New release: Tor

There's a new alpha release available for download. If you build Tor from source, you can download the source code for from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release by mid-December.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Tor includes numerous bugfixes on earlier versions and improves our continuous integration support. It continues our attempts to stabilize this alpha branch and build it into a foundation for an acceptable long-term-support release.

Changes in version - 2018-11-08

  • Major bugfixes (compilation, rust):
    • Rust tests can now build and run successfully with the --enable-fragile-hardening option enabled. Doing this currently requires the rust beta channel; it will be possible with stable rust once Rust version 1.31 is released. Patch from Alex Crichton. Fixes bugs 27272, 27273, and 27274. Bugfix on
  • Major bugfixes (embedding, main loop):
    • When DisableNetwork becomes set, actually disable periodic events that are already enabled. (Previously, we would refrain from enabling new ones, but we would leave the old ones turned on.) Fixes bug 28348; bugfix on


  • Minor features (continuous integration):
    • Add a Travis CI build for --enable-nss on Linux gcc. Closes ticket 27751.
    • Add new CI job to Travis configuration to run stem-based integration tests. Closes ticket 27913.
  • Minor features (Windows, continuous integration):
    • Build tor on Windows Server 2012 R2 and Windows Server 2016 using Appveyor's CI. Closes ticket 28318.
  • Minor bugfixes (C correctness, also in
    • Avoid undefined behavior in an end-of-string check when parsing the BEGIN line in a directory object. Fixes bug 28202; bugfix on
  • Minor bugfixes (compilation):
    • Fix a pair of missing headers on OpenBSD. Fixes bug 28303; bugfix on Patch from Kris Katterjohn.
  • Minor bugfixes (compilation, OpenSolaris):
    • Fix compilation on OpenSolaris and its descendants by adding a missing include to compat_pthreads.c. Fixes bug 27963; bugfix on
  • Minor bugfixes (configuration):
    • Refuse to start with relative file paths and RunAsDaemon set (regression from the fix for bug 22731). Fixes bug 28298; bugfix on
  • Minor bugfixes (directory authority, also in
    • Log additional info when we get a relay that shares an ed25519 ID with a different relay, instead of a BUG() warning with a backtrace. Fixes bug 27800; bugfix on
  • Minor bugfixes (onion service v3):
    • Build the service descriptor's signing key certificate before uploading, so we always have a fresh one: leaving no chances for it to expire service side. Fixes bug 27838; bugfix on
  • Minor bugfixes (onion service v3, client authorization):
    • Fix an assert() when adding a client authorization for the first time and then sending a HUP signal to the service. Before that, Tor would stop abruptly. Fixes bug 27995; bugfix on
  • Minor bugfixes (onion services):
    • Unless we have explicitly set HiddenServiceVersion, detect the onion service version and then look for invalid options. Previously, we did the reverse, but that broke existing configs which were pointed to a v2 service and had options like HiddenServiceAuthorizeClient set. Fixes bug 28127; bugfix on Patch by Neel Chauhan.
  • Minor bugfixes (portability):
    • Make the OPE code (which is used for v3 onion services) run correctly on big-endian platforms. Fixes bug 28115; bugfix on
  • Minor bugfixes (protover, rust):
    • Reject extra commas in version strings. Fixes bug 27197; bugfix on
  • Minor bugfixes (relay shutdown, systemd):
    • Notify systemd of ShutdownWaitLength so it can be set to longer than systemd's TimeoutStopSec. In Tor's systemd service file, set TimeoutSec to 60 seconds to allow Tor some time to shut down. Fixes bug 28113; bugfix on
  • Minor bugfixes (rust, also in
    • Fix a potential null dereference in protover_all_supported(). Add a test for it. Fixes bug 27804; bugfix on
    • Return a string that can be safely freed by C code, not one created by the rust allocator, in protover_all_supported(). Fixes bug 27740; bugfix on
  • Minor bugfixes (rust, directory authority, also in
    • Fix an API mismatch in the rust implementation of protover_compute_vote(). This bug could have caused crashes on any directory authorities running Tor with Rust (which we do not yet recommend). Fixes bug 27741; bugfix on
  • Minor bugfixes (testing):
    • Avoid hangs and race conditions in Fixes bug 27968; bugfix on
  • Minor bugfixes (testing, also in
    • Treat backtrace test failures as expected on BSD-derived systems (NetBSD, OpenBSD, and macOS/Darwin) until we solve bug 17808. (FreeBSD failures have been treated as expected since 18204 in 0.2.8.) Fixes bug 27948; bugfix on
  • Documentation (onion service manpage):
    • Improve HSv3 client authorization by making some options more explicit and detailed. Closes ticket 28026. Patch by Mike Tigas.

As I see, they discriminate their own noise traffic from their own target traffic, because both of these types of traffic have to pass through their proxy (after leaving exit node). They used this setup because of privacy issues. They cannot force all exit node traffic pass through their discriminating proxy.

This feature made it easier to discriminate target traffic. It made their distinguisher produce lower false positive and lower false negative rates. It is still good research and very dangerous attack, but I doubt that in real world scenario their probabilities will be as high as they claim.

Do you have another opinion? Use of different AS in path selection, as they propose it, may be a good point.

fake name

November 16, 2018


Is their any simple way to install alpha versions of tor (as a system service) in stable Debian? I use Tor's repository, but that gives me only last stable Tor version ( at this moment). Do I have to go through all the troubles with Debian's backports to get

Join the discussion...

We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the post moderator. Please do not comment as a way to receive support or report bugs on a post unrelated to a release. If you are looking for support, please see our support portal or ways to get in touch with us.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

3 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.