New Tor Browser Bundles

The Tor Browser Bundles have been updated with a bunch of new software: Tor 0.2.2.37, Vidalia 0.2.19, and we have switched to using Firefox's long-term stable release (10.0.5esr).

https://www.torproject.org/download

Tor Browser Bundle (2.2.37-1)

  • Update Tor to 0.2.2.37
  • Switch Firefox to 10.0.5esr, since we will be tracking the extended stable releases for TBB stable versions
  • Update Vidalia to 0.2.19
  • Update Torbutton to 1.4.6
  • Update NoScript to 2.4.4

Yes I had that problem with Centos: vidalia starts but browser never does. At the same time I had a : Qt error which complained about authentication failure. Today I tried ubuntu (10.04 LTS) and the Qt error is:"Qt: Session management error: None of the authentication protocols specified are supported". But low and behold the browser is up. I am using it right now.
The new L

I found using google this to be a known problem Tickets 5465 5261. I should have found these within torproject.org. How?

Basically the problem normally is harmless, if it doesnt stop the browser, that is. But it indicates Vidalia is trying to make a connections that it shouldnt.

The new L

I have mostly used Knoppix 6.2 (based on Debian) and never seen this problem. Perhaps that is what I should be worried about. Under Knoppix Vidalia succeeds making its unwanted connections. And does what?

Ticket 5261 is the most recent piece of information when I search the "Qt: Session management error" in Wiki Milestones and Tickets and rrandom says:

"It would be very bad if any part of TBB actually succeeded in talking to an X session manager. Can TBB-Vidalia ever connect to a session manager? Can TBB-Firefox ever connect to a session manager?"

The answer to these questions is found in Ticket 5465. Mainly:
It appears that Vidalia/Qt attempts to connect to a session manager iff the SESSION_MANAGER environment variable is set. RelativeLink.sh should unset that variable.

(Hopefully unsetting that variable will also keep Firefox from trying to talk to a session manager.)

It appears that Vidalia/Qt will be unable to connect to the session manager even if it attempts to, because the user's $HOME/.ICEauthority file is not present in the TBB directory. The GNOME 2 session manager did not log a message in $HOME/.xsession-errors when Vidalia failed to connect to it; hopefully other session managers won't log authentication errors either, but we shouldn't count on that.

I have a similar problem.

I start Tor fine using the browser bundle, but immediately a message pops up saying "Your firefox profile is missing or inaccessible". If I click the 'okay' button, the torbutton closes, and my connection is cut. I'm running tor in my school, and for this reason I can't connect firefox to an alternate web router. I can't find anyone else who shares this problem.

I was able to run Tor from a different computer on the school's network this past week, so maybe this is fixed, but I severely doubt it. Do you know what I could try?

Anonymous from Syria
issues with Tor Browser Bundle for 64-Bit Mac
Version 2.2.37-1 - OS X (64-Bit)
couldn't establish any connecting it is said that (connecting to relay directory) and stay in that status I re install 2.2.36 instead is there is any solution

I'm sorry I can't start TBB, it always keep"connecting to a relay directory".

Anonymous Kitten
Can anyone help me, I just got ubuntu latest 12.04 LTS and cannot get Tor project to run at all, I get this error after I extract and click on Start Tor . exe
---
Tor Browser Bundle
Vidalia exited abnormally. Exit code: 127.
----

What does this mean? These instructions don't help me https://media.torproject.org/video/torbrowser-docs/How-to-download-and-…

How can I get Tor? I'm kinda new to linux, so please give me noob instructions... :S

1. Go to Tors official homepage: https://www.torproject.org/
2. Click on the big purple "Download Tor" button
3. Scroll down to "Tor Browser Bundle for Linux"
4. Click the orange download button there, and save the file to somewhere you will find it later

5. Open your home folder and browse to where you saved the file: "tor-browser-gnu-linux-i686-2.2.37-1-dev-en-US.tar.gz"
6. Extract the file by right clicking it and choosing "Extract here"
7. Go into the extracted folder and double click on "start-tor-browser"
8. Select "Run" in the dialog that pops up

If it still doesn't work, ask for help again.

Well you can as next step:
Copy your computers Error message into a Search at tor or Google. Very likely somebody has posted a bit of info on the problem.

This is where i am. I've done all the things you written but firefox never starts.
And if i open it the regular way its not going thru Tor.

What to do?

clicking new identity causes tor browser to disappear than reappear Is this normal? I know just a few versions ago it used to always close any open tabs but the window did not behave like this

I have also noticed and wondered about this obvious change from previous versions of TBB.

Hello, i use win7 and vidalia keeps crashing when it tries to connect to tor, i have searched the net and tried several solutions, seems like the vidalia configfile is something wrong with, i tried moving it and it did'nt crash as fast as before, but it hangs(freezes so i cant even check the info lines on whats wrong) , i can start tor manually and i makes the bootstraps and cicuits, but i cant connect via tor anyhow i configure my firefox and torbutton.

one common cause for crashing is kaspersky

can you tor guys please open a forum this week before sunday 24th June at noon?

look at how confusing all this discussing on a blog is.

please open a forum

the "privacy" or security of the forum doesn't matter.. let people post anonymously (without having to register a user) and just have the posts be moderated (just like on this blog) so a mod has to approve it before it appears on the forum. most people using the forum will be using tor anyway so the privacy is protected. you can even put a big warning message on the forum that says: "only post to this forum using tor bundle. if you don't, we can't guarantee your privacy"

it's so simple. please do it. phpBB is a good choice.

See https://trac.torproject.org/projects/tor/ticket/3592.

The blog is for comments, not support.

I also wish there were a forum and am baffled that there isn't.

But what of is the significance of,
"this week before sunday 24th June at noon?"

What is it about that date in particular?

If I have understood the situation correctly, the security problems isn't for the users privacy, but the fact that servers running phpBB (and similar forum software) is easily and often hacked. Hacking a server running on the torproject.org domain puts all of the Tor projects infrastructure at risk, and even if the forum is running on a completely other network, the hacker will try to distribute virus through the forum by using known exploits on web browsers.

I may be wrong though.

Can a tor dev please confirm this? is it true that having a forum on the torproject.org domain puts the entire site at risk for hackers and virus?

if so, why not create forum on another domain and server? like torprojectforum.org - then link to that site from torproject.org .the forum would be on a completely separate server and domain. good idea right?

I agree. I was surprised to find out that the tor project has no official forums. it's sometimes discussed on linux forums but there's no real interaction with any of the tor devs as far as i know on any forum.

wake up tor! make us a forum!

We're awake. We've known about the forum idea for a year or so now. Over the past year, we've been having growing pains from taking on many new projects and scaling up the number of developers. So we've been hesitant to stretch ourselves even thinner.

We're getting ourselves into a position where we can run it safely (both from our perspective and our users' perspective) and usefully.

I just added https://www.torproject.org/docs/faq#Forum to make it clearer.

And yet, you not only offer one-to-one support via email but even via TELEPHONE (!).

I can't be the only one to wonder how you can find this cost-effective.

As linked in this thread already, please read the trac ticket. 99% of the tor devs use email as their primary means of interaction. We've had attempts at web forums in the past and they go no where because it's filled with people who are not tor devs.

You can see the entire span of opinions in the trac ticket. There is no plan for tor to host a general web forum.

There is a plan to host a Q&A style forum so people can find their answers via web than on our faqs and mailing lists.

"There is no plan for tor to host a general web forum."

That sounds quite different from the statement,
"We're getting ourselves into a position where we can run it safely", said by arma in the previous post.

"There is a plan to host a Q&A style forum"

What, exactly, is the difference?

I don't think any of the many posters here asking for a forum mean one for general chit-chat or anything other than support for any of the products put out by the Tor Project.

"our faqs and mailing lists."

Why not at least link to these prominently on the home page of the blog, with a note that the blog is not for support?

Hi, the page at
https://www.torproject.org/docs/verifying-signatures.html.en
does not make clear the proper, full command for verifying the signature using GNU/Linux, which I am nearly certain is as follows:

gpg --verify tor-browser-gnu-linux-i686-2.2.37-1-dev-en-US.tar.gz.asc tor-browser-gnu-linux-i686-2.2.37-1-dev-en-US.tar.gz

Specifically, you do not make it clear that the name of the tar.gz file must follow the the name of the .asc file, as shown above.

khled.8@hotmai.com

June 21, 2012

In reply to by Anonymous (not verified)

Permalink

You do not need to specify the tar.gz file at all, it's filename is in the signature.

Huh?

What good is verifying only the signature but not the TBB file itself?

The tar.gz validates if the tar.gz.asc validates. The .asc is computed based on the .tar.gz. There is no need to check the .tar.gz if the .tar.gz.asc validates.

I stand corrected.

(Note that both files must be in the same directory when verifying.)

What threw me off is the verification methods for TAILS as well as Ubuntu, both of which include an additional file name in the command.

TAILS:
https://tails.boum.org/download/index.en.html#index3h1

gpg --verify tails-i386-0.12.iso.pgp tails-i386-0.12.iso

Ubuntu:
https://help.ubuntu.com/community/VerifyIsoHowto

The ISOs are not themselves signed. Rather, each TXT checksum file comes with a corresponding signature file that ends in ".gpg", and the instructions are to verify the TXT file with the command:

gpg --verify MD5SUMS.gpg MD5SUMS

I wonder why Ubuntu does it that way and not with the more direct that Tor Project and TAILS use.

This website will check if your ip address is leaking through flash and java, or your dns is leaking through java.

http://aboutyourip.info/

so far tor doesn't seem to leak any ip addresses even when i have flash and java turned on.

let me know if your tor is leaking?

I think you mean *JavaScript* and not "java".

The latest TBB will not launch the browser for me, after Vidalia starting up.
I'm running freebsd on x86.
There's no errors on startup or Vidalia debug-log, maybe a bug with the browser? Here is the output when i try to launch firefox from within the App dir.:

./firefox-bin
XPCOMGlueLoad error for file /yard/tor-browser_en-US/App/Firefox/libxpcom.so:
libxul.so: cannot open shared object file: No such file or directory
Couldn't load XPCOM.

Both the .so files are very much present and carry the same perms as all others.
Anyone see the same problem as i am? Any help would be much appreciated.

I just had this exact same problem in x86_64 linux and was scratching my head for awhile about it. And then I noticed I was using the x86 bundle, not the x86_64 one. I downloaded the one for my correct architecture and it totally works. Hope this helps.

This whole discussion about firefox, Javascript and what else? has me saddened so much :

It's been justly reminded that the Torproject has limited resources. I wish they concentrated again on Tor itself - the network protocols, client and server software - and less (not at all, indeed) on the browser - which is none of their business IMHO.

Provide a robust Tor, do provide help and advice for client software configuration (including but not-limited-to : browsers) but PLEASE stop losing time and energy with Torbrowser and nonsensical bundles. Back to fundamentals !

thanks

--
N

It is not possible to configure any browser to be secure through Tor, that's why they provide the Tor Browser, a patched version of Firefox. Especially people without advanced technical knowledge is also in need of Tor, and because of their incompetence they would run faulty/dangerous configuration if they had to reconfigure their software themselves, a problem that Tor Browser solves.

We could do that. But then our advice would be "do not use Tor with browsers". That advice doesn't sound fun (or likely to be followed).

We started the application-level scrubbing work when we realized that basically all our users were using browsers unsafely.

As a professional programmer, I know enough to know that computer security is almost a separate field. Thanks for providing the browser bundle so that at least that can be done with reasonable safety.

BTW, I just patched the start-tor-browser script to unset SESSION_MANAGER and the startup message disappeared with no other apparent effects.

Hello
I am new to Tor , and I just downloaded the Tor Browser from this site
When I first installed it, it worked what seemed like ok < I guess

a new browser opened in Firefox every time I opened it, and said WELCOME TO TOR
or something like that

Now that never happens anymore
the VIDALIA CONTROL PANEL OPENS

but thats all
no browser opens in firefox

What could I be doing wrong?
I tried to uninstall but I cannot even find the program in my installed programs list
its not Vidalia, its not Tor Browser I have no idea what to do at this point

Do you have the Qt error? Search for Qt in these comments in that case.

You said nothing about your platform, not even the operating system. But you could:

To find the "tor installation" search for a directory tor-browser-*. Just delete it and I believe its all gone. But before uninstalling. Try to run, from that same directory:
start-tor-browser
again and see if there is a Qt error.
If so you have a known bug. I found it in Centos and got no browser. In ubuntu also, but there I have a browser. it seems not to exist in Debian.

Hello I just downloaded Tor from this site

when I first installed it, the Vidalia CONTROL PANEL opened and a new browser window opened in Firefox

Now all that happens is the Control panel opens
no firefox browsing window. so I really cannot even browse

What might be the problem?

"PLEASE stop losing time and energy with Torbrowser and nonsensical bundles"

So, I take it you are of the opinion that anyone for whom configuring Tor/Vidalia manually presents too much of a challenge, is someone who has no business using Tor in the first place?

Because the TBB enables many people to use Tor with at least some degree of relative safety that would be unrealistic -- if not impossible-- for them to achieve without TBB.

Since I've been using this release of TBB, it seems like I've been getting the following IP (or at least a very similar one) more often than not:

31.172.30.1

Is this cause for suspicion?

Same question here. Additionally, I just clicked through "new identity" three times and got the SAME IP.

Anyone who knows what they're talking about want to comment? Thanks!

Getting that IP on *startup*, I meant to say.

Yes,

I agree: Keep up your good work with the Tor Browser. It is part and parcel of what you do. It is certainly not @none of their business'.

Thanks for all the work that has gone into Tor.