New Tor Browser Bundles

The Tor Browser Bundles have been updated with a bunch of new software: Tor 0.2.2.37, Vidalia 0.2.19, and we have switched to using Firefox's long-term stable release (10.0.5esr).

https://www.torproject.org/download

Tor Browser Bundle (2.2.37-1)

  • Update Tor to 0.2.2.37
  • Switch Firefox to 10.0.5esr, since we will be tracking the extended stable releases for TBB stable versions
  • Update Vidalia to 0.2.19
  • Update Torbutton to 1.4.6
  • Update NoScript to 2.4.4
Anonymous

June 22, 2012

Permalink

Tor is not working on the latest Vidalia bundle for Mac PPC. Getting this error:

"Vidalia was unable to start the configured proxy server."

Polipo appears to be missing from the package.

Please fix!

Anonymous

June 22, 2012

Permalink

Until this Version 2.2.37-1, I have had no problems using the Vidalia Bundle for Mac PowerPC. Today, I downloaded the latest stable version and I get an error message, "Vidalia was unable to start the configured proxy server." Polipo appears to be missing from the bundle.

Please check.

Anonymous

June 23, 2012

Permalink

The URL http://aboutyourip.info/ mentioned above is in russian!!! I do not understand russian. Is there a url for the english version?

What I would like to know is if there is a site which publishes a list all firefox add-ons which are dangerous when added to the TBB.

Thank you.

Anonymous

June 23, 2012

Permalink

For the last few days, everytime I have checked via the Traceroute of ip-check.info, the first and second IPs connected to have ALWAYS been the same.

This strikes me as unusual and, therefore, possibly, suspicious.

Comments please.

This is very similar to the above comment:

"Since I've been using this release of TBB, it seems like I've been getting the following IP (or at least a very similar one) more often than not:

31.172.30.1

Is this cause for suspicion?"

I hope someone in the know will reply.

#cause for suspicion?#

I would say no.Its a german hackerclub with a big line.
But they seem to have a strange filter behaviour if you use an unusual useragent

Anonymous

June 24, 2012

Permalink

about:config browser.download.manager.scanWhenDone is true.

that means someone (third) is scanning my files for virus?

Do Not Install The Proprietary Ghostery FF Addon!

Ghostery's true background (Score:3, Interesting)

"Seems like a lot of people are praising Ghostery, which leads me to believe that you haven't heard the backstory.

Evidon, which makes Ghostery, is an advertising company. They were originally named Better Advertising, Inc., but changed their name for obvious PR reasons. Despite the name change, let's be clear on one thing: their goal still is building better advertising, not protecting consumer privacy. Evidon bought Ghostery, an independent privacy tool that had a good reputation. They took a tool that was originally for watching the trackers online, something people saw as a legitimate privacy tool, and users were understandably concerned. The company said they were just using Ghostery for research. Turns out they had relationships with a bunch of ad companies and were compiling data from which sites you visited when you were using Ghostery, what trackers were on those sites, what ads they were, etc., and building a database to monetize.

When confronted about it, they made their tracking opt-in and called it GhostRank, which is how it exists today. They took an open-source type tool, bought it, turned it from something that’s actually protecting people from the ad industry, to something where the users are actually providing data to the advertisers to make it easier to track them. This is a fundamental conflict of interest.

To sum up: Ghostery makes its money from selling supposedly de-indentified user data about sites visited and ads encountered to marketers and advertisers. You get less privacy, they get more money. That's an inverse relationship. Better Advertising/Evidon continually plays up the story that people should just download Ghostery to help them hide from advertisers. Their motivation to promote it, however, isn't for better privacy; it's because they hope that you'll opt in to GhostRank and send you a bunch of information. They named their company Better Advertising for a reason: their incentive is better advertising, not better privacy."

- http://yro.slashdot.org/comments.pl?sid=2931443&cid=40412193

I have problem with Tor Browser Bundle for 64-Bit Mac and i386
Version 2.2.37-1 - OS X
couldn't establish any connecting it is said that (connecting to relay directory) and stay in that status I re install 2.2.36 instead is there is any solution I am Anonymous from Syria

For all the users who had doubts about the change to Firefox ESR:

"Firefox 'new tab' feature exposes users' secured info: Fix promised"
http://www.theregister.co.uk/2012/06/22/firefox_new_tab_security_concer…

Not working for almost 3 days
Tor failed to log in the network
"problem bootstrapping. Stuck at 10%"

tor in not working in UAE for almost 3 days

I am trying to post on a certain "typepad" blog. My posts are not appearing. I keep on clicking on "use a new identity" still it disappears. For a while everything worked. Is it possible to set up typepad to block all users who use TorBrowser?.

I am unable to use Disqus.

At Engadget and PCMag the comments will load, but I cannot login either with Disqus, Yahoo or OpenID.

At Wired.com the comments will not load at all.

Stock TBB for Windows (7) with 3rd party cookies enabled. Otherwise no change from how it downloads from the Tor site.

can anyone help me with this problem? has been happening for one day whilst it used to work fine...I can connect ot most other onion addresses.

this is what it says

Unable to connect
Firefox can't establish a connection to the server at silkroadvb5piz3r.onion.

The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that TorBrowser is permitted to access the Web.

help if possible!

Hello,

What happened to the Windows alpha Tor binary? It's 404 for a LONG time now: https://www.torproject.org/dist/win32/tor-0.2.3.15-alpha-win32.exe

Since updating to the latest Windows 7 and Linux bundles I'm continually getting time warnings and hang at 25%, sometimes 50+%. It will even connect fine for a bit then I'll lose all connections and be unable to connect again.

At other times it works great, usually early in the morning.

This is happening on two different systems that also dual boot and have the correct date/time set and tweaks applied in Windows to allow GMT/UTC. Linix has been set from command line a few times including "date 06291455 UTC".

Running "Aptosid/Debian" Sid. Update once a week or as needed. Used to use Privoxy and Tor packages without issue as well. Removed them all and started just using the bundles to ensure security and no conflicts.

All old/unused packages removed including folders and config files.

Use UFW with only a few email holes 53, 443 and 80 open. Ensured Vidalia is set for 443 and 80.

Set up a new laptop with just the Linux bundle same issues. In all cases installing the latest Iceweasel/firefox with only NoScript and Requestpolicy added and everything locked down works fine.

This has been going on for about a week. I see others noting the last 3 days.

Location is Ontario, Canada.

Bugs or OS issues? Trick for time I'm missing? ID-10-7?

TOR IS NOT WORKING TOO IN PHILLIPINES IT STUCK AT 10%

When I post a comment online using TBB especially in countries where such a comment can lead to a knock on one's door at 2 am in the morning, there is always this question in my mind: "Did any necessary connection(s) go to its destination bypassing Tor network thereby revealing my true IP?" I am an average user of TBB and I do not know how to install and use softwares like Wireshark to monitor traffic to and from my computer. I wonder if TBB should warn the user that in the background connection(s) will be established outside the Tor network with the option to proceed or not.

Also, I am sure many TBB users add more add-ons to the ones TBB is shipped with. Can a very experienced user of TBB suggest which ones can further enhance one's anonymity and privacy. Thank you.

If you want to keep your anonymity and privacy, don't install or remove any add-ons. Just adding an add-on makes fingerprinting easier and reduces your anonymity set. Adding more add-ons is NOT recommended.

As long as you are running/using the latest version of TBB, you can feel fairly confident that all connections are made through Tor in all cases. There are other users that knows software like Wireshark and Tor internals that tests TBB heavily for just this kind of leaks, and they are treated very seriously.

I have some stupid newbie problems with extracting Tor Browser Bundle on Ubuntu. I used to use Tor on XP, but since Roger says that it's not secure to run Tor on proprietary OS, I switched to Ubuntu. So, when I click "start Tor browser", Vidalia isn't running - I just have text document. Ubuntu is 32-bit, not 64-bit, so I don't know where is the problem. I've watched video tutorial, but it didn't help, because there is an option there when you can choose among "display its contents" (Or something like that), and just "run it", but I don't have such option, it is only opened as a text document. Sorry for stupid questions, I'm very new to Ubuntu and I'm not a programmer.

*And sorry for off-topic

Sounds like Nautilus (Ubuntu's native file manager) is set to automatically *display*-- and not *run* -- executable files.

Open Nautilus (which you can do by simply opening your home folder or going to "places" > "computer"). Find "preferences" under the tabs at the top (should be under "Edit" but I can't recall with certainty and I don't have access to Nautilus at the moment). Then look for and select the option of always asking whether to run or display executable files.

I have downloaded the Torbrowser, and although it seems to work just fine, my problem is that i had no idea that it would make Mozilla Firefox and Internet Explorer completely unusable. I know that all the BS on the site says using other browsers is not recommended, but doesn't seem to say "will not work". Both Mozilla and IE say they cannot connect to internet. I want to know either how to fix this (what setting did Tor change that screwed up my other browsers?) or i need to know how to entirely rid myself of this tor headache!

what are your proxy/internet settings in firefox? If they're configured wrong, it won't connect.

Since this version, every time TBB starts, IP is 31.172.30.1 or very similar.

What gives?

31.172.30.1 is chaoscomputerclub in DE (Germany), a country infamous for seizing Tor servers and home of JAP (which comes with in-built "crime detection") So, yeah, you can trust it!

A friend of mine (who is now afraid to use tor) was asking me about a possible vulnerability. He said he got a alert in his firewall saying that vidilia is trying to receive a connection from the internet on port 1032. I did not know how to answer his question (about whether it was a vulnerability in the software or something else) so i am posting it here Any help or ideals would be appreciated

Can you believe No script blocked CSS attack from Startpage's proxy? May be it was an isolated incidence. One of the proxy servers's redirection was blocked. It looked similar to this: https://s1-eu3.ixquick-proxy.com/ (I believe it was eu1..)

I am back to https://www.duckduckgo.com

Peace!

sorry, i have arch linux 64 bit, I have download new TBB it version and when i run start-tor-browser on a terminal it open vidalia, but it not open a new window for firefox.
http://img221.imageshack.us/img221/4141/schermatadel20120706121.png

Because firefox-bin, in App/firefox/ it not open, it do a segmentation fault

http://img402.imageshack.us/img402/4141/schermatadel20120706121.png

how can I fix that?

Would I be able to create another mirror of The Tor Project? Or are the others available already sufficient?

Hi. Recently I updated my ArchLinux and now I can`t start firefox in TBB. /var/log/messages.log is full of "firefox[5141]: segfault at 7f3fe7204dc8 ip 00007f3e822368a3 sp 00007ffffa69ce20 error 4 in ld-2.16.so[7f3e8222b000+21000]" and similar. Normal ff is working good and I have no other problems with anything :-/

Tring to launch tor browser and getting a message saying it read the FOXFIRE file or it is corrupted. Do I need to lauch tor for an existing browser or a just start tor

You just start tor, and it will start the tor browser. If you get an error, try to download tor browser bundle again. Maybe it got corrupted while downloading.

Why can't I uninstall TOR? It's no where to be found in the uninstall feature in windows.
There is also no uninstall software with this bundle. I don't want to use TOR with browser but with other software.

There is no uninstall software. Just delete the folder.

Awsome! Cheers.

We need an official Tor discussion forum.

I didn't see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurl's will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 doesn't appear to be heavily moderated so be aware and take precautions.

like others I consistently get allocated IP address 31.172.30.1 (or .2, .3) using TBB. Haven't seen anyone reply with a reason so far. Has anyone looked into this?

chaoscomputerclub (ccc.de); seems four of their exit nodes are among the fastest in the tor network. I also often get them, but not consistently.

This really needs an official response.

Looked at the configuration.
Maybe set dom.server-events.enabled to false?

the Bloody Secret:

1) the only Tor or TBB releases fit for use are Stable releases.

2) the unending (some recent sanity w/FF10.05) hunger of T´project ops to üpgrade¨ everything, esp Firefox, is nuts. If a military EW specialist did this he would be shot. REVERT to safe, stable FF3++ versions, keep patching Tor and Vidalia w/o requiring distro pkg upgrades beyond Lenny, Hardy or Lucid (the last of the stable and useful Linuxes). Make it simple and stable only---MINUS the horseshit Extensions, Plug-ins, add-ons ~NoScript and all the rest, except for lovely Torbutton. All of these forced-add Extensions decrease security by opening endless avenues of attack, not to mention their config-prefs are dangerous. The monster Firefox has become is utterly loaded with unneeded junk and phone-home nonsense--just open all the .js and jar files and look at the shit being imposed on the user. Torproject, your work IS appreciated greatly but you seem to be going the way of the collaborator. I hope I am being a fool in thinking this.

Finally, the unnecessary and seemingly pointless bloat of a potentially tight system leave me puzzled. As does the million$ you have confirmed taking from the Feds. And, now, you require me to allow you to install cookies on my box in order to post my opinion here. Time to reflect, Jimbob.

1.) Plugins? What plugins?

I do not recall TBB ever coming with plugins.

2.) Could you kindly explain your complete dismissal of the many protections that NoScript claims to offer? (and is widely recognized as offering)

Do you have an alternative to suggest/propose for protection against all of the various exploits that NoScript protects against?

I don't know enough to comment on the rest of your post.

Regarding add-ons, besides the integral TorButton, aren't NoScript and HTTPS-Everywhere the only add-ons that come with Tor Browser Bundle?

1. We tell the world this. -stable is for usage. -alpha is for testing.

2. Tor browser is based on firefox. When mozilla forces updates and fixes security and privacy bugs, we update to fix them for torbrowser.

2a. We don't ship 'horseshit' extensions. We ship a config designed to protect anonymity. Rather than rewrite noscript for the functionality we want, we use the actual noscript.

2b. There are no plugins shipped with tor browser. what plugins do you see?

2c. Firefox is huge, yes, Most of the size is due to xul library (libxul.so at 24 MB) and vidalia's libqt (libQtGui.so.4 at 12 MB).

2d. please detail what 'phones home'? we disable most of it unless it goes over tor directly.

2e. please submit patches to torbrowser which address your concerns.

I have been a Tor user for about a year, and like many others would love to be able to use the browser bundle intermittently, while leaving a relay or bridge running continuously. Others have documented the difficulties of not being able to close the browser, or vidalia, in a tbb without tor.exe itself closing, which is frustrating if you are trying to run a relay.

However, I come here today to leave feedback on another difficulty I encountered today.
I had read here that it was possible to run 2 instances of vidalia relay or bridge, and a tbb if they were located in different directories. I consider myself experienced at tor, so I went to try it out. I unzipped a fresh copy of the latest Tbb into a separate partition in my WinXP dual-nic, while a vidalia relay ran elsewhere. I started vidalia first, and set a different control port from the relay. Then I see vidalia is trying to hijack the already running relay. After starting and stopping vidalia a few times, looking at the vidalia config, etc. I finally get the 2nd vidalia running.

However the 2nd tor won't start properly.
Even editing firefox pref.js> torbutton.custom.socks_port 9065, network.proxy.socks_port 9065, vidalia.conf, etc. tor won't start properly. The socks listener port is the problem. In order to run a 2nd instance, I have to edit my torrc before I can change the socks listener port, because tor.exe defaults to 9050, which the first instance is already using. This will be beyond some users, and actually took me about 15 minutes of parsing every possible .ini or .conf in the Tbb package to realize.

So, the TLDR is that the socks listener port is inaccessible from anywhere in vidalia, and you can't edit a torrc in vidalia that isn't running. If you make the Socks port configurable in Vidalia, a smart user can change that port before Tor.exe rushes headlong toward it's built-in default of 9050 and crashes relentlessly.
Running a 2nd instance of a Tor bundle would be easy at that point. Open Vidalia, set the control, dir, OR, and socks ports, and off you go. My apologies for the wall of text, but I hope maybe this will help you improve your Tor bundles.

I would also be remiss if I didn't say "Thank You!!" for all the hard work you do. As the totalitarian regime(s) grow around the world and at home, what you do is priceless and dare I say, even lifesaving. Thank you, thank you, thank you.

I've noticed this too; as you say the only solution so it seems is to separate torrc from vidalia.exe

i've just tried to download the latest release mentioned to me today when i booted Tor. now, Tor browser doesn't work. instead i get this error: Vidalia can't find out how to talk to Tor because it can't access this file: /port.conf

i've deleted all things Tor off my computer for now and will try back in a little while when hopefully things are a bit more stable.

running slightly older verion of OS X - 10.5.8 and firefox 13.0.1 on 64bit macbook

ta!