New Tor 0.2.4.17-rc packages
There's a new Tor 0.2.4.17-rc to hopefully help mitigate some of the problems with the botnet issues Tor is experiencing. All packages, including the beta Tor Browser Bundles, have been updated. Relay operators are strongly encouraged to upgrade to the latest versions, since it mostly has server-side improvements in it, but users will hopefully benefit from upgrading too. Please try it out and let us know.
https://www.torproject.org/projects/torbrowser.html.en#downloads
Tor Browser Bundle (2.4.17-beta-1)
- Update Tor to 0.2.4.17-rc
- Update NoScript to 2.6.7.1
- Update HTTPS Everywhere to 4.0development.11
I experiencing a high
I experiencing a high performance count on my GPU if I run Vidalia! My GPU Consumes about 190 WATT per hour and I noticed it with my Smart Home environment. If I run TOR without Vidalia its fine no GPU is needed. Maybe there is a Bitcoin application inside Vidalia???
I have been using the stable
I have been using the stable 0.2.3.25 expert bundle on KernelEx modified 98SE. It's been very stable and reliable. I tried to use the present release candidate 0.2.4.17-rc but it won't run regardless of Kex settings.
The error message reads:
The Tor.exe file is linked to missing export MSVCRT.DLL:_vscprintf.
After adding a copy of MSVCRT.DLL from XP to the Tor exceutable directory, I get the following error:
The MSVCRT.DLL file is linked to missing export NTDLL.DLL:RtlGetNTVersionNumbers.
Is this call a requirement of the last modification or is it from a change in the compiling environment? If it's the latter, will 98SE/ME compatibility exist when 0.2.4 versions become a stable releases?
Wow. I think your best bet
Wow.
I think your best bet is to work on the TBB 3.x build process to make sure it'll work for you:
https://blog.torproject.org/category/tags/tbb-30
since pretty soon TBB 3.x is going to be the recommended way to use Tor, and I bet it doesn't support win98 currently.
Or to be clearer, we wouldn't mind supporting your obsolete insecure operating system if it's easy to do, but you're going to have to make it happen. :)
Regarding: Or to be clearer,
Regarding:
Or to be clearer, we wouldn't mind supporting your obsolete insecure operating system if it's easy to do, but you're going to have to make it happen.
Version 0.2.3.25 works properly, both as a client and a low volume relay, 1-2GB per day. My low end DSL service prevents higher volumes.
http://torstatus.blutmagie.de/router_detail.php?FP=9d729e04cd3bf8630cae…
The uptime was at 2 weeks before I tried the latest version. I'm attempting to determine what has changed in the 0.2.4 versions that has made it incompatible, whether its a system call that isn't supported by 98, or a change in file versions used during compiling.
The question of OS security could go way off topic here. In short, I'd rather deal with a potentially insecure design than one that may be deliberately backdoored. I'm too new with linux to make that change at this time.
Are you seriously running
Are you seriously running Windows 98?! Oh man, that takes me back to the good ol' days...
Government oppression makes people do funny things.
I run a few tor relays via
I run a few tor relays via VPS. When I ssh in to the servers (ubuntu) and try to update (apt-get install tor) I get the message that I'm running the latest version. I'm running the 0.2.3.25 version.
As a relay operator, how can I update to the latest 0.2.4.17-rc package on linux using the command line?
the new tor crashed TWICE in
the new tor crashed TWICE in less than 10 minutes. One of those when disconnecting a circuit, AND the browser keeps disconnecting and interrupting the connections.
Also, I couldn't access the tor blog from tor!
Please fix it!
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#MyTorkeepscras….
We need your (or somebody's) help to figure out what problem you're encountering.
"window.name" is traceable.
"window.name" is traceable. Why ?
This is addressed in the bug
This is addressed in the bug tracker at https://trac.torproject.org/projects/tor/ticket/7638
looking at tor bandwidth
looking at tor bandwidth usage, noticed constant receiving and sent activity at times... especially after unsuccessfully loading a page. Stopping, closing tabs, patiently waiting (?), nothings stops stops the constant activity. It just runs in circles, preventing further use until restarting sometimes.
Few people here say its because https everywhere. Maybe downgrade?
Can you figure out what
Can you figure out what triggers it? The https everywhere developers couldn't make it happen when they tried to reproduce the problem, so they have nothing to fix.
Sure. A way I can
Sure. A way I can consistently replicate it is with gmail!.... not that I would ever seriously use gmail.
but attempting to log into gmail wont get far. it doesn't get far past showing an inbox. then constant receiving and sending, even after closing. tor craps out after this. Only thing to do is restart. it seems to be clients1.google.com. constantly opening/closing after closing everything while i stare at a blank screen. Just tried it before posting this. 10 minutes of this with no signs of ever stopping.
Same thing has happened a few times but elsewhere. This is the only way i remember and can replicate but I will try and backtrack and find were else its happened and maybe you can test it out yourself.
also, just visiting gmail front page starts the vicious cycle of clients1.google.com but doesnt completely cripple tor unless logging in.
Erinn/Arma, the earlier
Erinn/Arma,
the earlier reported non-stop outgoing https connections to clients1.google.com seemed to happen with the latest TBB x64 on Linux, but only _after the browser Add-ons were updated manually_ - that loaded the latest dev version of Https-Everywhere.
After I manually replaced it with the previous "4.0development.9" version that was on hand, the weird connections are no more.
Wonder if the Https-evr devs really use Google like that in their development process... Hope it's not some MITM trick.
Thanks for interacting with us in the blog's comments. For some of us, mortal users, it's way easier to give feedback here than to register/login/create the tickets...
Thanks a lot for giving some
Thanks a lot for giving some more details.
I've created a trac ticket for the developers to better figure out what's going on. You can keep up with it here, if you like:
https://trac.torproject.org/projects/tor/ticket/9713
We'll still check back to see if there are more comments from all of you though. :)
EPIC Files FOIA Suit to
EPIC Files FOIA Suit to Determine If Tor Is Compromised
EPIC has filed a Freedom of Information Act lawsuit against the Broadcasting Board of Governors, a federal agency that oversees all U.S. civilian international media. EPIC seeks information about the federal government's interest in the Tor network. Tor is a program designed to allow encrypted, anonymized online browsing and is used by many human rights organizations. Recent news reports indicate that the National Security Agency has targeted the communications of Tor users. In a related matter, EPIC has asked the Supreme Court to halt the NSA collection of domestic telephone records. For more information, see EPIC: EPIC v. BBG - Tor.
- https://epic.org/2013/09/epic-files-foia-suit-to-determ.html
https://epic.org/foia/tor/EPIC-BBG-FOIA-Complaint.pdf
https://epic.org/Tor_FOIA_Request_31_May.pdf
http://www.washingtonpost.com/blogs/the-switch/wp/2013/09/06/the-feds-p…
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-s…
https://epic.org/privacy/nsa/in-re-epic/
https://epic.org/foia/tor.html
I'm generally a fan of EPIC,
I'm generally a fan of EPIC, but this one is just silly. BBG funded us in part to improve the capacity of the Tor network, and I spent a month last summer growing the relay operator community and doing just that. You can see the results here:
https://metrics.torproject.org/fast-exits.html?graph=fast-exits&start=2…
We've also been exploring the idea of reimbursing some costs for exit relay operators if they run fast and stable exits:
https://blog.torproject.org/blog/turning-funding-more-exit-relays
and we've done all of that exploring in the open so far (and apart from funding Moritz a little bit to have him continue helping people to run their fast exits, it's still basically at the exploring stage).
But none of that matters, because this FOIA appears to be about finding out details about the exits that BBG runs. They don't run any. And when the FOIA response comes back empty ("sorry, don't know what you're talking about"), will it just strengthen EPIC's conspiracy fears?
What makes it extra sad is that there *are* government agencies where I'd love to find out if they're running any Tor relays -- NSA, FBI, DoJ, ICE, DEA, plus all the new acronyms that have crept up in the past decade when we added new "wars on X".
So, great, I don't want EPIC to cancel this one (after all that would just feed the conspiracy). But I sure wish they had come to us for context first before wasting their time and energy here. And I look forward to seeing their FOIAs of the many actually scary agencies.
Hello. I don't see anywhere
Hello.
I don't see anywhere Centos 5 packages of tor-0.2.4.17, even here is published only old package:
http://deb.torproject.org/torproject.org/rpm/el/5/x86_64/
Could you please update it also?
Thanks
I agree with those who argue
I agree with those who argue that Tor users must retain a niggling suspicion about the USG funding for both Tor Project (via BBG) and Tails (via NED).
But I am still with Arma on this issue. One point to consider: the BBG and NED affiliations are a rather open secret. If scarier TLAs had co-opted Tor and wanted to hide their financial support, they could probably form a less recognizable front organization.
Nontheless I would like to offer a suggestion. It seems to me that there are at least two reasons to move the incorporation (if that is the correct term) of Tor Project outside the USA:
1. Otherwise, Tor can be pressured by TLAs to either provide back doors or lose its 501c status (from the grapevine, this appears to be sufficiently common that I am surprised by the implication that Tor has not yet experienced it).
2. Otherwise, Tor will be under continual threat of suddenly receiving a dragnet surveillance order under some US "authority".
So I think reconstituting the project as a tax-exempt public interest organization in a less panopticon-friendly country could be very desirable. See
for suitable candidate host nations.
Comments?
We've been exploring forming
We've been exploring forming a non-profit in Europe. But it's not like the European climate is much better here.
Also, if we have "operations" in the US (e.g. employees, contractors, etc) then we fall back into many of the same problems.
And if we form some organization in Europe, we fall under their jurisdictions *in addition*.
In sum, it's about much more than just where the company is incorporated.
Wait, just to be clear, are
Wait, just to be clear, are people actually getting pages loaded and displayed, because the client you've provided seems to run fine, but the URL's are all timing out, and not loading...
Yes, works fine for me.
Yes, works fine for me.
Okay, are a lot of people
Okay, are a lot of people experiencing my problem, because it was working fine before, but now it's just not loading anything.... Normal surface URL's like google.com, and duckduckgo.com work fine, its just dark net pages like hidden wiki, for example aren't working...
If you can reach
If you can reach http://duskgytldkxiuqc6.onion/ then I blame your other hidden services.
If you can't, then your Tor client is likely suffering pretty badly from the network overload.
Hey, I tried to access a lot
Hey,
I tried to access a lot of hidden services for 2 days now and none of it except for TorDir and (sometimes) TheHiddenWiki worked. ANY other service was down or taking too long to respond.
What happened to the deepweb?
Is it all related to the raid at FH or to the botnet?
Even torproject.org (The .onion adress) threw out a timeout.
I upgraded to the 0.2.4 beta today it doesnt change anything except for lots of connections to clients1.google.com as described by someone above.
What is your plan to fix all this?
A lot of the deepweb is
A lot of the deepweb is migrating over to i2p...
Really? Great! I wish them
Really? Great! I wish them luck.
Quote: "Tor can be pressured
Quote: "Tor can be pressured by TLAs to either provide back doors or lose its 501c status (from the grapevine, this appears to be sufficiently common that I am surprised by the implication that Tor has not yet experienced it)."
Can you cite any examples (from the grapevine or not)? This is the first that I've
heard of IRS using 501c3 status to try to force NSA/FBI back doors into software.
(There have been other scandals with IRS and 501c3s but not this one.)
I have tried the latest
I have tried the latest stable, the previous, the latest alpha and the beta releases of TBB on xp and every single one connects to TOR but will not, i repeat WILL NOT launch the tor browser (firefox) at all. I can get it to take up all my cpu without actually displaying itself, and I can launch it myself to be greeted with a refusing proxy connections message for every site........WTF am i supposed to do???!! please someone help....
If I were in your boat I'd
If I were in your boat I'd try booting Tails from a USB key.
For the past few days, I've
For the past few days, I've been experiencing many timeouts on .onion sites as well as for most other sites. Is this is due to the recent (ongoing) overload/botnet issue? I've seen very high and extended time % CPU use which is troubling. I suppose this could be the https Everywhere bug mentioned above, I don't know. I've also had to frequently stop and shut down then restart rather than simply use a new identity just to get a few pages to load consecutively.
A few observations.
I've noticed "Sorry you are not using TOR" much more frequently from check.torproject.
When I run Tails (tails-i386-0.20), I don't seem to have the problem. Tails runs much faster overall than the TBB now runs. My TBB is 64 bit linux.
I have noticed that CPU use is 60% to nearly 80% over all cores (100% of some) during the entire time of the attempt to connect which lasts for a few minutes (I haven't timed it). The duckduckgo 3g2upl4pq6kufc4m.onion site routinely almost always times out. Overheating has become an issue on warm days.
TBB version: tor-browser-gnu-linux-x86_64-2.4.17-beta-1-dev-en-US
I first had the problem with the earlier stable: tor-browser-gnu-linux-x86_64-2.3.25-11-dev-en-US
which is why I switched to the beta.
Any clues on the high CPU %? I don't know if this is the https Everywhere bug mentioned above, but the problem is intermittent and I cannot reliably reproduce it.
In this Vidalia (0.0.21), I no longer see any "connect" lines drawn on the map. Not that that's troubling.
And finally, is this the proper area to make a post such as this?
Thanks.
For the last question: the
For the last question: the tor-talk mailing list is probably the better place. This blog just happens to get noticed by me every so often.
"On September 9th, 2013 arma
"On September 9th, 2013 arma said:
Yeah, don't use the 'edit torrc' option from inside Vidalia. The future (TBB 3.x) has no more Vidalia:
https://blog.torproject.org/category/tags/tbb-30"
has no more Vidalia .....Great decision...........
Cant wait -Youand all others,too?-for now 'not visible' circuits like
US-US-US,CA-US-CA,US-SW-CA,etc.
cheers
You're welcome to maintain
You're welcome to maintain Vidalia and hook it up to your TBB 3.x. We don't have the people for that.
How can you do that, just
How can you do that, just launch a newer TBB and then launch an old Vidalia program from an old TBB release?
Yes, correct. You'll want to
Yes, correct. You'll want to set a control password on the Tor that the new TBB launches, and then tell Vidalia that control password. And you'll want to get the control port number correct. Eventually we'll probably end up with a FAQ entry describing how to do it. Maybe somebody here will write it? :)
Fairly new to TOR. I tried
Fairly new to TOR. I tried both tor-browser-gnu-linux-i686-2.4.17-beta-1-dev-en-US.tar.gz on one machine and tor-browser-gnu-linux-x86_64-2.4.17-beta-1-dev-en-US.tar.gz on another machine. Browsing sites other than hidden .onion sites became extremely slow after a while. Not sure if it was related to Tor itself or the browser but I believe it is the browser. Creating hidden services with Vidalia worked fine. However, I did have to comment out the line server_type = 5 in my torsocks.conf which worked with 2.3.25-12. If someone has any tests they would like me to perform, I would be happy to do so. Ultimately, I had to revert to 2.3.25-12 for a usable Tor experiences.
I hope that was due to the
I hope that was due to the https-everywhere bug. Once that's fixed, please try again!
More info on Ticket 9713: It
More info on Ticket 9713:
It looks like Google might be causing the constant connections to clients1.google.com through a redirect from their OCSP url. Their certificates list
http://clients1.google.com/ocsp
as the OCSP url, but accessing that redirects you to
https://clients1.google.com/
The correct URL for OCSP requires a trailing slash, but that isn't what's listed in their SSL certificates.
Anyone have a contact point at Google?
For reference, this was
For reference, this was https://trac.torproject.org/projects/tor/ticket/9713
Why the hell would an
Why the hell would an anonymity software connect to google, or have to do anything with google! sounds like an oxymoron to me!
If it's about the safe surfing issue you could just add AdBlock Plus with the malware list https://easylist-downloads.adblockplus.org/malwaredomains_full.txt
That's why we had such
That's why we had such difficulty reproducing it -- we didn't try connecting to Google over Tor in the way these users did.
And no, it wasn't about safe surfing. It was a bug in the (development version of the) https everywhere extension that made it loop while querying google.
Tor 0.2.4.17 RC does not
Tor 0.2.4.17 RC does not works in WIndows 2000.
I guess that's a step above
I guess that's a step above Win 98 but not much above?
It's likely that you're going to have to sort out what the issue is, and then produce a fix, if you want it fixed anytime soon.
Windows 2000 based on NT
Windows 2000 based on NT architecture, unlike 95/98/ME, so actually it is not much below Windows XP. ;)
Now, back to the issue at hand..
Steps to reproduce:
1. Extract tor.exe with 7zip from expert bundle.
2. Run it on Windows 2000 (I used Windows 2000 SP 4 Rollup 1).
3. Tor does not starts, there is error message "Точка входа в процедуру _vscprintf не найдена в библиотека DLL msvcrt.dll" [it is text in Russian], basically it says that entry point to procedure _vscprintf cannot be found in DLL library msvcrt.dll
I have no problems running latest stable Tor (0.2.3.25)
Give the latest development
Give the latest development version of TBB 3.x a try?
https://trac.torproject.org/projects/tor/ticket/9084#comment:36
Same problem.
Same problem.
Yeah, don't use the 'edit
Yeah, don't use the 'edit torrc' option from inside Vidalia. The future (TBB 3.x) has no more Vidalia:
https://blog.torproject.org/category/tags/tbb-30