New Tor Browser Bundles

The Tor Browser Bundles have been updated again, this time with Firefox 6.0.2, Torbutton 1.4.2, and more privacy-enhancing patches. Windows users: if you had problems running the last bundles, please try this. We believe the problem is fixed, but let us know if it's not.

https://www.torproject.org/download/download-easy

Tor Browser Bundle (2.2.32-3)

  • Update Firefox to 6.0.2
  • New Firefox patches:
    • Improve cache APIs to enable better isolation (closes: #3666)
    • Provide auth headers to on-modify-request (closes: #3907)
    • Randomize HTTP pipelining as an experimental website traffic fingerprinting defense (closes: #3914)
    • Enable HTTP pipelining in TBB prefs.js (closes: #3913)
  • Update Torbutton to 1.4.2
    • bug 3879: Fix broken framed sites (yopmail, gmane, gmaps, etc)
    • bug 3337: Fetch check.tp.o page to check versions (TBB only)
    • Bug 3754: Fix SafeCache OCSP errors (fix for TBB only)
  • Update NoScript to 2.1.2.7

Windows fixes

  • Add missing C runtime libraries so WinXP users can use TBB again. Fix found by velope.

Linux fixes

  • Update libpng to 1.4.8 (closes: #3906)
  • Make the TBB launch script work when using a relative symlink (closes: #2525)
Anonymous

September 04, 2011

Permalink

Umm, I don't see Firefox 6.0.2 available for download from the Mozilla website. Have I missed something?

Anonymous

September 05, 2011

Permalink

This doesn't work for me at all. Tor cannot connect properly, files are missing. It's the same if downloading from https://www.torproject.org/download/download-easy

Files are reported as missing. E.g. firefox.exe

After trying this, it wasn't even possible to reinstall the old version and get it work, because tor.exe cannot connect to the internet, and Vidalia cannot access the file ./Data/Tor/port.conf

So now I have no Tor at all. Just a mess.

This might do the trick. With my Lucid distro, at least, I don't get a usable Torbrowser install by simply decompressing the archive onto the desktop. For flawless use, place the d'loaded Torbrowser tar.gz archive to the /Home/user folder, extract with "tar -xvzf tor-browser-gnu-linux-i686-2.2.32-3-dev-LANG.tar.gz " in terminal and run the "Start.." script from the newly extracted folder. With Windows, I suspect placing the downloaded archive as close to C:/ as possible before extraction will be useful.

A Linux note re: the cmd above. On my setup I have to direct tar to /home/user/tor-browser-gnu-linux-i686-2.2.32-3-dev-LANG.tar.gz, rather than just naming the file as Tor suggests.

below unrelated but useful--
A thought re: overall security: use a separate harddrive with a single encrypted-OS install for any Tor browsing. Though newest versions of Ubuntu (distros 10.10 and 11) are a damnation on all that is good, I've found that a barebones v.10.04 Lucid LTS or Debian Lenny (PRE-Squeeze!!) have very easy to set-up crypto-LUKS/LVM auto-partition function during the OS install. Use the "Alt-Install" CD. You pick one passphrase to get through LUKS and a second to login through GDM or whichever login window. X-screensaver can be set-up to lock-down the machine with a click or auto-lock after x-minutes.

This happened to me to but I have two identical copies of Tor and it only happened in one of them so I just compared the files to see what was different. I ended up just finding the port.conf file and deleting it, then Tor worked for me again and I haven't had the same problem since. That file seems to be one that's auto created when Tor starts and deleted when it closes so I figured maybe it didn't shut down properly once and forgot to delete the file and that messed it up for the next startup but that's just a guess.

Anonymous

September 05, 2011

Permalink

Not Found

The requested URL /dist/torbrowser/tor-browser-1.3.24_en-US.exe was not found on this server.

Anonymous

September 05, 2011

Permalink

using this version, trying to download files using DownThemAll results in a lot of files stalling at 79.8KB when they exceed that size. Why is this?

And why does torbrowser 2.x remove polipo? Without polipo or privoxy it is not only more difficult, but impossible in some cases, to route external programs through tor. For example I can no longer use HTTRack with torbrowser 2.x, or many download managers.

I feel 2.x is a step backwards in useability.

We were using polipo to workaround a SOCKS timeout issue that is no longer present in current Firefoxes. Polipo itself has numerous security bugs and is essentially unmaintained and unsafe to ship to users.

I think we should find a solution for the HTTP proxy issue though. Can you tell me more about how you were using it? One temporary solution we can offer to people who want Polipo is a verified built-by-me binary available on the website so users such as yourself can continue to use it. But I think long-term we need something safer that we can give to everyone, included in the bundle. (Maybe usewithtor on all platforms?)

Regarding DownThemAll, a commenter below implies that it might be a Torbutton bug. I have mentioned this comment thread to him.

Yep, the DownThemAll thing is definitely a Torbutton bug, I disabled TorButton totally and DownThemAll worked.... must be blocking some Javascript that DownThemAll relies on to work.

On the other subject, Polipo might have security bugs and be unmaintained, but the fact is that it is the only way to get external applications to work with Vidalia and Tor.... unless there is some workaround that I don't know of to get things like Opera, Chrome, etc. working with Tor/Vidalia.

Anonymous

September 05, 2011

Permalink

Tor doesn't work for me at all ?? Yes I other similar problem as above it work if i extract it into a different directory until I reboot and then it doesn't work again My OS its windows 7 ulitmate

Anonymous

September 05, 2011

Permalink

Your last two releases do not work at all for me. 2.2.32-2 worked sometimes but had alot of retrying circuit errors. This one fails at Bootstrapping. I did a clean extract to a new directory.

Do you have a firewall running? What error messages are you getting? If you do have a firewall running, does everything work if you turn it off? (Turn it back on if you test this, I just want confirmation that it is a firewall problem.)

Anonymous

September 05, 2011

Permalink

Some sort of incompatibility between DownThemAll and TorButton 1.4.2. The former just won't work when you try to use it with TorButton at all. It works when you remove TorButton, but that is dangerous in my opinion.

I also have to agree with Anonymous about the 'impossibility to use external programs with Tor' now that Polipo is removed.

We have this bug filed already for this conflict, but it is not as high priority as others:
https://trac.torproject.org/projects/tor/ticket/2833

We are trying to avoid having to support a whole smattering of addons in the TBB. Despite the fact that it can run other addons, it is not normally recommended.

There are also lots of other flash video downloaders. Did you try any others?

Is DownThemAll!, with default settings, safe to use with Tor Browser Bundle?

>There are also lots of other flash video downloaders.

But are any of them safe to use with TBB?

How can one know?

Also, DTA! is not a flash video downloader but is a download manager for saving files -- primary image files-- from web sites.

Anonymous

September 05, 2011

Permalink

While previous version still works for me, new version (Tor Bundles 2.2.32) Fails to lunch Firefox.
My OS is windows XP SP3. and the err message is: "Vidalia was unable to start the configured web browser."

Regards

Can you let me know if this test bundle works for you?

https://archive.torproject.org/tor-package-archive/technology-preview/t…
https://archive.torproject.org/tor-package-archive/technology-preview/t…

I have reverted the automatic port selection configuration changes because they seem to break things for a lot of Windows users who are running firewalls.

@ anon - from - R2D2
Are you saying that on your windows set-up the official version failed and the unofficial version worked fine??

I am running windows XP2 and both the latest releases fail to wor correctly and request wether i have Polipo set up correctly.

I thought the whole idea was to get rid of Polipo?

R2D2

Hi erinn,

you test bundle work for me if I go to Vidalia >tick firewall setting to only allow ports 80,443 > exit and then restart .

Hope that help in some way for you

Running windows xp2 + Comodo firewall

R2D2

NB. Sandboxie seems to have a problem reports an error of some kind, I just hide the error for now.
Sorry if my english not so good

Anonymous

September 06, 2011

Permalink

I tried "tor-browser-2.2.32-UNOFFICIAL-1_en-US.exe," and I loaded the folder into C:\, and not on top of a previous one. Nothing has really changed since I had a problem with the previous OFFICIAL one. This one (OFFICIAL-1) produced the following results when I double-clicked on Start Tor Browser:

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

I got the same message when I double-clicked on tbb-firefox. I even disabled my software firewall, and the results were the same. At least when I tried to use the previous editions I was able to get as far as Vidalia coming up. This time it's zilch, zip, nada!

I'll check back later.

Thanks.

Can you try putting it somewhere else such as your Desktop? That sounds like a Windows permissions problem, not a TBB-specific bug.

Anonymous

September 18, 2011

In reply to by Anonymous (not verified)

Permalink

I'm having this problem too. Also when it firsts gives me the error it tells me that I need to open it with something and it applies the 7zip icon to the executable.

Anonymous

September 06, 2011

Permalink

I'm currently using portable Firefox 3.6.19 from an earlier Tor bundle. Will updating the browser to the latest 3.6.* version through its built-in update function affect the working of Tor?

Anonymous

September 06, 2011

Permalink

The prefs.js in the 0.2.2.32-3 Linux bundle specifies a max of 10 pipelined connections, while the code clamps the number to no more than 8 (see NS_HTTP_MAX_PIPELINED_REQUESTS in nsHttps.h).

How many simultaneous pipelined connects can Tor support through its SOCKS interface?

Yes, the about:config value of 10 is a result of a miscommunication between myself and Erinn.

For others playing along at home, the #define cited only has effect in terms of clamping the value of what is read from network.http.pipelining.maxrequests. Our randomized pipelining patch will still create pipelines of between 4..12 requests long, regardless of it the about:config setting is 8 or 10: https://gitweb.torproject.org/torbrowser.git/blob/refs/heads/maint-2.2:…

However, it does use the clamped value to determine the range of the pipeline size.

Also, what Tor does as a SOCKS proxy should be totally independent of the HTTP pipelining. Firefox should use Tor's SOCKS port to create a connection to port 80 or 443 at some site. After that, SOCKS gets out of the way and HTTP or HTTPS will start, at which point the pipelining behavior is entirely up to Firefox and the server. I believe there is also no hardcoded limit on the number of SOCKS connections Tor will accept.

Anonymous

September 07, 2011

Permalink

I moved the Tor Browser folder to the desktop, and this is what happened after I double-clicked Start Tor Browser (2.2.32-3):
========================
Connection Error

Vidalia was unable to connect to Tor. (Connection refused by peer.)

OK Retry Help
========================
I clicked on OK, and almost immediately another message said:
========================
Unexpected Error

Vidalia detected that the Tor software exited unexpectedly.
Please check the message log for recent warning or error messages.

OK Show log Help
========================
I clicked on "Show log," and I got the following:
========================
Sep 07 02:55:00.234 [Notice] Tor v0.2.2.32 (git-877e17749725ab88). This is experimental software. Do not rely on it for strong anonymity. (Running on Windows XP Service Pack 3 [workstation])
Sep 07 02:55:00.234 [Notice] Initialized libevent version 2.0.14-stable using method win32. Good.
Sep 07 02:55:00.234 [Notice] Opening Socks listener on 127.0.0.1:0
Sep 07 02:55:00.343 [Notice] Socks listener listening on port 1488.
Sep 07 02:55:00.343 [Notice] Opening Control listener on 127.0.0.1:0
Sep 07 02:55:00.343 [Notice] Control listener listening on port 1489.
Sep 07 02:55:00.343 [Notice] Parsing GEOIP file .\Data\Tor\geoip.
Sep 07 02:55:04.609 [Notice] OpenSSL OpenSSL 1.0.0d 8 Feb 2011 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation
Sep 07 02:55:07.671 [Notice] We now have enough directory information to build circuits.
Sep 07 02:55:07.671 [Notice] Bootstrapped 80%: Connecting to the Tor network.
Sep 07 02:55:08.875 [Notice] Bootstrapped 85%: Finishing handshake with first hop.
Sep 07 02:55:09.750 [Notice] Bootstrapped 90%: Establishing a Tor circuit.
Sep 07 02:55:11.718 [Notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Sep 07 02:55:11.718 [Notice] Bootstrapped 100%: Done.
========================
When I would see "... 100% done." in either Windows or Linux version of TTB, I used to be already connected, and ready to surf the Net. When I now "View the Network," there is nothing at all.

I'll check back with you later.

Thanks.

Anonymous

September 07, 2011

Permalink

Thanks for all your hard work, and updating to the latest Firefox-Version.

ONE BIG PLEA though!!

If i want to stay anonymous, and download the Bundle via TOR, to verify it, i need GPG, where i have to reveal myself.
Also, the steps are WAY to complicated for the average user. Verifying 834 fingerprints for every single developer?! ...

MY SUGGESTION:
--------------------------------------------------------------------------------------------------------------
Provide additional MD5 and SHA256 sums on the download page.
--------------------------------------------------------------------------------------------------------------

There are also Firefox-Plugins that can take advantage of them (check-it is open source, for example).

All the best wishes, and thanks for everything,
George

Anonymous

September 07, 2011

Permalink

Hello
Recently,I have received a new version package of Tor Browser via E-mail (gettor@torproject.org) ,I want to know if it is true and can I trust it?

tor-browser-2.2.32-2_en-US
Firefox (Aurora) 6.0.1
TorButton 1.4.2

Hi dears
I live in Iran and it's very important to me to know if The Tor (tor-browser-2.2.32-2_en-US ) I'm using (I got it from your e-mail), is not Hacked one.
please help me
Thanks a lot

Mina

Anonymous

September 07, 2011

Permalink

Software doesn´t work.

Windows 7 (x64), no antivirus/firewall.

sep 08 08:30:29.673 [Notice] Tor v0.2.2.32 (git-877e17749725ab88). This is experimental software. Do not rely on it for strong anonymity. (Running on Windows 7 [workstation])
sep 08 08:30:29.673 [Warning] Warning from libevent: evsig_init: socketpair: Permission denied [WSAEACCES ]
sep 08 08:30:29.673 [Warning] Warning from libevent: evthread_make_base_notifiable: socketpair: Permission denied [WSAEACCES ]
sep 08 08:30:29.673 [Error] Error from libevent: event.c:1413: Assertion base failed in event_base_get_method
sep 08 08:31:35.834 [Notice] Tor v0.2.2.32 (git-877e17749725ab88). This is experimental software. Do not rely on it for strong anonymity. (Running on Windows 7 [workstation])
sep 08 08:31:35.834 [Warning] ControlPort is open, but no authentication method has been configured. This means that any program on your computer can reconfigure your Tor. That's bad! You should upgrade your Tor controller as soon as possible.
sep 08 08:31:35.834 [Warning] Warning from libevent: evsig_init: socketpair: Permission denied [WSAEACCES ]
sep 08 08:31:35.834 [Warning] Warning from libevent: evthread_make_base_notifiable: socketpair: Permission denied [WSAEACCES ]
sep 08 08:31:35.834 [Error] Error from libevent: event.c:1413: Assertion base failed in event_base_get_method

Anonymous

September 08, 2011

Permalink

I have a problem running the new version on Linux (Up to date Debian Sid), the bundles with the older firefox work fine.

Vidalia Starts.. Bootstraping finishes and Vidalia goes green

Then a few seconds later Vidalia shuts down

Starting from the command line with the debug option gives this.

myname@mycomputer:/media/USBdriveName/tor-browser_en-US$ ./start-tor-browser --debug

Debug enabled.

Starting Vidalia now

Launching Vidalia from: /media/USBdriveName/tor-browser_en-US

Vidalia exited with the following return code: 0

Launching Tor Browser Bundle for Linux in /media/USBdriveName/tor-browser_en-US

Vidalia exited cleanly.

Anonymous

September 08, 2011

Permalink

I believe you need to replace Polipo with something with the same function in TorBrowser.
I know a lot of users , using torbrowser with other Internet browsers like Chrome or opera. However it is possible yet to use Vidalia Bundle instead, it will be useful to add something to Torbrowser bundle with the same function as Polipo.

Anonymous

September 08, 2011

Permalink

I'd like to have Polipo back too.

And can you please provide Checksums for the Downloads?

Anonymous

September 08, 2011

Permalink

On September 8th, 2011 Anonymous said:

I believe you need to replace Polipo with something with the same function in TorBrowser.

I do not understand, I thought the idea was that the latest new release was just meant to work out of the box,so too speak, and they had dropped Polipo but biult its function into Aurora/Firefox?

Why is it that when i try to connect via Tor it just comes back with "Proxy Refusing Connections"
when i go deeper and try to test my Proxy Setup it comes back with
some type of problem with Polipo?

What is going on ??

I really want to get this working as i am concerned about the security of the older versions as stated on this site itself.

Can someone please point me to a step by step setup procedure for the latest bundle?

Running Windows xp2 , have no problems with all versions that have Polipo

TIA

It sounds like you're trying to use an old profile from a version of the bundle that did include Polipo. Try getting a clean copy of the new bundle and then when you copy your profile over into the clean copy, don't copy the old pref.js file. You'll have to make your preferences changes again, but this way you won't have the old Polipo settings in the Firefox options.

Anonymous

September 08, 2011

Permalink

On September 7th, 2011 Anonymous said:
Thanks for all your hard work, and updating to the latest Firefox-Version.
ONE BIG PLEA though!!
-----------------------------------------------------------------------------------------------------
Provide additional MD5 and SHA256 sums on the download page.
-----------------------------------------------------------------------------------------------------

I second this motion , could you please provide the MD5 and SHA256
data will make it soooo much easier for us to be assured we are dowloading a safe un-tampered scource of the data

TIA

Anonymous

September 09, 2011

Permalink

Hello!
I also did not work either version 2.2.32-2, neither version 2.2.32-3. (On an operating system XP)
All previous versions worked fine 01.03.21, 24, 27.
Now I use the old 1.3.28 and it works without problems./Thank You!