckgo.com:1:347
06:18:54.782 TypeError: DDG.page is undefined
d.js:1
d.js:1:61
06:18:55.137 TypeError: DDG.duckbar is undefined
t.js:1
t.js:1:1

Okay. I think reporting nothing back if you don't input anything (or if you input things like spaces) is quite acceptable for a search result provider.

Anonymous (not verified) said:

January 24, 2017

Permalink

Strange. Tor Browser didn't auto-update this time. I had to do it manually. Any reason as to why?

Your Tor Browser checks every so often to see if there's an update. My guess is that if you'd left it alone for a few hours, it would have noticed and started you on the update path.

(We actually don't want every Tor Browser to update itself at the very same time. Check out the "thundering herd" problem for more details:
https://en.wikipedia.org/wiki/Thundering_herd_problem )

Anonymous (not verified) said:

January 25, 2017

Permalink

I'm on Windows 7.

The extension is on the far-right menu button okay, and expands. And now is okay from the Tools menu too, so just a glitch when updating I guess.

I take that back, the menu on the Tools menu is not expanding again now, so clearly something is wrong, an intermittent fault. Yes, it appears in about:addons.

Anonymous (not verified) said:

January 24, 2017

Permalink

Can you bring back the "Custom" warning/field in
Tor Browser Security Settings under the slider ?

Instead of the pane with the Restore Defaults button? Why? It seems to me having just that tiny checkbox makes it easy to overlook that one is in the custom mode (which is a thing we don't want).

Anonymous (not verified) said:

January 26, 2017

Permalink

"tiny checkbox makes it easy to overlook that one is in the custom mode"
Yes, like in TBB6.0.8. TBB6.5 hasn't.

"Restore Defaults button"
Where? 1 click to set all customs back to default, may conditional on "Security Level" slider.
Has moving "Security Level" slider back,forth the same result?

'"Restore Defaults button"
Where? 1 click to set all customs back to default, may conditional on "Security Level" slider.'

What do you mean?

If you moved the security slider back/forth on 6.0.8 you got our of the custom mode.

Anonymous (not verified) said:

January 24, 2017

Permalink

Can you make it working to get media links without to heavy javascript?
E.g. custom allow in NoScript, get clickable allow in Noscript for a full media url BUT cannot simple copy this link!

Anonymous (not verified) said:

January 25, 2017

Permalink

I guess he's saying that there should be an option in NoScript to allow extrapolating a video URL to watch directly.

Anonymous (not verified) said:

January 26, 2017

Permalink

You like to see a media clip the site don't want you can easy download -ugly javascript&no download button, without good reason.
You can temporary allow all this page and hope clip is playing.
You can allow custom [...] and NoScript presenting you a clickable
'allow' with a full URL, e.g. .mp4. But i can't copy this link and need more doing to get this.

Anonymous (not verified) said:

January 25, 2017

Permalink

Awesome! I love the privacy improvements and especially fixing resource:// leakage. The security slider change is also great, I never able to figure out what medium-low settings is useful for and now without it, fingerprintability is reduced! Thanks again for all the excellent changes. Can't wait for Tor browser to become multi-process and speed up the browsing experience!

Anonymous (not verified) said:

January 25, 2017

Permalink

What will the browser's "useragent" for this release be reported as, exact string, please ?

Anonymous (not verified) said:

January 25, 2017

Permalink

well

Anonymous (not verified) said:

January 25, 2017

Permalink

Comment regarding:
Changelog:
Tor Browser 6.5 -- January 24 2017
* All Platforms
* Update Firefox to 45.7.0esr
* Tor to 0.2.9.9
----------------------------------------------------------
You are good human beings. Stand tall and receive the vibes and warmth from this one little guy out here on the blustery slopes of ignorance.
Your inclusion of the Changelog is a great gift. Browsing it taught me things about the meaning of life,
You think I am kidding. No.
This is how life should be; can be.
Look at one another around the edges of your cubicles and nod. You have made good choices. Thanks.

Anonymous (not verified) said:

January 25, 2017

Permalink

Thanks Tor people! :) Hopefully we'll see Selfrando integration in Tor Browser 7 :D

Anonymous (not verified) said:

January 25, 2017

Permalink

My 'fruit OS' Console.app got to enthusiastic generating new mind breaking messages, one of many is this one.
- NaN
['t/i/m/e'] [0x0-0x30030].org.mozilla.tor browser ['number process'] ['t/i/m/e'] ['localhostname/modem name'] firefox ['number process'] : replacing NaN with 0.

More than a hundred times in one minute.
NaN again? Has this anything to do with the SVG security issue?
First it said several times something like , : doClip: empty path.

Another one is about updating addons over an insecure connection?
Does not matter if you disable automatic updates.
- Addons
['t/i/m/e'] [0x0-0x51051].org.mozilla.tor browser['number process'] 1485302776300 addons.productaddons ERROR Request failed certificate checks: [Exception... "SSL is required and URI scheme is not https." nsresult: "0x8000ffff (NS_ERROR_UNEXPECTED)" location: "JS frame :: resource://gre/modules/CertUtils.jsm :: checkCert :: line 145" data: no]

Also this one
['t/i/m/e'] [0x0-0x96096].org.mozilla.tor browser ['number process'] 1484838545725 addons.update-checker WARN HTTP Request failed for an unknown reason

Thanks for looking at it

Not sure what the former is but the latter two are due to TorLauncher and Torbutton not being allowed to ping Mozilla's Add-on server for update checks. Those messages are harmless.

Anonymous (not verified) said:

January 25, 2017

Permalink

TOR BROWSER 6.5 (updated today).

From Tor toolbar button | Security Settings there are three options High, Medium and Low.

===================
Medium:
JavaScript is disabled by default on all sites non-HTTPS sites.
On sites where JavaScript is enabled, performance optimizations are disabled. Scripts on some sites may run slower.
===================
Above is OK.

===================
High:
JavaScript is disabled by default on all sites.
On sites where JavaScript is enabled, performance optimizations are disabled. Scripts on some sites may run slower.
===================
This is now confusing, isn't it? If JavaScript is disabled (first sentence), how can it be enabled on some sites. Is this copy/paste problem?

In case you need to allow JavaScript on some site but do not want to touch the other settings on level "high" it assures you that other JavaScript features like JIT stay disabled.

Anonymous (not verified) said:

January 25, 2017

Permalink

I'm getting a signing key mismatch that's bugging me. What I should see according to https://www.torproject.org/docs/verifying-signatures.html.en is this:

gpg --fingerprint 0x4E2C6E8793298290
You should see:

pub 4096R/93298290 2014-12-15
Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
uid Tor Browser Developers (signing key)
sub 4096R/F65C2036 2014-12-15
sub 4096R/D40814E0 2014-12-15
sub 4096R/C3C07136 2016-08-24

What I see instead is this:

gpg --fingerprint 0x4E2C6E8793298290
pub 4096R/93298290 2014-12-15 [expires: 2020-08-24]
Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
uid Tor Browser Developers (signing key)
sub 4096R/F65C2036 2014-12-15 [expires: 2017-08-25]
sub 4096R/D40814E0 2014-12-15 [expires: 2017-08-25]
sub 4096R/C3C07136 2016-08-24 [expires: 2018-08-24]

Trying to upgrade the TBB automagically from the Applications > Internet menu (XFCE on Debian) told me that "signature verification failed" and warned me that I might be under attack; so I downloaded & unpacked the tarball from Tor's site and again there's a mismatch but it looks less frightening. So I'm hesitating to use it 6.5 until checking it out with the pros here.

It looks like the signing key was renewed but the website just hasn't been updated to reflect that, which is trivial, but then there's a (probably very small) chance that I could be "under attack" or that this release is somehow compromised.

Please advise.

I guess the first upgrade mechanism fails as you are using torbrowser-launcher which does not have the new subkey baked in. Not sure why the one where you download from our website fails. What commands are you using and what is the output you get? What is the sha256 sum of the .tar.xz and the respective .asc?

Anonymous (not verified) said:

January 25, 2017

Permalink

I'm just cutting & pasting from the Mac OS X and Linux section of https://www.torproject.org/docs/verifying-signatures.html.en, except changing the filenames to reflect my 64-bit system.

sha256sum gets these:

c4714061748a70d3871dd84ff88d2f317b386d290a5c1fb94a504a1c256f1960 tor-browser-linux64-6.5_en-US.tar.xz

d922daa46e3c8aa2d4056579258a1fa4efe553da797102d0a0a8572851218d94 tor-browser-linux64-6.5_en-US.tar.xz.asc

If that's right then I shouldn't have to worry.

The difference is that, unlike what the web pages tells me to look for, I'm seeing expiration dates in brackets:

pub 4096R/93298290 2014-12-15
Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
uid Tor Browser Developers (signing key)
sub 4096R/F65C2036 2014-12-15
sub 4096R/D40814E0 2014-12-15
sub 4096R/C3C07136 2016-08-24

becomes

pub 4096R/93298290 2014-12-15 [expires: 2020-08-24]
Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
uid Tor Browser Developers (signing key)
sub 4096R/F65C2036 2014-12-15 [expires: 2017-08-25]
sub 4096R/D40814E0 2014-12-15 [expires: 2017-08-25]
sub 4096R/C3C07136 2016-08-24 [expires: 2018-08-24]

Like I said it seems minor but Tor is one thing I feel justified in getting slightly paranoid about. If it's supposed to work this way why not include the expiration dates on what the web page tells us to look for?

What does

  1. <br />
  2. gpg --verify tor-browser-linux64-6.5_en-US.tar.xz.asc<br />
  3.     tor-browser-linux64-6.5_en-US.tar.xz<br />

say *after* you updated your local key (i.e. fetched the subkey which signed the tar.xz file)?

Anonymous (not verified) said:

January 25, 2017

Permalink

a [BUG] !?

Thanks,
Both updates of TBB 6.5a2 & 7.0a1 on my 32bit Desktop, and TBB 6.5a2 & 7.0a1 on my 64bit noteBook: Works fine except for the (Torbutton 1.9.6.12)..addon!

When disable the new TorButton then the icon of [Session Manager addon] will appear!

Any idea Why!?

However, Will try to install older TorButton .xpi from previous TBB version, and feedback you results..

NP: another copy of All this comment will paste into:
https://blog.torproject.org/blog/tor-browser-70a1-released

Disabling Torbutton breaks your Tor Browser. This is not going to work. Or do you mean your Torbutton extension did not get updated? If so, did it just vanish? What does about:addons show you?

Anonymous (not verified) said:

January 25, 2017

Permalink

Disabled Torbutton but luckily the TBB didn't break..
and the icon of Session Manager appeared..
as described above,

Copied Torbutton xpi from previous releases over the new one, pasted into /extensions folder..
Session Manager icon not appearing..

Copied ALSO tor-launcher xpi from previous releases over the new one, pasted into /extensions folder..

Session Manager icon: finally appeared! sort of lite-weight hack ;)

previous xpi's used from: torbrowser-install-6.0.6_en-US..

Anonymous (not verified) said:

January 25, 2017

Permalink

Firstly thank you very much for this new TBB!
But I have a problem after updating to 6.5. When I start TBB the screensize of TBB is every time changed and not the usually screensize of TBB. I do not mean the fullscreen of TBB, just the normal scrennsize of TBB.

Anonymous (not verified) said:

January 25, 2017

Permalink

He might "confusingly" updated it to TBB 7.0a1 rather than the 6.5 !!

Better check menu: Help> About :)

I'm think that I'm also getting this.

Window size is much smaller than normal.

I noticed the changes notes listed some size alterations.
Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)

Perhaps that is related to this?

This size reduction seems a bit much, is it safe to change the window from it's default size?

Anonymous (not verified) said:

January 30, 2017

Permalink

Just eye balling it but it appears that the window has gone from taking up 80% - 90% of the screen to maybe 60% or less.

It's pretty bad.

Anonymous (not verified) said:

January 25, 2017

Permalink

So thanks, seems like a lot of fixes here.

But still, after automatically and then manually upgrading -since first way didn't change anything- , my privacy preferences bug still persists and I cannot change it to "never remember history" .

Am I really the only one with this? Are the tickets on bug tracker even beeing considered anymore?

Before this, it seems that I could use tor browser and every site that only wanted to work with cookies enabled did so without in this fine peace of engineering. But no more, now I have to allow cookies here too for those pages to function, from online banking to fuckbook. Everywhere.

Is that supposed to be this way?

The changelog did not contain an entry that fixes your problem. That said, yes, tickets in our bug tracker are considered and we work on them after prioritization. As we have way more tickets than developer capacity and as we encourage help from the community we'd be glad if we would see contributions especially on those tickets that are not our top priority.

That cookie problem seems orthogonal to me as you can easily disable cookies in Firefox' privacy settings.

Anonymous (not verified) said:

January 25, 2017

Permalink

good work but for us linux users who use WM that auto resizes windows , how to prevent Tor browser from being resized ? very problematic for anonymty purpose .

Anonymous (not verified) said:

January 25, 2017

Permalink

Would it ever be possible to add a single-click "New Tor Circuit for this Site" button to the toolbar? As it is it's 2 clicks or an awkward key combo, but one click would make life so much easier. Thanks.

Anonymous (not verified) said:

January 25, 2017

Permalink

The default browser window size for 6.5 appears to be much smaller than the size of the window in the previous release.

Painfully so. >_<

My understanding is adjusting the window size can lead to a less secure TOR browser.

Is there a reason the window has had it's size reduced to this extent?

Anonymous (not verified) said:

January 26, 2017

Permalink

The screensize of TBB 6.0.8 is 1000x600 pixels (inner size) and 6.5 800x600 pixels (inner size)

Anonymous (not verified) said:

January 25, 2017

Permalink

On some sites like en.wikipedia.org or marc.info, the destination of links is not shown at the bottom anymore while hovering over it, but on others like this one it still is. Is this on purpose?

Anonymous (not verified) said:

January 27, 2017

Permalink

I did some tests with a fresh 6.0.8 and 6.5. Those are fine. So must be a problem with my install. Thanks for your help.

Anonymous (not verified) said:

January 26, 2017

Permalink

360 total security flags both 6.5 and 7.0 Tor as a trojan!
is this normal? false positive?

Anonymous (not verified) said:

January 26, 2017

Permalink

Arrow to expand/collapse "developer-comments" doesn't work on Medium settings.

How can I reproduce that? I switched to "Medium" and loaded the link above in a new tab. Expanding/collapsing the comments via the arrow works for me on two different Linux systems both with 6.5 and the alphas.

Anonymous (not verified) said:

January 27, 2017

Permalink

*^#^&$%^@#!!!!!!!!!!!!!!!!!
Random bugs or recent HTTPSE update!
Now everything works fine.
But before: arrows were not clickable and "the destination of links is not shown at the bottom anymore while hovering over it" as one user mentioned.

Anonymous (not verified) said:

January 26, 2017

Permalink

Unfortunately, new version has a serious performance regression of ~50-100% from previous stable (and 6.5a3 too) while playing video on YouTube (off-screen, no network activity (cached), no other processing).

Anonymous (not verified) said:

January 27, 2017

Permalink

Add-ons have no effect.
It turns out that Mozilla switched to FFmpeg and made other improvements, so everything will change in ESR52. Let's hope Mozilla will test Firefox with/without your uplifts on Talos.

Anonymous (not verified) said:

January 26, 2017

Permalink

26-01-2017, 12:28:02.300 [WARN] Proxy Client: unable to connect to 83.212.101.3:443 ("general SOCKS server failure")

The port is down again

Anonymous (not verified) said:

January 26, 2017

Permalink

There is a margin at the bottom of the page after updating.
I'm using windows 10.

Anonymous (not verified) said:

January 26, 2017

Permalink

My window size suddenly became 1000x500, even when I close the browser, or when I choose "New Identity"

Is this normal?

Ubuntu 16.10 64bits -- upgraded from Tor Browser 6.0.8

Anonymous (not verified) said:

February 13, 2017

Permalink

This is not a resize issue. The open application indicator (white dots on the left) show for Firefox but not for Tor browser even though the application is open.

He's ranting about Mozilla Firefox not being the most secure browser, and about using vanilla Tor being risky for people in repressive regimes. Nothing about Tor itself. If he's a "security guy" then why doesn't he push pull request that ameliorate Firefox' so-called lack of security?

The Grugq is famous for being an expert in OPSEC. One thing he hates is when people use something like Tor but do not understand how to stay safe, and think that Tor alone is all they need to stay safe. If people think that using Tor is a magic bullet, then people will be unpleasantly surprised when a Firefox exploit by an advanced adversary breaks into their computer. You need proper OPSEC, his area of expertise, in combination with an anonymity network in order to be safe.

Anonymous (not verified) said:

January 27, 2017

Permalink

I have the torbrowser for the Mac
sha256 d79e18d691a407c9cc06ec508701bff2283d73b65d4321e254763b17d0a13a09
TorBrowser-6.0.5-osx64_en-US.dmg

When i perform a search through google.com for queen street, strangely it finds the queen street located to my location Canada, Ontario ISP Execulink.ca instead of the location the browser is connected. This appears to be a security issue.

I was connected to TOR circuit
OBFS4(united states)
Germany 5.9.12.29
France 62.210.69.79

Anonymous (not verified) said:

January 27, 2017

Permalink

27-01-2017, 17:48:34.300 [WARN] Proxy Client: unable to connect to 83.212.101.3:443 ("general SOCKS server failure")

83.212.101.3 is not responding again

Anonymous (not verified) said:

January 27, 2017

Permalink

v 6.5 comes up as a trojan. is this the right sha?

serial
0c 31 0a 0c 32 ce a7 fe 5d 6e 11 2d 52 e6 b6 ee

30 82 01 0a 02 82 01 01 00 c2 01 af 62 37 03 7a 70 db 5c 06 cb 1f 55 5d 3a e4 7d 17 4a 2e 48 3b 91 ea ae 45 c4 f1 dd 07 3c dc 4d 8c eb bc 34 2e 87 45 8b b3 9d b2 91 c8 cd 13 6d 3d a9 ad 1b 27 7f 61 42 e9 6b b0 2d 87 0f bf 07 9e 22 a6 ef 58 ff 38 44 0f 4a 3b 9c 44 ab eb 74 ea 3b 9b 0c 41 df e2 97 6d 91 82 5e cd 89 5b 6e 11 ea 8e dd b2 51 11 cf 80 c8 b3 db 7c 38 0f 79 c7 da ca 1b 83 1c 7d 96 e7 61 2d 24 c0 29 a6 7e f9 55 04 a3 b8 06 76 61 6b cf 58 19 81 97 d4 6c 97 b5 82 87 c4 59 a9 7e ef 88 ab 27 d1 29 36 d7 06 d0 7e 68 9d fa b9 a4 de 97 73 45 37 43 9c 07 ac 10 ad d1 30 7d 74 83 23 d5 87 2e 75 0f 29 21 17 87 f5 26 b5 0b 4f 1b f3 fd 47 c0 90 f8 01 aa ca e1 67 b4 56 a0 15 05 ac 6a 74 34 00 57 1c 9a 47 6a 99 12 d0 36 e4 53 39 12 17 49 48 66 eb 17 35 c7 55 ec f9 3c b4 20 a1 6e e0 50 56 89 02 03 01 00 01

thumbprint
‎c2 7e ac 1b 26 34 65 cd d7 36 30 d9 4b 0b 92 e6 74 f0 15 01

Anonymous (not verified) said:

January 27, 2017

Permalink

virustotal.com says tor 7.0 is clean, but 360 total security says its a trojan.

File identification
MD5 9a2d0dac7271f1b53e29a2ecf8ff02db
SHA1 2aee4b0d896698fa0619563f20beaf5a296fbf6e
SHA256 6afb207658fa52eafc1cf76c5f5e68abaca6757d9749c1c8e8ef05efcecb45bd
ssdeep786432:02ui80q4nti2wKRRMAEzps42244dPYlp4TUEK9MEX60vEB2QvqTtjqiJOX:QirqazwK8AlSPWp4TUEdJ0sB2QvMkiJu
authentihash 5d5f2c48133083f1942975127aa07fb0deb16e6ca0a1874a622bce446791cba6
imphash 187b3ae62ff818788b8c779ef7bc3d1c
File size 48.4 MB ( 50765080 bytes )
File type Win32 EXE
Magic literalPE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)

Anonymous (not verified) said:

January 27, 2017

Permalink

Here is my 360 total securiy log showing it flagged both tor 7.0 and 6.5 as viruses: (during the download)

I ran the files through 360 security individually and they passed today.

2017-01-26 02:22:39 C:\Users\login\Downloads\torbrowser-install-6.5_en-US.exe Virus Mozilla
2017-01-26 02:22:23 C:\Users\login\Downloads\torbrowser-install-7.0a1_en-US.exe Virus Mozilla
2017-01-24 22:34:10 C:\Users\a\Downloads\mb3-setup-consumer-3.0.5.1299.exe:Zone.Identifier Safe Opera
2017-01-24 21:55:16 C:\Users\a\Downloads\OperaNeonSetup.exe:Zone.Identifier Safe Opera
2017-01-24 21:55:15 C:\Users\a\Downloads\CAE5.tmp Safe Opera
2017-01-24 21:53:09 C:\Users\a\Downloads\Opera_Developer_44.0.2475.0_Setup_x64.exe:Zone.Identifier Safe Opera
2017-01-24 21:21:18 C:\Users\a\Downloads\B6A5.tmp Safe Opera
2017-01-24 21:19:56 C:\Users\a\Downloads\6F7C.tmp Virus Opera
2017-01-24 21:19:49 C:\Users\a\Downloads\Opera_Developer_44.0.2475.0_Setup.exe:Zone.Identifier Safe Opera
2017-01-24 21:18:34 C:\Users\a\Downloads\2BAD.tmp Virus Opera
2017-01-24 21:10:46 C:\Users\a\Downloads\SpybotAntiBeacon-1.6-setup.exe Unknown Mozilla
2017-01-12 15:40:34 C:\Users\login\Downloads\AA0C.tmp Safe Opera
2017-01-12 15:40:32 C:\Users\login\Downloads\A3A2.tmp Safe Opera
2017-01-10 19:29:10 C:\Users\login\Downloads\2E01.tmp Safe Opera
2017-01-10 19:28:07 C:\Users\login\Downloads\3751.tmp Safe Opera
2017-01-10 19:27:39 C:\Users\login\Downloads\C083.tmp Safe Opera
2017-01-06 19:52:39 C:\Users\login\Downloads\Jan Hammer - Crockett's Theme (Audio Mill Remix).mp4:Zone.Identifier Safe Opera
2017-01-05 20:19:51 C:\Users\login\Downloads\E153.tmp Safe Opera
2017-01-04 19:32:41 C:\Users\login\Downloads\6085.tmp Safe Opera
2017-01-04 19:32:25 C:\Users\login\Downloads\209C.tmp Safe Opera
2017-01-04 19:32:04 C:\Users\login\Downloads\CEBF.tmp Safe Opera
2017-01-02 14:56:28 C:\Users\login\Downloads\BAA0.tmp Safe Opera
2017-01-02 14:52:03 C:\Users\login\Downloads\ACCE.tmp Safe Opera
2017-01-02 14:48:31 C:\Users\login\Downloads\66D2.tmp Safe Opera
2017-01-02 14:44:39 C:\Users\login\Downloads\E0BF.tmp Safe Opera
2017-01-02 14:44:30 C:\Users\login\Downloads\C324.tmp Safe Opera
2017-01-02 14:43:34 C:\Users\login\Downloads\E3F9.tmp Safe Opera
2016-12-29 20:36:21 C:\Users\login\Downloads\7B8D.tmp Safe Opera
2016-12-29 19:02:05 C:\Users\login\Downloads\2898.tmp Safe Opera
2016-12-20 17:20:39 C:\Users\login\Downloads\24oct16\526816_4209793527940_1453686951_n.jpg:Zone.Identifier Safe Opera
2016-12-20 17:20:32 C:\Users\login\Downloads\9140.tmp Safe Opera
2016-12-20 13:51:09 C:\Users\login\Downloads\File0001.PDF:Zone.Identifier Safe Opera
2016-12-20 11:37:27 C:\Users\login\Downloads\Opera_Developer_43.0.2431.0_Setup(1).exe Safe Mozilla
2016-12-19 21:55:32 C:\Users\login\Downloads\24oct16\Bikini11.jpg:Zone.Identifier Safe Opera
2016-12-19 21:55:31 C:\Users\login\Downloads\F53E.tmp Safe Opera
2016-12-19 21:55:22 C:\Users\login\Downloads\24oct16\Bikini10 (1).jpg:Zone.Identifier Safe Opera
2016-12-19 21:55:17 C:\Users\login\Downloads\C179.tmp Safe Opera
2016-12-19 21:55:13 C:\Users\login\Downloads\24oct16\Bikini9 (1).jpg:Zone.Identifier Safe Opera
2016-12-19 21:55:12 C:\Users\login\Downloads\AB10.tmp Safe Opera
2016-12-19 21:55:02 C:\Users\login\Downloads\24oct16\Bikini7.jpg:Zone.Identifier Safe Opera
2016-12-19 21:55:00 C:\Users\login\Downloads\7E7F.tmp Safe Opera
2016-12-19 21:54:55 C:\Users\login\Downloads\24oct16\Bikini6.jpg:Zone.Identifier Safe Opera
2016-12-19 21:54:54 C:\Users\login\Downloads\6537.tmp Safe Opera
2016-12-19 21:54:44 C:\Users\login\Downloads\24oct16\Biks12.jpg:Zone.Identifier Safe Opera
2016-12-19 21:54:43 C:\Users\login\Downloads\3C21.tmp Safe Opera
2016-12-19 21:54:35 C:\Users\login\Downloads\24oct16\Biks22 (1).jpg:Zone.Identifier Safe Opera
2016-12-19 21:54:34 C:\Users\login\Downloads\17FC.tmp Safe Opera
2016-12-19 21:54:21 C:\Users\login\Downloads\24oct16\Biks22.jpg:Zone.Identifier Safe Opera
2016-12-19 21:54:20 C:\Users\login\Downloads\E08E.tmp Safe Opera
2016-12-19 21:54:15 C:\Users\login\Downloads\24oct16\Biks17.jpg:Zone.Identifier Safe Opera
2016-12-19 21:54:14 C:\Users\login\Downloads\C91C.tmp Safe Opera
2016-12-19 21:54:00 C:\Users\login\Downloads\24oct16\Bikini5.jpg:Zone.Identifier Safe Opera
2016-12-19 21:53:59 C:\Users\login\Downloads\8D57.tmp Safe Opera
2016-12-19 21:53:48 C:\Users\login\Downloads\24oct16\Bikini4.jpg:Zone.Identifier Safe Opera
2016-12-19 21:53:47 C:\Users\login\Downloads\5EF1.tmp Safe Opera
2016-12-19 21:53:41 C:\Users\login\Downloads\24oct16\Bikini3.jpg:Zone.Identifier Safe Opera
2016-12-19 21:53:40 C:\Users\login\Downloads\4695.tmp Safe Opera
2016-12-19 21:53:35 C:\Users\login\Downloads\24oct16\Bikini2.jpeg:Zone.Identifier Safe Opera
2016-12-19 21:53:34 C:\Users\login\Downloads\2DCB.tmp Safe Opera
2016-12-19 21:53:01 C:\Users\login\Downloads\24oct16\Biks7.png:Zone.Identifier Safe Opera
2016-12-19 21:52:59 C:\Users\login\Downloads\A683.tmp Safe Opera
2016-12-19 21:52:43 C:\Users\login\Downloads\24oct16\Biks13.jpg:Zone.Identifier Safe Opera
2016-12-19 21:52:42 C:\Users\login\Downloads\60CC.tmp Safe Opera
2016-12-19 21:52:34 C:\Users\login\Downloads\24oct16\Biks14.jpg:Zone.Identifier Safe Opera
2016-12-19 21:52:32 C:\Users\login\Downloads\3CA7.tmp Safe Opera
2016-12-19 21:52:08 C:\Users\login\Downloads\24oct16\Biks18.jpg:Zone.Identifier Safe Opera
2016-12-19 21:52:07 C:\Users\login\Downloads\D760.tmp Safe Opera
2016-12-19 21:51:55 C:\Users\login\Downloads\24oct16\Biks19.jpg:Zone.Identifier Safe Opera
2016-12-19 21:51:54 C:\Users\login\Downloads\A7B2.tmp Safe Opera
2016-12-19 21:51:40 C:\Users\login\Downloads\24oct16\Biks23.jpg:Zone.Identifier Safe Opera
2016-12-19 21:51:39 C:\Users\login\Downloads\6B62.tmp Safe Opera
2016-12-19 21:51:30 C:\Users\login\Downloads\24oct16\Biks24.jpg:Zone.Identifier Safe Opera
2016-12-19 21:51:28 C:\Users\login\Downloads\425B.tmp Safe Opera
2016-12-19 21:51:22 C:\Users\login\Downloads\24oct16\Bikini26.jpg:Zone.Identifier Safe Opera
2016-12-19 21:51:21 C:\Users\login\Downloads\2598.tmp Safe Opera
2016-12-19 21:51:13 C:\Users\login\Downloads\24oct16\Bikini25.jpg:Zone.Identifier Safe Opera
2016-12-19 21:51:12 C:\Users\login\Downloads\1B3.tmp Safe Opera
2016-12-19 21:48:10 C:\Users\login\Downloads\24oct16\Biks20.jpg:Zone.Identifier Safe Opera
2016-12-19 21:48:09 C:\Users\login\Downloads\371F.tmp Safe Opera
2016-12-19 21:47:53 C:\Users\login\Downloads\24oct16\Biks15.jpg:Zone.Identifier Safe Opera
2016-12-19 21:47:52 C:\Users\login\Downloads\F59D.tmp Safe Opera
2016-12-19 21:46:56 C:\Users\login\Downloads\24oct16\Bikini10.jpg:Zone.Identifier Safe Opera
2016-12-19 21:46:55 C:\Users\login\Downloads\1584.tmp Safe Opera
2016-12-19 21:46:43 C:\Users\login\Downloads\24oct16\Bikini9.jpg:Zone.Identifier Safe Opera
2016-12-19 21:46:35 C:\Users\login\Downloads\C6F2.tmp Safe Opera
2016-12-19 18:08:21 C:\Users\login\Downloads\Opera_Developer_43.0.2431.0_Setup.exe Safe Mozilla
2016-12-11 00:01:04 C:\Users\a\Downloads\Opera_Developer_43.0.2431.0_Setup.exe Safe Mozilla
2016-12-10 22:39:39 C:\Users\login\Downloads\frb_q32005.pdf:Zone.Identifier Safe Opera
2016-12-10 21:32:36 C:\Users\login\Downloads\5864.tmp Safe Opera
2016-12-10 21:01:22 C:\Users\login\Downloads\EAZY-E Real Muthaphuckkin G's - HD DIRECTOR'S CUT - Explicit.mp4:Zone.Identifier Safe Opera
2016-12-02 22:03:53 C:\Users\login\Downloads\Copy of Client List SD 29nov.xlsx:Zone.Identifier Safe Opera
2016-11-26 15:10:32 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY34.jpg:Zone.Identifier Safe Opera
2016-11-26 15:10:30 C:\Users\login\Downloads\AA4F.tmp Safe Opera
2016-11-26 15:10:11 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY33.jpg:Zone.Identifier Safe Opera
2016-11-26 15:10:09 C:\Users\login\Downloads\55F2.tmp Safe Opera
2016-11-26 15:09:52 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY31.jpg:Zone.Identifier Safe Opera
2016-11-26 15:09:51 C:\Users\login\Downloads\F70.tmp Safe Opera
2016-11-26 15:09:33 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY30.jpg:Zone.Identifier Safe Opera
2016-11-26 15:09:31 C:\Users\login\Downloads\C311.tmp Safe Opera
2016-11-26 15:09:15 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY29.jpg:Zone.Identifier Safe Opera
2016-11-26 15:09:14 C:\Users\login\Downloads\7F9A.tmp Safe Opera
2016-11-26 15:09:00 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY28.jpg:Zone.Identifier Safe Opera
2016-11-26 15:08:59 C:\Users\login\Downloads\44A2.tmp Safe Opera
2016-11-26 15:08:37 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY26.jpg:Zone.Identifier Safe Opera
2016-11-26 15:08:35 C:\Users\login\Downloads\E97C.tmp Safe Opera
2016-11-26 15:01:21 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY25.jpg:Zone.Identifier Safe Opera
2016-11-26 15:01:20 C:\Users\login\Downloads\429B.tmp Safe Opera
2016-11-26 14:22:11 C:\Users\login\Downloads\la veta.pdf:Zone.Identifier Safe Opera
2016-11-26 14:19:31 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY21.jpg:Zone.Identifier Safe Opera
2016-11-26 14:19:30 C:\Users\login\Downloads\F685.tmp Safe Opera
2016-11-26 14:19:07 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY19.jpg:Zone.Identifier Safe Opera
2016-11-26 14:19:05 C:\Users\login\Downloads\970B.tmp Safe Opera
2016-11-26 14:18:53 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY18.jpg:Zone.Identifier Safe Opera
2016-11-26 14:18:51 C:\Users\login\Downloads\5E45.tmp Safe Opera
2016-11-26 14:18:13 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY17.jpg:Zone.Identifier Safe Opera
2016-11-26 14:18:11 C:\Users\login\Downloads\C413.tmp Safe Opera
2016-11-26 14:17:45 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY15.jpg:Zone.Identifier Safe Opera
2016-11-26 14:17:44 C:\Users\login\Downloads\58CF.tmp Safe Opera
2016-11-26 14:17:18 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY13.png:Zone.Identifier Safe Opera
2016-11-26 14:17:17 C:\Users\login\Downloads\EDEA.tmp Safe Opera
2016-11-26 14:17:01 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY12.jpg:Zone.Identifier Safe Opera
2016-11-26 14:16:59 C:\Users\login\Downloads\AA35.tmp Safe Opera
2016-11-26 14:16:38 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY11.jpg:Zone.Identifier Safe Opera
2016-11-26 14:16:36 C:\Users\login\Downloads\4FEC.tmp Safe Opera
2016-11-26 14:16:25 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY10.jpg:Zone.Identifier Safe Opera
2016-11-26 14:16:23 C:\Users\login\Downloads\1C07.tmp Safe Opera
2016-11-26 14:15:44 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY9.jpg:Zone.Identifier Safe Opera
2016-11-26 14:15:42 C:\Users\login\Downloads\7B3B.tmp Safe Opera
2016-11-26 14:15:18 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY8.jpg:Zone.Identifier Safe Opera
2016-11-26 14:09:42 C:\Users\login\Downloads\24oct16\042416_1610.jpg:Zone.Identifier Safe Opera
2016-11-26 14:09:28 C:\Users\login\Downloads\C632.tmp Safe Opera
2016-11-24 11:56:52 C:\Users\login\Downloads\128E.tmp Safe Opera
2016-11-24 10:42:41 C:\Users\login\Downloads\23A3.tmp Safe Opera
2016-11-19 19:22:51 C:\Users\login\Downloads\A123.tmp Safe Opera
2016-11-19 12:39:22 C:\Users\login\Downloads\007-12-the-rongorongo-tablets-261073.jpg:Zone.Identifier Safe Opera
2016-11-19 12:39:20 C:\Users\login\Downloads\2C28.tmp Safe Opera
2016-11-19 12:39:03 C:\Users\login\Downloads\006-13-ulfberht-viking-swords-261069.jpg:Zone.Identifier Safe Opera
2016-11-19 12:39:02 C:\Users\login\Downloads\E3A2.tmp Safe Opera
2016-11-19 12:37:50 C:\Users\login\Downloads\004-15-the-quimbaya-airplanes-261063.jpg:Zone.Identifier Safe Opera
2016-11-19 12:37:48 C:\Users\login\Downloads\C5DD.tmp Safe Opera
2016-11-19 12:36:58 C:\Users\login\Downloads\002-17-the-winnipesaukee-mystery-stone-9e2502e5fb555789d7a48abe2736e9e1.jpg:Zone.Identifier Safe Opera
2016-11-19 12:36:54 C:\Users\login\Downloads\F2C4.tmp Safe Opera
2016-11-12 16:40:31 C:\Users\login\Downloads\4500057480.pdf Safe Mozilla
2016-11-12 11:48:46 C:\Users\login\Downloads\Copy of Client List SD 9nov.xlsx Safe Mozilla
2016-10-29 13:57:49 C:\Users\login\Desktop\Opera_Developer_42.0.2392.0_Setup.exe Safe Spartan browser
2016-10-29 13:56:29 C:\Users\login\Desktop\OperaSetupDeveloper.exe Virus Spartan browser
2016-10-26 20:20:52 C:\Users\login\Downloads\24oct16\742 Paradise Road Nat City 91950.pdf Safe Mozilla
2016-10-25 19:56:24 C:\Users\login\Downloads\24oct16\4690 51st st sd 92115.pdf Safe Mozilla
2016-10-25 19:28:42 C:\Users\login\Downloads\24oct16\Copy of Client List SD 23oct.xlsx Safe Mozilla
2016-10-25 00:02:02 C:\Users\login\Downloads\24oct16\1658 sagewood way san marcos ca 92078.pdf Safe Mozilla
2016-10-24 23:58:40 C:\Users\login\Downloads\24oct16\800 n mollison#5 el cajon 92021.pdf Safe Mozilla
2016-10-24 23:48:32 C:\Users\login\Downloads\24oct16\1908 la corta st lemon grove 91945.pdf Safe Mozilla
2016-10-24 23:48:01 C:\Users\login\Downloads\24oct16\3864 shiloh rd sd 92105.pdf Safe Mozilla
2016-10-24 23:39:11 C:\Users\login\Downloads\24oct16\13794 fontanelle pl sd 92128.pdf Safe Mozilla
2016-10-24 23:35:08 C:\Users\login\Downloads\24oct16\1130 hackamore rd vista 92083.pdf Safe Mozilla
2016-10-24 23:31:20 C:\Users\login\Downloads\24oct16\1455 canoe creek way chula vista 91915.pdf Safe Mozilla
2016-10-24 23:27:52 C:\Users\login\Downloads\24oct16\1435 india st#415 san diego 92101.pdf Safe Mozilla
2016-10-24 23:24:41 C:\Users\login\Downloads\24oct16\4970 dalehaven pl san diego 92105.pdf Safe Mozilla
2016-10-24 23:17:57 C:\Users\login\Downloads\24oct16\3233-3235 40th st san diego 92105.pdf Safe Mozilla
2016-10-24 23:13:19 C:\Users\login\Downloads\24oct16\2827weepingwillow chula vista.pdf Safe Mozilla
2016-10-22 15:44:00 C:\Users\login\Downloads\09-O-13575.pdf Safe Mozilla
2016-10-22 15:43:54 C:\Users\login\Downloads\13-O-10125-2.pdf Safe Mozilla

Anonymous (not verified) said:

January 27, 2017

Permalink

Bugs?
Tor browser on Windows ...
I see a number of problems/bugs with addons here & in browser after update ... while you make it clear that extra addons break privacy and security. That's why you have a security slider & most realize this when using extra addons. Also on lowest security setting supposedly ALL browser features are enabled .. not so! Maybe you should include a 4th setting for those who use extra addons ... with the knowledge that they break further security/privacy. It is the RIGHT of the knowledgeable user to do so.
1 = Session Manager icons & listings in Tools menu disappear after update. BIG PROBLEM as session manager still works in background and leaks info more than ever. Similar/same goes for most tab tools.
PLEASE DO NOT BREAK Session Manager or Tab Mix as many use them to hide their activities by;
a= having many different session profiles with large number of tabs to confuse trackers/spies.
b= this also overloads their metadata and packet sniffing apps.
c= creates massive data to sort through, if possible at all, and fills/overloads their HDs
d= plays hell on tracking/spying Tor nodes & very quickly kicks tracking nodes
FYI , in previous versions of Tor Browser , session manager would generate 100's to 1000's of tabs per actual tab saved on save command or browser close. This helped in preventing spies ... although it almost killed loading of browser and overloaded boxes with less than 8GB of physical memory and quad-core box.
WE NEED TO SEE THESE ICONS & MENUS IN BROWSER AND CUSTOMIZE BROWSER
2 = NoScript ... similar to above. When one chooses to see different menu items/settings in NoScript we want them to be seen when hovered over. This facilitates quick changes in profile .. which plays havoc for spying sites and spies when globally activated/changed, especially google, adobe, akamai, and many others. Having open settings at coffee shops and internet cafe's to login/start and tighten settings thereafter is a necessity, not just a want.
BTW; only way to be half-ass secure these days with a windows box is to use one or more NAT routers, connected to secure login ISP , then VPN [up to 3] , and Tor browser to boot.
OR ... Tor boot/live CD/DVD , through VPN/s , then internet .. your settings saved on disposable mem stick / flash drive, if any.

We did not break anything on purpose and did not run into the issues you describe. The first thing that would help us looking at your problem would be steps to reproduce them. For instance, if you take a clean, new Tor Browser 6.0.8 and install Session Manager and update afterwards to 6.5 do you still get your broken experience. Likewise it is not clear what menu items/settings you are talking about in the NoScript case. Could you give us steps for that problem, too?

Anonymous (not verified) said:

February 08, 2017

Permalink

@ gk,
You're kidding about, "did not run into the issues you describe" .. right?
Look at "On January 25th, 2017 Anonymous said: a [BUG] !? ..." on this blog page. So, obviously, i'm not the only one.
Then take a look at Firefox previous versions and problems with Session Manager and other plugins. And we have an inferior Tor browser version based on Firefox 45.7 while latest Firefox is ver. 51.
That's a lot of bugs and security updates to catch up on.
Now that we know Torbutton breaks Session Manager and other plugins let's see what 1 week of pissin around gave me & many others:
1. we find Tor breaks / deletes MANY other plugins as well; classic theme restorer, zoom image, remove it permanently, video download helper, gtranslate, among LOADS of others. .. about 1/3 of plugins from Mozilla website.
2. Firefox has fixed these bugs / problems in recent versions .. why hasn't Tor?
3. whatever was done in last Tor update causes browser to remove/disable/break even "customize browser" page so it doesn't function after uninstalling non-functioning plugins.
4. updating Firefox fixes these bugs for Firefox.
5. started with Tor ver 3 to present and in every update of Tor there's something that goes wrong or some part of browser is disabled/broken/deleted.
6. used fully patched boxes with versions of XP, vista, win7, .. to win10.. same probs with Tor for every box upon update of Tor to next ver.
And you can't reproduce these problems? HA
Try it: install early ver of Tor on clean and patched box, install plugins mentioned, add 250+ unique pages and types of pages to create sessions, visit pages, bounce between saved sessions, update Tor to next ver, ... repeat.
7. You expect users to wipe out 3 months to YEARS of settings with every update just because you can't get Tor to stop breaking/deleting plugins and other parts?

What I meant was we did not run into issues while testing the new versions before releasing. And the problem with broken extensions has been in the alpha releases for weeks and months and nobody did run into it either. We have https://trac.torproject.org/projects/tor/ticket/21396 for breaking other extensions.

FWIW: Firefox has not fixed the underlying problem. Not in the current Firefox releases and not in their nightlies. And it does not look like this will going to happen anytime soon either.

Anonymous (not verified) said:

February 09, 2017

Permalink

@gk
"nobody"? Wrong! Loads of ppl have same probs just that they have very hard time finding place for support or to complain. It's only by chance that i found this blog after yrs of looking.
Reporting bugs fails 90% of the time via bug reports.
1. Thanks for ticket reference :)
2. Testing firefox in same manner as i mentioned above we find Firefox extensions are fixed/repaired after next to second next ver. Usually uninstalling and reinstalling the extension works on new version or update. Unless of coarse plugin/extension has been discontinued/blocked by Firefox in their add-ons pages. Then copying data, settings etc. to new ver. works most of the time.
3. with Tor browser 1 needs to start with fresh copy and hopefully recover data, settings, etc. from previous install/s and/or settings to gain only parts thereof. Most of the time they are lost and never to be found again. This is TOTALLY UNACCEPTABLE. No if's or butt's about it .. this is due to Tor update/install of new version/s of Tor.
4. You can test "new versions before releasing" all you want but unless you have done as i said above, you will not see what i'm talking about.
5. after all this, i'll go as far as ... don't try to defer to users or Firefox as the problem when i clearly proved it's Tor update/s and/or installs, and after extensive testing on numerous boxes and Windows OS's.
6. Furthermore, i'm told this problem breaks security and allows spies to gain access to users boxes and data, as partially mentioned in your ticket reference. This should not happen when user doesn't tell extension/plugin to call home.
7. So, no more excuses! Figure out how to fix this as it's a specific Tor problem. Just to be specific, this means, how does one fix this problem without installing new copy of Tor and loosing all data and settings? Another words ... how does one fix it on existing Tor update?

Anonymous (not verified) said:

January 27, 2017

Permalink

THANKS for the improvements...btw - where is window size listed?

There is no place where the window size is listed. It gets calculated depending on your screen resolution and should be a multiple of 200px for the width and 100px for the height.

Anonymous (not verified) said:

January 27, 2017

Permalink

Nice!

Anonymous (not verified) said:

February 01, 2017

Permalink

with the Mac version sha256: 3496a928aba9c0504f7c143a6c4d4fcd859cfbd818d6ce3fbb1538fe8d225bf5

Disconnect is not the default but is still present in the search configuration. If you use disconnect it defaults to duckduckgo making it useless.

Anonymous (not verified) said:

January 28, 2017

Permalink

can obfs4 bridges bypass china firewall and turkey, iran's block? I know some bridges may not work in those countrys.

Anonymous (not verified) said:

January 28, 2017

Permalink

Thanks for all the efforts folks!

I really hoped this release was going to add a the ability to password protect the Tor executable (same pw decrypting Tor setup files & bookmark would be a bonus). I recall this possibility being discussed several releases back. Some of the arguments against were 'creates a false sense of security', 'other means to same end' etc, but I thought it was still on the drawing board. Please advise if it is or is not, or shoot, if it's already been implemented and I haven't noticed it.

As it is now, using Windows I can lock a session, but at my work we cannot lock screens b/c it's common to hop on a coworker's system when they aren't around. This means I must either boot into Tails or store my main bookmarks & key files on a USB just in case someone does decide to open Tor. I'm looking for a better more permanent solution for this. Please advise if it's on the drawing board & I'll sit back & keep waiting for it. thanks again

Anonymous (not verified) said:

January 28, 2017

Permalink

Everytime I go to addons and click "addon search" or "details" in addons then Tor Browser doesn't work and close it with such a error message. Win7, German, 32bit.

Anonymous (not verified) said:

January 29, 2017

Permalink

I can NOT get any of the new versions to work.
I’ve been using 6.5a5 since it was released and it works fine.

Today I installed 6.5 several times and it just won’t connect.
"Something Went Wrong!
Tor is not working in this browser."

Onion icon shows "Tor disabled" and pages won’t load - "unable to find the proxy server"

I don’t have a proxy server configured right now!

Downloaded and installed several times, sometimes it says "Tor Launcher could not connect to Tor control port."

And v7.0a1 is the same.

Reinstalling 6.5a5 makes it functional again. WTF?!

Anonymous (not verified) said:

January 29, 2017

Permalink

Wouldn’t you know it - right after posting my comment I deleted and replaced the TorBrowser-Data folder AGAIN.

At first I got a big error window. Then I deleted the Updates folder within, and all the files in the Tor folder.

I had already done that many times, so I don’t know why Tor launched this time but it did (version 7.0a1).

I notice that inside the updates.xml file there’s no mention of version 7.0a1 or Firefox 45.7.0. The last updates listed are Tor 6.5a6 and Firefox 45.6.0.

Just successfully launched it again, so who knows what caused the problem.

Anonymous (not verified) said:

January 29, 2017

Permalink

- Firefox 24 ESR works on KDE 4
- Firefox 45 ESR (i.e. TBB 6.5) works on KDE 4
- Firefox 51 (no e10s) does not work on KDE 4

Not like I need Firefox 51 for KDE though, but Firefox 52 ESR is creeping up soon, so are there any plans for the next Tor Browser based on that version to work on KDE 4? :nervous:

Anonymous (not verified) said:

January 29, 2017

Permalink

Session Manager in Tools menu and it's icons in toolbars disappeared after update.
How to make Session Manager fully functional?

Anonymous (not verified) said:

January 29, 2017

Permalink

360 total security now flags the tor 7.0 and 6.5 as UNKNOWN, yesterday it was saying it was a virus/trojan

2017-01-29 13:47:56 D:\Users\user\Desktop\deskk\Downloads\torbrowser-install-7.0a1_en-US.exe Unknown Mozilla
2017-01-29 13:47:34 D:\Users\user\Desktop\deskk\Downloads\torbrowser-install-6.5_en-US.exe Unknown Mozilla

Anonymous (not verified) said:

January 30, 2017

Permalink

Can't download the new version. Everytime I try, I receive this warning: "signature verification failed! You might be under attack, or there might just be a networking problem. Click start try the download again."
Well, I don't have networking problems and I'd already tried several times. Any help?

Anonymous (not verified) said:

January 30, 2017

Permalink

Something interesting. I think I may have found the FBI's alleged magic bullet. It seems that PHP has a known but not well publicized exploitable bug that allows a PHPscript to both hide other scripts such as javascript from the browser, as well as somehow, at least hypothetically, execute them as well. If this is the case, it would seem that PHP would be able to bypass the browser plugins and run scripts anyways. So a few questions:

1. Has this type of attack been considered and mitigated,

and,

2. How might we mitigate this sort of thing?

PHP is a server-side language. It does not execute on browsers and cannot be used to exploit browsers in any way. A PHP bug, no matter how severe, could only be used to exploit a web server. PHP is simply a method of having a server choose what to send to a client, like any other CGI script like Perl, Ruby, ASP, or whatever. It cannot tell the client how to execute it. To answer your questions:

1. No, because it does not exist.

2. We cannot, because it does not exist.

Anonymous (not verified) said:

January 31, 2017

Permalink

tor + firefox updated not properly. Tor not run correctly in firefox. Items in "Add-ons" is absent. I do not know what kinds configuration methods to use for to repare. When I Install old version over not properly updated version then links what I added to "Bookmarls" is erased. These situation is appear often.

Anonymous (not verified) said:

January 31, 2017

Permalink

nice

Anonymous (not verified) said:

January 31, 2017

Permalink

agree

Anonymous (not verified) said:

February 04, 2017

Permalink

04-02-2017, 11:57:27.500 [WARN] Proxy Client: unable to connect to 83.212.101.3:443 ("general SOCKS server failure")

This is down again. This is used with the scramblesuite transport

I talked to the maintainer of that bridge and he told me that this bridge gets hammered with requests and the server can't handle that. We'll take that one out of the Tor Browser default bridges next time, alas.

I don't know what "Doesn't every TOR site support every bridge" means, but if it means "Doesn't every Tor relay support every pluggable transport", the answer is no.

Pluggable transports, such as scramblesuit, are separate programs that transform Tor traffic in a way that makes it harder to detect and/or censor.

The scramblesuit protocol doesn't get that much use in practice, and there aren't that many bridges that support it, and apparently the ones that do are having trouble with stability. Sounds to me like a reasonable time to remove it from the Tor Browser.

Anonymous (not verified) said:

February 21, 2017

Permalink

I only use it because it is one of the transports that is able to get through "Tor"blocked sites that don't allow other transports through. This could be because it is hardly used and sites that try to block Tor don't pay any attention to scramblsuit.

Anonymous (not verified) said:

February 06, 2017

Permalink

super

Anonymous (not verified) said:

February 09, 2017

Permalink

I am using a Mac OSX, and I see 2 "Tor browser" processes running simultaneously. Is this normal ?

Anonymous (not verified) said:

February 09, 2017

Permalink

No big deal but it seems the "wrap long lines" option doesn't work when I open "view page source".

Anonymous (not verified) said:

February 11, 2017

Permalink

When I install To browser 6.5 onto my Ubuntu 16.05 with the latest Firefox version already installed the Tor browser doesn't show being open from the App menu selection even though it is open. Firefox shows 2 applications open. It is if the Tor browser and Firefox are linked.

Anonymous (not verified) said:

February 13, 2017

Permalink

Unable to verify the signature of file tor-browser-linux64-6.5_en-US.tar.xz. I get the following when I attempt to verify the signature:

  1. <br />
  2. gpg: Signature made Tue 24 Jan 2017 09:42:49 AM EST using RSA key ID C3C07136<br />
  3. gpg: Can't check signature: public key not found<br />

SHA256 hash sum of the file:
c4714061748a70d3871dd84ff88d2f317b386d290a5c1fb94a504a1c256f1960

I've downloaded the file three different times now and had the same issue with all three downloads.

Updating your local Tor Browser key should help. The bundles are signed with a new subkey. The SHA256 hash looks good for what it is worth.

Anonymous (not verified) said:

February 14, 2017

Permalink

Version 6.5 consistantly does not start. Instead I am getting the message Something Went Wrong! Tor is not working in this browser

Version 6.08 is working.

Anonymous (not verified) said:

February 16, 2017

Permalink

Is TBB affected with?

https://www.openssl.org/news/secadv/20170216.txt
Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)
=========================================

Severity: High

During a renegotiation handshake if the Encrypt-Then-Mac extension is
negotiated where it was not in the original handshake (or vice-versa) then this
can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers
are affected.

OpenSSL 1.1.0 users should upgrade to 1.1.0e

Anonymous (not verified) said:

February 19, 2017

Permalink

ok

Anonymous (not verified) said:

February 27, 2017

Permalink

Anonymity broken ?

On some website(s?) there is a strange error happening while printing a webpage to pdf file.
It will give a modem error message for more than 20 times within a second.
This is happening for some time, one or two Torbrowser versions.
This is happening with no javascripts allowed.

What I see in the Console program log

  1. <br />
  2. (date) Week 09 (time) [0x0-0xad0ad].org.mozilla.tor browser (process number) (date) (time) localnetworkaddressname.local firefox (process number) <Error>: replacing NaN with 0<br />

This "replacing NaN with 0" message only keeps popping up in console on this website www.security.nl

What is this?
A new manner for circumventing Torbrowser anonymity by trying tot send feedback when printing a page?
Why aren't all dom settings in the about:config that try to send back user behavior disabled?
There used tot be a separate dom setting for sending printing feedback as well in firefox but I can find it anymore.

Please just try this yourself or please analyze that website code.
Tested many websites but this is only happening on that website that happened to be in a way related to another company that is focused on legal interception (Pine).
It is strange behavior, exeptional and very specific related and it does not look right.

Anonymous (not verified) said:

March 01, 2017

Permalink

Hi GK
Tested this issue in different Torbrowser versions, on different Mac OS X systems, with different OS versions, with different separated Mac OS X configs and different Mac hardware systems.

For example, it is not happening on Torbrowser versions based on Firefox ESR 38.
It is happening in the ESR 45 based Torbrowser versions (even the newest alfa 7 version) depending on the OS system you use and is not depending on blocking or allowing javascripts, it does happen even if you block almost everything in NoScript.

I did not feel the urge (yet) to test it on all Mac OS X systems between 10.6 and 10.12, because I do not want Torbrowser code on every system. I like my privacy but life offers more than checking and using Torbrowser.
But I did test Torbrowser versions in two Mac OS X versions.
Torbrowser 45 is working fine on OS X 10.10
Installing Torbrowser 5.5.5./ESR 38.8 again, this one is working fine on OS X 10.6

Torbrowser 45 is NOT working (that) fine on OS X 10.6 (but far far far better than the latest ESR mozilla Firefox versions that hang and freeze on a very regular basis. GooD job TorTeam, you are better than the mozilla devs!).
This Torbrowser NaN problem seems (at least) to be a specific Mac OS X 10.6 related problem no matter which hardware, OS X or Torbrowser configuration.

While attempting to save a PDF to file the Mac will immediately start other connection processes (on that particular tested website).
Two mDNSResponder connections over port 5353, one 5353 connection over ipv6 and one over ipv4 to an address starting with 224.
At the same time also starting two local network ipv4 connection attempts by the nmblookup process over port 137.
These connections were allowed so it was not a result of blocking connections.

At the same time (during save print to pdf) one can see around 20 (error) messages in console regarding that 'NaN error' warning.
This will happen every time when I save a webpage as pdf file on that particular website.
I tested it a lot of times, every time same result, same connection activity.

User feedback settings issue?
Now, Firefox used to have user interaction feedback code embedded, to inform the website owner about some browser activities the user was performing (If the website used the (anti privacy) opportunities in Firefox).
I can remember some feedback function things like acting on copy, printing, right mouse click actions by the user but I don't see them anymore in the about config.
It gives still a very a lot of DOM values and I do not know the fuctions of a lot of them, but hopefully you do.

Apparently there is some Torbrowser code activated by this website to start other processes in Torbrowser while printing a webpage, but apparently this gives some errors 'along the network road' popping up in my console program.
I don't know much about this 'Nan' or computer code at all but it seams to be a warning about a value that does not match or exist? What is Torbrowser doing by request while I just save a webpage as pdf?
My concern is that Torbrowser (in this particular case) apparently is getting triggered to start a network process that maybe can be used in a way we do not like it to be that way, because it is leaving my local network or end up in my modem logs or anywhere else?

Relative problem or not?
I know that firefox is ending their support for 3 Mac OS X versions any time soon and one can see that as a solution of this (Mozilla Firefox and not Torbrowser) problem. At least I do not have to test it on OS X 10.7 / 10.8 / 10.9 for now, but maybe this problem appears in 10.7 or even 10.8 as well?
Anyway, I should think that it is worth to analyze this problem because if you know what the source is of this particular problem you can prevent yourself from related unknown and invisible bugs in Torbrowser in future Torbrowser versions.
Hopefully.

Because I can imagine that not all Torbrowser users are monitoring their network, system and console processes to see if there is 'some creative deviation in the normal part of the program', I thought is was worth mentioning it here anyway.
So if you want to reproduce this, just take a Mac that still can run that marvelous OS X 10.6, take torbrowser 6 or 7 , set Noscript on the highest setting, open console program (show log list) go to that particular website, just print the front-page, or any page and save it as a pdf file anywhere.
And if you have any kind of extra firewall software, look at it and see which connections Torbrowser is activating when doing the print tot file job.

Thanks for your answer anyway and I hope you can address / repair / disable this specific behavior in future versions.
A possible about:config correction clue would be nice as well.

Bye

Anonymous (not verified) said:

March 01, 2017

Permalink

Additional answer while earlier (long) answer is still in moderation

It is also the case on the front page of Wired, wired.com
Even up to 72 NaN error console messages within 2 seconds every time I print a pdf to file.
Happens also with Torbrowser 7.0a1 (based on Mozilla Firefox 45.7.0) in combination with the latest version of OS X 10.6.
So there must be some kind of web code that is triggering this behavior on some websites while printing a webpage.

Thanks for that report. Just to make it clear (and make it easier to reproduce): This is just happening on an OS X 10.6 system and later macOS versions are unaffacted?

(As a sidenote: the upcoming alpha will be the last in its series that supports macOS < 10.9. We'll drop support for those older macOS versions with the switch to ESR 52 as Mozilla does).

Anonymous (not verified) said:

March 03, 2017

Permalink

GK,

Please read the long answer again, the answers are there.
You missed a positive remark @ Torproject also.
So give yourself that chance for a compliment again, but you are free to stop support on (relatively) very good working products on a relatively safe and relatively malware free operating system.

I tested OS X 10.6 and 10.10 (for now).
It is up to you to test OS X 10.7/10.8 and 10.9 if you have them directly available.

But if the second part of your answer is also ment as an easy solution / excuse.
Well then, what can I do? This is an asymmetric discussion, I cannot force anyone to look at possible bugs and security issues that maybe can affect newer browser versions as well.
Because you do not see it directly (as seen in OS X 10.6) it does not mean a possible bug is not there in your newer Torbrowser code with all risks to come.
You will only know future safety of your browser by knowing what is the error background of the bug now.

That dns thing mentioned, may be a Mac OS X specific behavior of samba and bonjour things on MacOS.
But, the combination of DNS and malware has relevant attention in real life as well, so.. there you go.
http://blog.talosintelligence.com/2017/03/dnsmessenger.html

I hope you'll figure out and understand what I wrote, I was not born as a native english speaker.
Regarding languages,.. some language advice for the midst of march, order "een fluitje bier" if you want to code next day, or a lot of "vaasje" if you don't bother at all doing anything but having one big hangover that week.
And "Duvel" means "Devil", just think of it before you are ordering this (belgium) beer.

Have fun.

Anonymous (not verified) said:

March 04, 2017

Permalink

Another extra test, Torbrowser 6.5 (based on Mozilla Firefox 45.7.0) on Mac OS X 10.7 does not seem to generate these print to pdf warnings on Wired.

Anonymous (not verified) said:

March 07, 2017

Permalink

Answered 2 times, friday-saturday but moderation is quite behind (takes at least 2 days) or making decisions to not publish the answers. I do not mind as long that they are reaching you anyway. Bye

Anonymous (not verified) said:

April 09, 2017

Permalink

I have a concern. I am able to access the link http://timesofindia.indiatimes.com/ using TOR, however I am unable to sign into the page as the "SIGN IN" option does not appear on using TOR. As a result I cannot use the features of comment/like/dislike on any article. A quick update on this wud be appreciated.

Anonymous (not verified) said:

April 09, 2017

Permalink

Hi guys I have just downloaded torbrowser-install-6.5.1_en-US.exe and I can't verify it neither by GPG not by SHA256:

gpg --verify torbrowser-install-6.5.1_en-US.exe.asc torbrowser-install-6.5.1_en-US.exe
gpg: Signature made 03/06/17 18:11:37 RTZ 2 (чшьр) using RSA key ID C3C07136
gpg: Good signature from "Tor Browser Developers (signing key) " [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: A430 0A6B C93C 0877 A445 1486 D148 3FA6 C3C0 7136

SHA256 of *.exe gives this value:

656DF6D342002CCE912584675CBBE0533BD794383E30B7138622BB2985B47608

However, what I see in the link

https://dist.torproject.org/torbrowser/6.5.1/sha256sums-unsigned-build…

d535f2ac460dd5d34cce5ba73e11126eec9170081b11b12f8332a88b2765e525 torbrowser-install-6.5.1_en-US.exe

What is wrong with it, or has it been replaced (attacked) somehow?