New Tor Browser Bundles

The Tor Browser Bundles have been updated with a bunch of bug fixes.

Important note to Windows users: in the last release we enabled automatic port selection for Tor and this had very unexpected side effects on many Windows machines. It turns out that there are a number of consumer firewalls that don't like things connecting on high ports, which was the default. We're looking into smarter ways to handle this failure mode, but until we find one, we have reverted the behavior to using the previous static port. We're very sorry for the huge inconvenience this caused and hope you will find these bundles more bug-free! As ever, if you don't, please let us know.
https://www.torproject.org/download

Tor Browser Bundle (2.2.32-4)

    Windows fixes
    • Disable automatic port selection to accommodate Windows users with
      firewalls that don't allow connections or traffic on high ports (closes: #3952, #3945)

    Linux fixes

    • Fix Makefile to allow for automatic retrieval of Qt and libpng (closes: #2255)
    • Remove symlinks from tarball (closes: #2312)

    General fixes and updates

    • New Firefox patches
      • Prevent Firefox from loading all system plugins besides Flash (closes: #2826, #3547)
      • Prevent content-preferences service from writing website urls and their settings to disk (closes: #3229)
    • Update Torbutton to 1.4.3
      • Don't let Torbutton inadvertently enable automatic updating in Firefox (closes: #3933)
      • Fix auto-scroll on Twitter (closes: #3960)
      • Allow site zoom information to be stored (closes: #3928)
      • Make permissions and disk errors human-readable (closes: #3649)
Anonymous

September 10, 2011

Permalink

Hi erinn,
looking good so far, just dowloaded and worked :)
Running Win xp2 + Comodo firewall.
Will put it through it's paces and report back

Thanks for your tireless work.

Cheers

R2D2.

Whas there a problem with the last TBB on Windows with Comodo? I ask because I'm using Windows SP3 with Comodo and never had a problem, re high ports with most recent TBB.

What version and model of Comodo are you using? I'm using the free firewall version 5.5.195786.1383 (no malware scanner, etc.).

When I download a new TBB I manually set the TBB files tor.exe, vadalia.exe and tbb-firefox.exe as trusted in Comodo via. "(right click tray icon) > Open > Firewall > Define a new trusted application > browse". While there, it's wise to stealth your ports. That is easy to do via. "Stealth Port Wizard > Block all incoming connections and make my ports stealth for everyone" (I don't run a node from my home so stealthing is simple).

Joyton

Yes, lots and lots and lots of Comodo Firewall users could not get TBB to run. I don't think many of them tried your above solution, they just thought we broke TBB. :) (Which is fair, since it used to work without any configuration on their part.)

Hi Erin

I have 2 contributions - well 1 question and 1 potential bug:

1. Firefox Aurora is a pre-beta release of a particular version. Couldn't this pre-beta version have unknown bugs that affect Tor. Wouldn't it make more sense to stay with a fully stable, tested version of Firefox that would come after beta? What is the thinking behind this?

2. When you have multiple home screens seperated by a pipe | , they don't open correctly the first time the browser opens. Only the first one opens and the others fail to open.

Anonymous

September 10, 2011

Permalink

TorButton 1.4.3 does not show icon or text on statusbar, even when option is set to show it. You can manually correct this until it is fixed (can someone fix it?) by adding #torbutton-panel { visibility: visible;} in your userchrome file.

(The error is that visibility is currently set to collapse.)

Hi Mike. Details that might help: Platform: Windows. Problem with regular extension installation (not TBB). Toolbar button looks fine. Statusbar item missing, even when configured via options to display. Setting in userchrome fixes problem.

Item in menus to enable/disable would be an improvement as well

Thank you for your work.

Anonymous

September 10, 2011

Permalink

Can I just check out the v2.2 branch of torbrowser, or do I have to clone the entire repository. What I want is a git command line that can be added to versions.mk.

Yes, my git-fu is very weak.

Thank yiu.

Anonymous

September 10, 2011

Permalink

i am just wondering what is the mangle.exe in the app directory of firefox i can't seem to find this in firefox portable or the regular install of firefox I have verified the signature (ok) and also checked the hash on virustotal (clean) Thank you for your time and great software

thanks

It is something Mozilla builds by default, though a quick grep through the source does not tell me exactly what it does. I can look into that more later and get back to you.

I'm pretty sure that PortableApps is building their FirefoxPortable with Visual Studio 2005 which seems to create fewer files on average. We're building with Visual Studio 2008 (2005 is no longer available).

I'll see if there is a way to have fewer files though. I think mangle may be related to the crashreporter.

Anonymous

September 10, 2011

Permalink

Nice job.

I use an old Medion Akoya netbook. The last two iterations of the browser bundle would not work. Vidalia / Tor would start fine, but when the browser went to start, all three would shut down immediately.

2.2.32-4 works like a charm.

Many thanks to all for their on-going efforts.

Anonymous

September 10, 2011

Permalink

Hi

Unfortunately, norton internet security 2010`s "Sonar Protection", blocked tor browser bundle again. When I clicked on "Start tor browser" in extracted directory, norton deleted the link.
I am using vidalia bundle, after configuring firefox 6.0.2 manually, with all adds-on disabled. My OS is windows vista, 32 bit, service pack 2.

Anonymous

September 11, 2011

Permalink

"Prevent Firefox from loading all system plugins besides Flash"

So is it safe to use Flash? Does it route its traffic through Tor if used from within Tor Browser Bundles?

No, it is not safe to use Flash, but we needed to block all of the other system plugins from even loading at all. We're looking into ways to make Flash safe to use on all platforms, but it does some things that are hard to work around (and writes LSOs/supercookies to your harddrive, even with some settings pre-set). I'm planning to contact Adobe very soon to discuss our options in this regard.

It's not included.

But when the user goes to a page that wants flash, the page tells the user to install Flash. If the user *does* install flash, it still doesn't work because Torbutton blocks it. Then the user gets confused, because the page keeps telling him to do something that he already did.

Mike is trying to make it so if the user chooses to install Flash, it will work and still be safe.

It isn't included. If you don't have Flash installed on your computer, TBB will not give it to you. Normally Firefox will search several locations on your computer to locate all of the plugins available, then present them in the addons->plugins screen. With some about:config changes, they can be hidden from view of the user, but they still get detected/loaded into the browser, and a malicious attacker could use that to their advantage if they want to compromise a TBB user. As a separate (but also important) issue, some system plugins can outright crash Firefox -- this was an issue on some Linux systems where TBB Firefox would try to load skypebuttons.so and crash.

So basically, we don't want to load any system plugins ever, because we don't want users to use them. Flash is an exception in the sense that eventually we do want to allow users to use it, if we can provide access to it in a safe way (which really remains to be seen).

Anonymous

September 11, 2011

Permalink

What's the Problem of with in WinXP-SP3?

Everything was fine before ZoneAlarm installation, except for 'vidalia.exe'-crash when we press 'Exit'-button on it that was not a critical issue

But now 'vidalia.exe' crashes at Start-Up despite presence or absence of 'ZoneAlarm' in memory
But it seems there is no conflict with 'tor.exe'

I've sent Err!-Report to you...

Note: One of 'ZoneAlarm' files mentioned below is Memory-Resident non-stop Win-Service:
"C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe"
So, complete disabling of ZoneAlarm is somehow impossible!

It's an ancient conflict between many of older Ver.s of both in older OS-Ver.s but not all of...
Is there a day free from conflict?

Regards, Bahman

Anonymous

September 11, 2011

Permalink

I just installed version 2.2.32-4, I'm on Windows 7. Am getting a page "Sorry. You are not using Tor."although everything indicates that I do. The Vidalia tray says I do, checking IP etc show that I do. Perhaps something I cannot see is not working properly?

You most probably happen to have been using an exit node that isn't yet updated on that opening page. If you right click on Vidalia and then choose "New Identity", then refresh the page, it should show green. Telling you that you're using Tor.

I too have experienced that issue from time to time.

I don't want to make it seem like you should be complacent, though. The big scary red text is there for a reason.

Joyton

We had a temporary problem with check.torproject.org's ability to recognize whether a given IP is a Tor exit relay. Should be fixed now. Sorry for the confusion -- it had nothing to do with the new TBB.

Anonymous

September 11, 2011

Permalink

Something odd is happening that hasn't happened before. Sometimes when I go to the "Check Tor" url (check.torproject.org) the web page says I'm not using Tor. However, everything else appears to be normal. Vidalia says I'm connected to Tor and my IP address shows a Tor connection. I also received for the first time the error message "Tried to establish rendezvous on non-OR or non-edge circuit." What does this mean?

I'm using Tor 0.2.1.30 and Vidalia 0.2.12.

Anonymous

September 11, 2011

Permalink

I used the jondonym anonymous test here http://ip-check.info/?lang=en.

First of all it found out that the browser was trackable by e-tags. I had to go into about.config, and change this setting. browser.cache.memory.enable was set to true by default, so I changed it to false. That was then fixed. Shouldn't this be the default with the download though?

One more dangerous thing was found though, and I don't know how to fix it.

"Your referer is not faked. The next visited site learns from which web site you came from. Advertising services use this for building web surfer profiles. If you had visited a website that is linked to your identity before, this may even lead to your immediate deanonymization."

Is there a setting in tor or firefox to fix that?

We had a temporary problem with check.torproject.org's ability to recognize whether a given IP is a Tor exit relay. Should be fixed now. Sorry for the confusion -- it had nothing to do with the new TBB.

Anonymous

September 11, 2011

Permalink

Just to provide some feedback, I tried 2.2.32-3 and -4, and both said "You are NOT using Tor" when Aurora(?) started. I also looked around for a way to manually configure the proxy settings since Aurora seemed to have no HTTP proxy (still doesn't?) but I couldn't find that info published anymore, so I just downloaded different bundles until I found a working one. I grabbed 2.2.32-UNOFFICIAL-1 from the last version's thread, and it worked right away.

Using Win7 32-bit ultimate, behind a typical household router.

The service behind https://check.torproject.org/ that guesses whether that IP address is a Tor exit is being flaky. I've changed it so it now answers either "yes" or "maybe".

Sorry for the confusion. This coincidence has nothing to do with your shiny new Tor Browser Bundles. :)

Anonymous

September 11, 2011

Permalink

*** Related to previous post from 'Bahman' ***

It seems I do not miss Tor-Network but if I do in a strange-way from now on...

1st, I disabled & , so there was no evidence of 'ZoneAlarm' in work
But 'vidalia.exe' crashes...

Then, inevitably I uninstall 'ZoneAlarm' completely
But 'vidalia.exe' crashes again that was very odd!

Then I recalled that before installing 'ZoneAlarm', I was obliged to install the following Microsoft-Patch:

--- --- --- ---
+ Title: How to disable simple file sharing and how to set permissions on a shared folder in Windows XP
+ URL: http://support.microsoft.com/kb/307874
+ Size: 634 KB (649,728 bytes)
+ Title: Microsoft Fix it 50053 v2.1.0.1
+ Subject: Disable simple file sharing in Windows
+ Author: Microsoft Corporation ©
+ Keywords: KB307874
+ Revision Number: {0535E18F-EAB6-4B66-8843-2F8FC9792A20}
+ Let me fix it myself:
To disable simple file sharing yourself, follow these steps:
1. Click Start, and then click My Computer.
2. On the Tools menu, click Folder Options.
3. Click the View tab.
4. In the Advanced Settings section, click to clear the Use simple file sharing (Recommended) check box.
5. Click OK.
--- --- --- ---

But restoring back the tick-mark to 'Folder Options'->'View'->'Use simple file sharing (Recommended)' has no effect in solving problem

So, what is the problem?

Note to what happened:

When I run 'vidalia.exe',
1st I get 'Vidalia has encountered a problem and needs to close', but I don't close the window...
2nd I see 'vidalia.exe' continue working regardless of Err!
3rd I see 'Connected to the Tor network' on 'Vidalia Control Panel'->'Status' !!!

Now I can use Tor-Network & Firefox-Torbutton
Even if I click Error-Win that causes 'vidalia.exe'-process terminates, but 'tor.exe'-process continue working!

Regards, Bahman

Anonymous

September 11, 2011

Permalink

متاسفانه ورژن در به وقت ایران دوبار به من هشدار داده که شما به شبکه تور وصل نشده اید!Tor Browser Bundle (2.2.32-4)

Anonymous

September 11, 2011

Permalink

Unfortunately, I tried four times but each time I get a tour with a new version of the onion with a red X appears and says you are not connected to the mesh network
I followed a valid link, while the Czech's IP out of the show
But when I connect to the tour is a tour Prnabl browser that you logged the IP network, a tour of the show You threaten my safety or the problem is a tour of the new version?
- anonymous from Iran

A temporary service outage prevents us from determining if your source IP address is a Tor node.

Anonymous

September 11, 2011

Permalink

Unfortunately, I tried four times but each time I get a tour with a new version of the onion with a red X appears and says you are not connected to the mesh network
I followed a valid link, while the Czech's IP out of the show
But when I connect to the tour is a tour Prnabl browser that you logged the IP network, a tour of the show You threaten my safety or the problem is a tour of the new version?
- anonymous from Iran

A temporary service outage prevents us from determining if your source IP address is a Tor node.

First, I'm not a member of the Tor Project, so what follows is my own personal advice.

If you want to determine if you are in fact connected to the Tor network, go to http://torstatus.blutmagie.de/ If you are connected, it will say at the top of the page "It appears that you are using the Tor network" and will show your IP Address and the name of the Tor server you're connected to.

Anonymous

September 11, 2011

Permalink

I was about to let you know that the check site was working again, but with one more test, just to be sure, turns out it isn't. (sigh) I'm using the latest version ( .4 ). I upgraded from previous version ( .3) when I started getting the "You are not using Tor" message this morning. I went through the configuration settings on everything, even checking the extensions/add-ons to see if there was something causing the glitch. I have not re-loaded the extensions from the previous version yet to the .4 version. some things I did notice when going through the configuration settings: 1) Polipo box isn't checked to be used and it won't allow checking it. Still use Polipo with Tor in the new version? 2) Some of the defaults are set to (Dangerous) settings, such as the NoScript "Allow Scripts Globally), etc.
I've now been getting the message "A temporary service outage prevents us from determining if your source IP address is a Tor node." Getting "yes" message spuriously, yet not very often.
Any ideas? I can try to give you more info if it would help.
T'anks in advance!

Anonymous

September 11, 2011

Permalink

Hi. Thought I'd let you know that the check sit is working again, but I can't. Failed on one last check. (sigh)
Some history-
Had the .3 version this morning, got the "not using Tor" message, checked the configuration settings on everything including all the extensions/add-ons, upgraded this morning to .4 when I checked the blog, spuriously went between "Yes" and "A temporary service outage prevents us from determining if your source IP address is a Tor node" on .4 version (Note: after getting a "yes" I would hit the New Id button in Vidalia and again do the check site getting the "A temporary service outage..." message again), again checked all configuration settings...
But it's a flaky check site is all?
I also noticed a few other things when checking configuration settings: In the Tor preferences panel, the Polipo box is not checked and it doesn't allow for it to be. In checking the files for the new Tor browser I notice no file for Polipo there and even tried to paste it back and configure it in. Didn't work. Is Polipo not used in the new Aurora browser?
I also found some odd default settings such as NoScript now being set to the (Dangerous) "Allow scripts globally" on the new .4 version. Many things in various configure panels were set oddly in the new .4 version, actually.
One more thing.... yesterday, 9/10, I started having problems with the version .3 of Aurora. The browser froze up (not responding) continuously. Freezing, un-freezing
every few seconds. Just very strange behavior ever since I uped to .3, and then .4.
Sorry for all the notes here, and even still, I'll try to offer more info if you think it might help. LOL
Thanks in advance!

Yes, Polipo has been removed. I can answer that question for you. They removed it because the issue that was having them include it was removed from Firefox/Aurora.

As to the NoScript issue, I also noticed that and was only alerted when I went to one site in Torland that actually does a check to make sure that it is enabled to 'allow no scripts globally' and it told me that issue was present.

The best thing to do with a new version of Tor is to install it in a new directory whenever there is a new version. That is what I personally have taken to doing.

Anonymous

September 11, 2011

Permalink

Well, don't panic ! I've told u before u MUST take measures to PREVENT against attacks. Now I'm telling you must prevent against your own failures. Be patient ! Nothing is working fine because you react without thinking. Think again. Or just call me to fix this mess. Good Luck. A.P.

Anonymous

September 11, 2011

Permalink

me too I use Mac osx
I've now been getting the message "A temporary service outage prevents us from determining if your source IP address is a Tor node.

anonymous from Syria

We had a temporary problem with check.torproject.org's ability to recognize whether a given IP is a Tor exit relay. Should be fixed now. Sorry for the confusion -- it had nothing to do with the new TBB.

Anonymous

September 11, 2011

Permalink

Oooh..... that high port thing was a heck of an oversight. Personally, I thought that the revolving port might have been good for anonymity, but I can understand (after researching the subject) that some firewalls don't light you using high ports for very good reasons.

Perhaps there will be a way to limit the revolving port to something like.... up to port 9500?

Anonymous

September 12, 2011

Permalink

Hey, Newbies, check.torproject.org is working OK now. If you're in doubt recheck in whatsmyip.us. If you're just websurfing delete troubeled version and install the old one. In the meantime go trough duckduckgo.com instead of Google or the likes. Check your open ports. Restrict Windows policies. Disable ActiveX. Use Firefox 9 Nightly with establised pipelines. Never IE. Put Firefox to clean everything in its files when exits. Use CCleaner at startup.Sing off wherever you sign in. No use Flash. HttpsEverywhere is OK. Disable JavaScript. Check headers in browserspy.dk or alike.Dont download torrent files with Tor coz everyone can see you. You can post questions here.Everybody here is willing to help newbies. We all were newbies once. A.P.

Anonymous

March 30, 2012

In reply to by Anonymous (not verified)

Permalink

Having read all that, if I am using the Tor bundle and browser, can I forego these precautions? It was my impression that it was already preset to just run correctly from start up

Anonymous

September 12, 2011

Permalink

BRINGING NEWBIES TO TOR.

NEWBIES are people starting to use Tor. They just want privacy. They don't need tecnichal knowledge. We must tell them what to do, let them try and then answer their questions. In an organized manner. I propose creating a section in Tor for them.

"The TOR newbies". More simple and instructive. Just a few words to accomplish a task. Not verbous. Simple. Efficient. Relaible. Private.

TOR needs newbies. TOR is structured. TOR doesn't apologize. Is too selfish. We needs newbies to grow. Isn't enough that Tor embraces open source and open whatever open. We must be in the real world of newbies that are now having troubles. We must be in the real world. A.P.