New Tor Browser Bundles

The Tor Browser Bundles have been updated to Vidalia 0.2.15. The OS X and Linux bundles have Torbutton 1.4.4, but a hotfix for Windows was released with 1.4.4.1 because 1.4.4 had a minor issue that prevented the Windows bundle from going to https://check.torproject.org.

https://www.torproject.org/download

Tor Browser Bundle (2.2.33-3)

  • Update Vidalia to 0.2.15
  • Update Torbutton to 1.4.4.1
  • Update NoScript to 2.1.4
  • Remove trailing dash from Windows version number (closes: #4160)
  • Make Tor Browser (Aurora) fail closed when not launched with a TBB profile
    (closes: #4192)
i

October 12, 2011

Permalink

I just wanted to say THANK YOU so much for adding the Tor Browser version update check to the check.torproject page. That will help SO many people that are not overly tech savvy. Great job. That's a good pseudo-fix until Thandy is ready. Thank you!

Is there any plan to add support for connecting to cloud storage services like Google Drive or Dropbox through Tor, which are of course, great ways to distribute photos and documents but are blocked by China's Great Firewall and other countries censorship systems?

i

October 12, 2011

Permalink

Excuse me, I describe problems with new version in mailing list:

https://lists.torproject.org/pipermail/tor-talk/2011-October/021706.html
https://lists.torproject.org/pipermail/tor-talk/2011-October/021708.html

Before this version I can use Tor-Browser directly without TB starting script, without using "local user tor" and vidallia and enjoy Linux transparent firewalling for torifycation and use manually configured more secure "system tor-daemon" integrated with SELinux without users privilegies.

With this version I have a lot of a problems to make this in Debian, and forced to have more annoying workarounds with the configuration to disabling unnecesary TB features. Problems described in my posts in the mailing list more concrete.

Hope, that Debian packages with separated tor-daemon itself, Tor-browser and Tor-browser-plugins will be created sometime.

Can you help to make runnig TB as before? Without enforcing use full bundle for Linux users, without ruining transparency firewall--per-user-proxyfying and other fine tuning settings.

i

October 12, 2011

Permalink

I recently used Tor Browser Bundle with Aurora v7 on a Windows XP with Firefox v7 browser. I should clarify that I am a first time user of Tor bundle and so to try it I ran it once and the browser worked and connected to internet. Then I shut down the Aurora/Tor and tried to reopen Firefox. That's when trouble began...

Now, I can see Firefox.exe running the Task Manager processes but no browser windows open up and the only way I can use Firefox is to use Aurora. Please help me get back to regular Firefox. I have tried uninstalling and reinstalling Firefox a couple of times; Used the XP system restore to take the system back to a time before I used Tor bundle but to no avail.

Please do help me get back to regular firefox operations.

Thank you in advance for your help.

Bhavin

Very weird. Tor Browser Bundle is a standalone thing. It doesn't mess with your installed Firefox in any way.

After a reboot, there will be no TBB processes running.

Perhaps you moved around your taskbar icons and got confused?

Same here - run TOR, but most times the browser window never comes up - only once in a blue moon.

Pretty much makes the whole thing useless!

OS X Lion

i

October 13, 2011

Permalink

Yesterday check.torproject.org showed a message advising to install the newest version of Tor Browser Bundle. I did so. Today comes the next version. Perfect timing.

i

October 13, 2011

Permalink

Don't you people know that Internet Explorer is nowadays the most secure browser?!
It says right so on the new Microsoft site http://www.yourbrowsermatters.org/.

Internet Explorer score 4 (best).
Chrome score 2.5
Firefox score 2.

The site has analyzed my poor Firefox browser and has immediately detected a fault in my setup:
"This page requires Flash Player version 10.2.0 or higher.
IMPORTANT: After installing the required upgrade please reload this browser window to view the video."

Now that is up-to-date browser security!!!

i

October 15, 2011

Permalink

check.torproject.org website is broke! It continuously says "Sorry. You are not using Tor." Where it says "Your IP address appears to be" it shows the same IP which doesn't change, even when I press Use A New Identity. Using other website that show my IP show a different IP address than check.torproject.org!!! check.torproject.org just shows the same IP Address (which is not mine) no matter what I do. It has to be broke

i

October 15, 2011

Permalink

The anonymity provided by Tor seems to have been shaken by the team of researchers led by Eric Filiol, director of research at the laboratory and ESIEA Cryptology and Virology operational in France. French scientists say they have managed "to break both the encryption and anonymization, [...] which allows us to access all the information clear."
This week at a conference at ESIEA (http://www.esiea.fr/), Eric Filiol said to have reached an inventory of all machines, 5827 nodes in total, connected to the Tor network. A total of 9039 IP addresses were identified, one more than the total number of machines but due to the presence of dynamic IP addresses.
In this study, French researchers have discovered hidden nodes, the "Tor Bridges", "not listed in the source code. Only the foundation routers Tor knows these hidden" explained the expert computer. Using an algorithm of their own, the research team identified 181 hidden nodes.
With this, the researchers were then able to analyze the nature and machine safety. It showed that 41.4% of them run on Windows and that about 30% of all nodes are vulnerable. These vulnerabilities are clearly sufficient "to infect and they can be easily obtain system privileges" continued Eric Filiol.
Taking control of machines can then address the encryption keys used to protect communications. Of the three layers of protection, two were diminished and the third was pierced by a statistical method. From there, the exchanges between the different nodes can be deciphered without difficulty. "Cryptography based in TOR is weak" said the laboratory director.
Once the data protection transported is raised, the next step is to channel traffic through the infected routers. This method can be done with using the "packet spinning force," a technique that forces the machine to cycle in order to run the packages in circles. "It does not cause denial of service, just a micro-congestion," he added. (See:
http://www.numerama.com/magazine/20198-l-anonymat-du-reseau-tor-ebranle…).
QUESTION: What are you going to do about it?

What are we going to do about it? I mailed Eric and he refused to tell me any details. That's not a very friendly approach. Then he trumps up vague claims to the press while still not telling us anything.

I guess what we're going to do about it is wait to see if he ever has any details.

My guess at this point is that the details will be an already-published issue and/or they will be nonsense.

See also http://archives.seul.org/tor/talk/Oct-2011/msg00171.html

i

October 15, 2011

Permalink

the first time I start the tor bowser 2.2.33-3 bundle on my ubuntu 10.04 torcheck says things are set up right and working. If I reload the page it says I'm not using tor and shows a consistent IP. What's up?

i

October 15, 2011

Permalink

Hi erinn,

https://check.torproject.org/ reports "Sorry. You are not using Tor" using this bundle "Your IP address appears to be: 38.229.70.31" .
Not my IP is it still safe to use ?

Both, https://torcheck.xenobite.eu/index.php and
http://anonymous-proxy-servers.net/ sites also coming up with similar problems ?

Friends i have in Iran are very concerned and have reverted back to the safety of Vers. 1.3.23 as in their opinion it seems to be the only one they trust.
Any suggestions would help

TIA

i

October 15, 2011

Permalink

This keeps on crashing my computer now.

I don't know if its connected or not but it started after I tried to change a setting in tor to not use the cache at all. After that It said to restart tor, so I did. When it was coming back up I got a BSOD saying a "memory management" problem.

Then even after redownloading the bundle it still does that 9/10 times.

Whats the problem?

Bad memory? Hardware problems? Bad hardware drivers? Bad antivirus software? Viruses all over your computer already?

I'd say to get somebody who understands Windows to take a look at your computer and see what's broken about it. I bet it has nothing to do with Tor.

Had the very same problem, BSOD about memory management + longest reboot ever most of the time.

Think I solved it by putting TBB's folder on another hdd, root, no special chars. No problem ever since.

Hope this helps, be safe.

i

October 15, 2011

Permalink

I installed the latest Windows Tor Browser Bundle (2.2.33-3) but check.torproject.org says I am not using Tor. The tray onion is green, Torbutton is enabled and green and leader.ru indicates I am using Tor.

i

October 15, 2011

Permalink

I just upgrade my tor and now GetRight does not connect to any sites for downloads. Before upgrade i had no problems. I want to install an older version so I can get back to using GetRight with no problems, where can I download older versions?

i

October 16, 2011

Permalink

Is it possible to put file sizes with the download links? And make it easier to find the change log from the torproject.org page?

Also, autoloading videos and such are sapping my very limited bandwidth.

Some of us don't have the luxury of unlimited bandwidth, but instead are strapped with pre-1990's download speeds and stupid data caps. It would be helpful to streamline the site to make our access and downloads more efficient.

I can't find anything on Tails, and had to search for the info on the Tor Bundle. It is painful and aggravating when I have to keep loading new pages, wait forever, new page, etc.

i

October 16, 2011

Permalink

Today I was faced with this error on my tour of the network
I used
tor-browser-2.2.33-2_en-US
If danger threatens me
One of your applications (probably Telnet) appears to be making a potentially unencrypted and unsafe connection to port 23.

Anything sent over this connection could be monitored. Please check your application's configuration and use only encrypted protocols, such as SSL, if possible.
Anonymous from Iran

What operating system?

Were you in fact trying to use telnet? More generally, what applications were you trying to use with Tor? Hopefully just the Firefox that comes with it (the one whose window is named Aurora), and not something like bittorrent?

i

October 16, 2011

Permalink

Why is `sessionstore.resume_from_crash` ENABLED by default?!

Isn't this a major privacy issue?

i

October 17, 2011

Permalink

cant play Hulu vids from the UK on mac osx . It says flash needed. Flash is saying im on windows so offers that. I know this is a small part of what you designed TOR for but I do like to watch Fringe and other sci fi stuff and the UK is crap in comparison. Thanks if you can look at it. Much appreciated :)

i

October 19, 2011

Permalink

I think I'm using tor? I hit the check button and it' says I'm using it. But it doesn't say tor enabled in the right hand browser window? Also not sure if it's firefox because it says aroura. I'm new and just want to make sure I'm good.

i

October 19, 2011

Permalink

I recently used Tor Browser Bundle with Aurora v7 on a Windows XP with Firefox v7 browser. I should clarify that I am a first time user of Tor bundle and so to try it I ran it once and the browser worked and connected to internet. Then I shut down the Aurora/Tor and tried to reopen Firefox. That's when trouble began...

Now, I can see Firefox.exe running the Task Manager processes but no browser windows open up and the only way I can use Firefox is to use Aurora. Please help me get back to regular Firefox. I have tried uninstalling and reinstalling Firefox a couple of times; Used the XP system restore to take the system back to a time before I used Tor bundle but to no avail.

Please do help me get back to regular firefox operations.

Thank you in advance for your help.

Bhavin

i

October 20, 2011

Permalink

im in iran i cant downlod through fitering please upload on 4shared or mediafire thank you

https://www.torproject.org/docs/faq#GetTor
says
"""
Some government or corporate firewalls censor connections to Tor's website. In those cases, you have three options. First, get it from a friend — the Tor Browser Bundle fits nicely on a USB key. Second, find the google cache for the Tor mirrors page:
https://encrypted.google.com/search?q=tor+mirrors
and see if any of those copies of our website work for you. Third, you can download Tor via email: log in to your Gmail account and mail 'gettor AT torproject.org'. If you include the word 'help' in the body of the email, it will reply with instructions. Note that only a few webmail providers are supported, since they need to be able to receive very large attachments.

Be sure to verify the signature of any package you download, especially when you get it from somewhere other than our official HTTPS website:
https://www.torproject.org/docs/verifying-signatures
"""

i

October 20, 2011

Permalink

It seems to me that it is not a good way that the Tor team pay attention only or mostly to not-advanced Tor-users in the prejudice of advnced Tor-users.
The TBB is a good project but it cannot give the proper level of anonymity such as transparently firewalling on *nix-systems.
So, it seems to me that it needs to continue supporting of Tor-packages for *nix-distrs and to detach from TBB Tor Browser which may used with system-wided tor daemons.

i

October 24, 2011

Permalink

Hi, I updated bundle (already customized by me, so I just replaced old files with new [minus 'prefs.js' in userprofile]) and now Aurora opens UNmaximized (normal thing if it happen just in first run after update) every time, don't save windows position and size and check.torproject.org shows there's newer version of TBB available.

http://ip-check.info/ shows that everything is fine.

So, what can be causing this problem and how to get rid of it?

i

October 25, 2011

Permalink

1) Tor-Browser-Bundle is always a problem to update. When just overwriting the folder bookmarks get lost and config-changes in a new release (e.g. change of socks-port, change/remove of proxy-app) affect installed programs configured to work with tor + polipo.

2) In Browser-Bundle there is no way to start vidalia + tor + polipo without firefox. I don't like the newest firefox because common extensions don't work anymore. Since they get updated after a new ff-version was released, they never work with the newest TBB. A 2nd shortcut is neccesary: "Start Vidalia-only"

3) Noscript is always included. It's pretty useful and the only prog of it's kind. However, there are rumours noscript has "strange" code.

4) Torbutton doesn't work in seamonkey.

i

October 25, 2011

Permalink

1) Tor-Browser-Bundle is always a problem to update. When just overwriting the folder bookmarks get lost and config-changes in a new release (e.g. change of socks-port, change/remove of proxy-app) affect installed programs configured to work with tor + polipo.

2) In Browser-Bundle there is no way to start vidalia + tor + polipo without firefox. I don't like the newest firefox because common extensions don't work anymore. Since they get updated after a new ff-version was released, they never work with the newest TBB. A 2nd shortcut is neccesary: "Start Vidalia-only"

3) Noscript is always included. It's pretty useful and the only prog of it's kind. However, there are rumours noscript has "strange" code.

4) Torbutton doesn't work in seamonkey.

i

October 27, 2011

Permalink

Has anyone from the Tor team done a code review of NoScript? I for one do not trust its author after how he reacted to AdBlockPlus blocking ads on his web site. I would prefer to know the code is sound, considering the author has shown himself to be very interested in making money at the expense of end-user wishes (e.g., his constant updates to Noscript which then force users to visit his web site, and hence, his ads, which make him money).

The author of NoScript is not altruistic, that much is obvious. Please educate me whether anyone from the Tor team has done code review for NoScipt. And please, do not tell me Tor trusts the Firefox add-on code review process in lue of Tor carrying-out code review ...

i

October 28, 2011

Permalink

Can anyone tell me how to setup getright download manager with the tor-browser-2.2.34-1?

i

October 29, 2011

Permalink

The new Tor Browser Bundle doesn't allow GetRight Download Manager to connect, has anyone figured out how to set GetRight to connect yet?

i

October 29, 2011

Permalink

ECHO ... ECHO ... ECHO ...

Has anyone from the Tor team done a code review of NoScript? I for one do not trust its author after how he reacted to AdBlockPlus blocking ads on his web site. I would prefer to know the code is sound, considering the author has shown himself to be very interested in making money at the expense of end-user wishes (e.g., his constant updates to Noscript which then force users to visit his web site, and hence, his ads, which make him money).

The author of NoScript is not altruistic, that much is obvious. Please educate me whether anyone from the Tor team has done code review for NoScipt. And please, do not tell me Tor trusts the Firefox add-on code review process in lue of Tor carrying-out code review ...

Mike Perry has looked at Noscript. I trust his judgement here, since he also maintains Torbutton and HTTPS Everywhere.

You're right that the Noscript author is not altruistic. We've had some scuffles with his design process in the past.

Note also that TBB only uses Noscript as a backup for disabling plugins even more thoroughly. It doesn't use any of the javascript whitelisting or blacklisting. So in theory we could coopt just that part of the code and put it into Torbutton. But maintaining stuff that messes with Firefox's innards is enough of a nightmare already. We should be grateful for whatever Mike is willing to do. :)

i

October 30, 2011

Permalink

I just installed the new 2.2.34-1 Browser bundle for Win and noticed that the Poliipo directgory is missing, there is nothing to suggest Polipo is even part of this installation anymore. The download info says it is there, so where is it exactly. I wanted to edit the config so that it would use Socks 4a but cannot find that either.

As this threads original poster, I found out elsewhere on your site that Polipo http proxy was only there as a workaround for a bug in Firefox 6 and below, and was removed because that bug no longer exists, leaving the damage control job to TorButton which they said was actually safer.

But is it?. When this was done this forced Tor users into accepting Socks 5. It has long been know in the Tor community that Socks 4a is the most secure and 5 leaks DNS information so why??????. Torbutton does not allow 4a.

The reference also said that Polipo can be manually added back in as before but was unsupported. I find that with Polipo installed, config;d and running, Torbutton will not let me select the box that would enable Polipo proxy. If I set the proxy manually for Polipo, it does not work either.

How can I get this latest release to run with Socks 4a?

Socks4 is unsafe. Socks4a is safe. Socks5 can be either safe or unsafe, depending on how your application uses it. If your application uses socks5 safely, it is better than socks4a, since the socks5 protocol lets Tor be more precise with its error codes -- so for example you can distinguish between "connection timed out" and "connection refused".

No idea what your problem is with getting polipo working. My first thought is that you didn't configure your polipo using our recommended config file, so it's listening on port 8123 (and not configured to route its traffic through Tor), rather than on port 8118 as Torbutton expects.

Is there a link to the recommended conf file? Just checked, it is running on 8123. Nice rundown on Socks versions. Sounds like those who use included Aurora exclusively are safer than with 4a. Being a power user, 4a still would make good sense for me. Thanks.