Tor Browser 3.5.3 is released

The 3.5.3 stable release of the Tor Browser Bundle is now available on the Download page. You can also download the bundles directly from the distribution directory.

This release also includes important security updates to Firefox.

As a reminder, this is the stable series of the Tor Browser Bundle. It does not include the Pluggable Transport support mentioned in the 3.6 release post, and in this release MacOS archives are still in zip format. If you would like those features, we encourage you to use 3.6-beta-1 instead, and report any issues you encounter.

Here is the complete changelog for 3.5.3:

  • All Platforms
    • Update Firefox to 24.4.0esr
    • Update Torbutton to 1.6.7.0:
      • Bug 9901: Fix browser freeze due to content type sniffing
      • Bug 10611: Add Swedish (sv) to extra locales to update
    • Update NoScript to 2.6.8.17
    • Update Tor to 0.2.4.21
    • Bug 10237: Disable the media cache to prevent disk leaks for videos
    • Bug 10703: Force the default charset to avoid locale fingerprinting
    • Bug 10104: Update gitian to fix LXC build issues (for non-KVM/VT builders)
  • Linux:
    • Bug 9353: Fix keyboard input on Ubuntu 13.10
    • Bug 9896: Provide debug symbols for Tor Browser binary
    • Bug 10472: Pass arguments to the browser from Linux startup script

A list of frequently encountered known issues with the Tor Browser can be found on our bugtracker. Please check that list and help us diagnose and arrive at solutions for those issues before contacting support.

Tags
tor browser bundle
tor browser
tbb
tbb-3.5
Anonymous

Anonymous (not verified) said:

March 29, 2014

Permalink

Hello,

Just installed the latest version of Tor Browser version 3.5.3 and looking at Firefox Addons found two addons that sound interesting. I am not sure if I need them with Tor so any input is appreciated

RequestPolicy: Block images not from site you are on ( advanced privacy ) addons . mozilla . org/en-US/firefox/addon/requestpolicy/

RefControl: Customize or block referrers per site
addons . mozilla . org/en-US/firefox/addon/refcontrol/

Noscript is the only addon I am using, but I did change the value in about:config from https://secure.informaction.com/ipecho/ to http://127.0.0.1/

Thanks

Anonymous

Anonymous (not verified) said:

March 29, 2014

Permalink

Is adding more bridges adds more anonymity to my Tor session, or not?
By the way thank you for changing the captchas in the bridges page on bridges.torproject.org

Adding more bridges probably hurts your anonymity if anything. The more bridges you have, the greater the chances that one of the bridges is observable by your adversary. The ideal case would be to use one very safe (i.e. well located with respect to your location and the parts of the Internet your adversary can see, and also not operated by your adversary) and very stable bridge. The tradeoff of course is that maybe you don't have one.

This question is very related to the question of how many guards you should have:
https://blog.torproject.org/blog/improving-tors-anonymity-changing-guar…

If you click the warning you'll see that the certificate belongs to DuckDuckGo, verifying the connection's security and not the opposite: the server does belong to DDG and so does the ceritificate.

Copy and paste https://3g2upl4pq6kufc4m.onion and maybe you'll get the same message?

This is the message I get when trying https. I have tried a few times and the result was the same. I have tried many other https sites and all were fine except this site.

MESSAGE------------------------------------------------------------------------------

This Connection is Untrusted

You have asked TorBrowser to connect securely to 3g2upl4pq6kufc4m.onion, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

Anonymous

Anonymous (not verified) said:

March 30, 2014

Permalink

Win 7 64
Fresh clean install of Tor bundle 3 5 3 (tried multiple times)
Message from Tor:
Congratulations!
This browser is configured to use Tor.
Test Tor Network Settings
HOWEVER, this browser is out of date.
Click on the onion and then choose Download Tor Browser Bundle Update.

Umm I am not out of date as I've downloaded and installed the latest bundle.
Any fix to this?

Anonymous

Anonymous (not verified) said:

April 01, 2014

Permalink

Please make add-on updates disabled by default in clean TBB installs. I made clean install and as soon as I launched TBB it connected to Tor and updated HTTPS-Everywhere to version 3.4.5 even before I managed to open add-ons and disable automatic updates.

It is known danger that exit nodes can supply tampered add-ons. Even HTTPS is not a solution because powerful enemies can have target server private keys. Lavabit is example how they request SSL key copies.

Disabling automatic updates in TBB leads to a huge amount of users never updating their extensions which is bad. That said you should not have encountered the problem you describe in the first place as we a) ship TBBs with the latest extensions installed. Thus, if you update your old TBB in a timely fashion everything should be fine. And b) HTTPS-Everywhere is already shipped in version 3.4.5 since TBB 3.5.1.

Probably better solutions to add-on auto updates a) When updating TBB make installer install latest add-ons
b) encourage users to make clean installs (with backing up and later restoring bookmarks) as I do.

Updating TBB by writing over older versions can lead to various unexpected problems in addition to easier browser fingerprinting (various custom settings accumulated from previous versions that cold distinguish from clean install of latest TBB).

Anonymous

Anonymous (not verified) said:

April 02, 2014

Permalink

I can't see the saved cookies in Browser.
How can i change this odd Browser behaviour??

extensions.torbutton.cookie_protections;false
extensions.torbutton.dual_cookie_jars;false
doesn't help.

Anonymous

Anonymous (not verified) said:

April 04, 2014

Permalink

On all tor 3.5 versions, if choose option "use hardware acceleration", tor crushes (exit with error message) at next restart. Such behavior is detected on windows 7/8.

I suspect that the video driver is bad. Install best driver from video card manufacturer website and see what happens. If the crush (lol!) still exists then come back here.

Anonymous

Anonymous (not verified) said:

April 04, 2014

Permalink

noscript.global;true
pdfjs.disabled;false

Looks like you have a rat. Would you please track it down?

Anonymous

Anonymous (not verified) said:

April 05, 2014

Permalink

Hi, I'm getting:

gpg: Signature made Wed 19 Mar 17:25:31 2014 GMT using RSA key ID 63FEE659
gpg: BAD signature from "Erinn Clark "

for the Mac version

Anonymous

Anonymous (not verified) said:

April 08, 2014

Permalink

no return to connect screen after hitting "open settings" button at start.

i miss the message log from vidalia control panel. it was very helpful if u ve a very slow inet connection.

Anonymous

Anonymous (not verified) said:

April 08, 2014

Permalink

I just installed TBB 3.5.3 on a WIn 7 box by clicking on the downloaded file. However, the installer (1) didn't place anything in the START menu; (2) did not make any type of shortcut on the desktop; and most importantly (3) is not listed as being "installed" in the Windows Control Panel. Is TBB 3.5.3 some sort of a stand-alone product that isn't subject to a normal installation process? If this is the case, where and what executable do I click in order to start the TBB?

Thank you.

SLG

Anonymous

Anonymous (not verified) said:

April 09, 2014

Permalink

update but still say HOWEVER, this browser is out of date.

Anonymous

Anonymous (not verified) said:

April 09, 2014

Permalink

I have two issues I frequently run into when installing TBB, as I did today on Mac OS X 10.9.2: First, TBB ignores the "normal" OS X way of installing as admin only (possibly additionally permitting them for others, too, as I was sometimes asked), but later using the applications as non-admin user, too. This doesn't work with TBB, but it forces me to install while logged in as the non-admin, who later wants to run TBB, but of course only with admin pass. Just weird.

Second: I have a local Apache webserver at
http://127.0.0.1/some-symlink-directory/
which serves for local development, and it is defined as homepage in all my browsers, but every new TBB refuses to connect.

Anonymous

Anonymous (not verified) said:

April 11, 2014

Permalink

Hi dear Tor Team, You're SO great. Thank You, I mean it.

I would want to run two instances of Tor in the same system at the same time, because: I got running some music online flash sound site under Tor in my Linux Mint, but of course, using flash is only good for visual content and so mostly for video and or audio sites, and flash has "low security" in that sense, that in can betray one's IP adress. I would want to run another instance of Tor, where I blog. I already realized, that Tor starts slowly to maybe not at all, if the with mostly "US" ending directory, to which Tor is extracted under Linux, is renamed to anything else. But, the directory can be anywhere. So, I put the "Tor2", as I call it, by desktop link merely, into another directory, and if Tor1 from my normal Tor directory is not running, all is well, Tor2 works, and I can have two (or nor so many) sets of "profiles", so to speak, simply by cloning the first normal directory, copying it, into other directories, and always running, which as of now is only so possible, always only running ONE instance at a time. Because: I tried it out just before. It said, "Tor exited in an abnormal fashion", and it EVEN disturbed fundamentally the running Tor(2, as I call it) sound session with that flash site. Though, that the sound, the next playlist item running, on that flash sound site, did not ensue, can be another reason also, since it just now again stopped. Under Tor, okay, I do take some, well, A LOT of respect to Tor, AND I do hope, that loading youtube vids over Tor does not disturb the Tor servers, by the way, since that soundsite is accessing youtube vids, but of course, by going on that other site, I don't have to go directly on youtube. But, also a bug on that other site, which loads no playlist items anymore after any error occured like "not allowed in your country" (not funny I hate it as we all do!) is displayed, so I'll have to bug the maker of that sound site. What I would find great, is, if we could run at least two sessions, instances of Tor, at the same time, and those two Tor sessions being able to have fully different settings, different activated, installed plugins and all settings. Would be GREAT. Also, do tell people if the Tor Team does not wish people, Tor surfers, to use Tor for youtube-videos accessed by non-youtube sites, since the traffic amount stays the same. I'd say, there are at least 1000 Tor servers worldwide, and Tor MUST announce it BIGTIME on the FIRST upper part of their website, if people should not overload the Tor servers by accessing youtube or other video sites. Thank You, Tor Team, like Assange, we who are for him and You too in a different, technical way, we are the good Ones. Skol. Cheers.